64 Complaints Received On UK Cookie Law

← Back to Stories (view on slashdot.org)

64 Complaints Received On UK Cookie Law

Posted by timothy on Tuesday May 29, 2012 @12:23AM from the these-cookies-taste-awful! dept.

judgecorp writes "Privacy watchdog, the Information Commissioner's Office, has already received 64 complaints under the UK's Cookie Law, which requires sites to get permission to track users with cookies. The law only came into effect on Saturday, and many sites do not expect to comply soon. To make life more complicated, the ICO has updated its advice, apparently allowing 'implied consent' instead of actually making a user click a box to give permission for cookies."

86 comments

Min score:

Reason:

Sort:

Implied Consent? by Anonymous Coward · 2012-05-29 00:26 · Score: 4, Insightful

"Implied Consent" is nothing more than a way to skirt responsibility of law. If THEY can do it, then so can we.
1. Re:Implied Consent? by SkunkPussy · 2012-05-29 00:31 · Score: 2
  
  yeah i fucking hate this spam copout where implied consent seems to be accepted. resulting in my receiving 2 mobile spam texts a day recently.
  
  --
  SURELY NOT!!!!!
2. Re:Implied Consent? by Errol+backfiring · 2012-05-29 00:35 · Score: 4, Insightful
  
  "Implied Consent" is the most stupid term I ever read.
  
  --
  Nae king! Nae laird! Nae yurrupiean pressedent! We willna be fooled again!
3. Re:Implied Consent? by SJHillman · 2012-05-29 00:38 · Score: 4, Funny
  
  Your post gives me implied consent to sleep with your sister and your girlfriend.
4. Re:Implied Consent? by Anonymous Coward · 2012-05-29 00:39 · Score: 0
  
  if she dressed sexy and got drunk, there is Implied Consent, officer.
5. Re:Implied Consent? by Anonymous Coward · 2012-05-29 00:40 · Score: 1
  
  I'll use that defense in my rape hearing. I thought drinking 12 beers and passing out on my floor was implied consent.
6. Re:Implied Consent? by digitig · 2012-05-29 00:54 · Score: 1
  
  Read the guidance. The constraints on "implied consent" are pretty stringent: whoever is setting the cookie needs to be able to prove that the user understood in advance that cookies would be set and what that means.
  
  --
  Quidnam Latine loqui modo coepi?
7. Re:Implied Consent? by mrbester · 2012-05-29 01:08 · Score: 1
  
  As a user of websites I know this can happen so they are fine under the law. As a user of my company's website I know this does happen because I'm in the development team so that is fine under the law.
  Oh, you meant some other user? How is a site supposed to know what a random user knows, let alone prove it when there is no definition of "user"?
  
  --
  "Wait. Something's happening. It's opening up! My God, it's full of apricots!"
8. Re:Implied Consent? by Anonymous Coward · 2012-05-29 01:23 · Score: 0
  
  You seem to consist of meaty parts and breakable bones. That's implied consent for beating you up, citizen.
9. Re:Implied Consent? by Xest · 2012-05-29 01:24 · Score: 1
  
  Maybe Gary McKinnon should just switch to this defence.
  "What? Sorry American military, I assumed because you had blank passwords that I had your implied consent I could login? Does this mean I don't have to be extradited"
  Like you say, implied consent is basically a way of saying "You don't actually have to really give a shit about this law".
10. Re:Implied Consent? by Chrisq · 2012-05-29 01:26 · Score: 3, Insightful
  
  Your post gives me implied consent to sleep with your sister and your girlfriend.
  I can see rapists having a tattoo on their chest "reading this message grants me implied consent... "
11. Re:Implied Consent? by Anonymous Coward · 2012-05-29 01:50 · Score: 0
  
  like "war on terror"? :)
12. Re:Implied Consent? by Anonymous Coward · 2012-05-29 01:58 · Score: 0
  
  When you enter a restaurant and place an order, you give the implied consent to exchange money for goods and services.
13. Re:Implied Consent? by HanktheTankCDN · 2012-05-29 02:11 · Score: 1
  
  Its stupid in this case but smart when dealing with medical emergencies. If you are unconscious, implied consent gives someone there to help you the consent to save your life by giving you CPR. "Important in this case implied consent is." (Return of the Jedi)
  
  --
  Really - that's your defense?
14. Re:Implied Consent? by Rogerborg · 2012-05-29 02:38 · Score: 2, Funny
  
  Your post gives me implied consent to sleep with your sister and your girlfriend.
  How did you know he was from Cornwall? Are you tracking him?
  
  --
  If you were blocking sigs, you wouldn't have to read this.
15. Re:Implied Consent? by Rogerborg · 2012-05-29 02:40 · Score: 1
  
  You say "need to" as though it has any meaning in the context of the ICO's toothless barking.
  If the tentacle of the State charged with enforcing a law obviously doesn't really give a damn about it, why would anyone else?
  
  --
  If you were blocking sigs, you wouldn't have to read this.
16. Re:Implied Consent? by TFAFalcon · 2012-05-29 02:46 · Score: 1
  
  No you don't. You do then when you ORDER your food. Or do you consider it OK for them to bring you a glass of water and charge you 100$ for it as soon as you sit down?
17. Re:Implied Consent? by TFAFalcon · 2012-05-29 02:48 · Score: 1
  
  If the site does not know the user consents, it should ASK him. Isn't this what this law is all about?
18. Re:Implied Consent? by tepples · 2012-05-29 02:57 · Score: 1
  
  whoever is setting the cookie needs to be able to prove that the user understood in advance that cookies would be set and what that means.
  But when someone logs into a site with a username and password, can't it be assumed that a reasonable person would understand that logging in bakes cookies?
19. Re:Implied Consent? by TangoMargarine · 2012-05-29 06:46 · Score: 1
  
  When you enter a restaurant and place an order
  
  No you don't. You do then when you ORDER your food.
  Really? Let's read more slowly before we flame.
  
  --
  Unity? Screw that: XFCE. Slashdot Beta? Screw that: SoylentNews. Australis? Screw that: Pale Moon. UX developers DIAF
20. Re:Implied Consent? by 1s44c · 2012-05-29 21:41 · Score: 1
  
  When you enter a restaurant and place an order
  
  No you don't. You do then when you ORDER your food.
  Really? Let's read more slowly before we flame.
  Entering the restaurant has nothing to do with it. Placing the order is the important bit.
21. Re:Implied Consent? by Errol+backfiring · 2012-05-30 00:52 · Score: 1
  
  Not really. That is "medical necessity". As my consent cannot be asked in such a case, an emergency decision is made. That is not my consent, not even implied, but I am probably very glad afterwards.
  
  --
  Nae king! Nae laird! Nae yurrupiean pressedent! We willna be fooled again!
22. Re:Implied Consent? by Anonymous Coward · 2012-05-30 13:00 · Score: 0
  
  A recent case in Australia of a guy who 'raped' his wife 50 years ago when they were married tried using the 'implied consent' thing, saying in his day a woman wasn't allowed to deny her husband sex. He tried to have the case dismissed, but the judges are allowing the case to proceed.
23. Re:Implied Consent? by vsync64 · 2012-06-01 07:41 · Score: 1
  It's a term of art[1].
  
  term of art
  --
  TO BUY A NEW CAR WOULD MAKE YOU SEXUALLY ATTRACTIVE.
24. Re:Implied Consent? by TangoMargarine · 2012-06-01 16:12 · Score: 1
  
  If we're talking a sit-down restaurant (I wouldn't personally call fast food a "restaurant"), you kind of have to be inside to place an order. Even if you could order over the phone, you still have to physically enter the place. So yes, entering the restaurant AND placing an order are important.
  
  --
  Unity? Screw that: XFCE. Slashdot Beta? Screw that: SoylentNews. Australis? Screw that: Pale Moon. UX developers DIAF
25. Re:Implied Consent? by digitig · 2012-06-01 22:46 · Score: 1
  
  whoever is setting the cookie needs to be able to prove that the user understood in advance that cookies would be set and what that means.
  But when someone logs into a site with a username and password, can't it be assumed that a reasonable person would understand that logging in bakes cookies?
  No. It can be assumed that a knowledgeable person would understand that, but I doubt most web users, however reasonable, would know that. Anyway, my concern is over analytics, which doesn't require the site user to log in.
  
  --
  Quidnam Latine loqui modo coepi?
Hey look by Anonymous Coward · 2012-05-29 00:30 · Score: 1

A power of 2!
Counter by SJHillman · 2012-05-29 00:37 · Score: 2

They've actually received several million complaints, but only had a 6 bit counter.
1. Re:Counter by MyLongNickName · 2012-05-29 00:42 · Score: 1
  
  Nice try, but that would only allow for 63.
  
  --
  See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
2. Re:Counter by Zandamesh · 2012-05-29 00:46 · Score: 2
  
  no, if indexes go from 0 to 63, and it allows 64 elements :->
  
  --
  Lo and behold, for I am a sig!
3. Re:Counter by game+kid · 2012-05-29 00:49 · Score: 1
  
  The counter is 1-based and clamps higher amounts to 64. The guy who made the counter figured the law would get some complaint at some point (because party politics), and was inspired by the "Retweeted" counter below Twitter posts that clamps at 100 (the pay didn't motivate him enough to go that high).
  
  --
  You can hold down the "B" button for continuous firing.
4. Re:Counter by Anonymous Coward · 2012-05-29 00:50 · Score: 1
  
  You're forgetting the implied complaint numbered 0.
5. Re:Counter by MyLongNickName · 2012-05-29 00:53 · Score: 1
  
  64 elements is not the same as tracking 0 to 64 complaints.
  
  --
  See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
6. Re:Counter by SJHillman · 2012-05-29 00:59 · Score: 1
  
  But 64 complaints is the same as a counter going from 0 to 63. To make it human readable, you'd just add 1 to the value of the counter.
7. Re:Counter by Zandamesh · 2012-05-29 01:02 · Score: 1
  
  If you have an array of ints:
  int[] numberList = { 1, 2, 3, 4 }
  and someone asks you, how many ints are in this array? Do you say 3 or 4?
  
  --
  Lo and behold, for I am a sig!
8. Re:Counter by Anonymous Coward · 2012-05-29 01:02 · Score: 1
  
  Ummmmm. no. If you are cheating by assuming that all bits '0' means 1 complaint, then how do you store the 0 complaint starting state?
9. Re:Counter by MyLongNickName · 2012-05-29 01:09 · Score: 1
  
  I say: "64 elements is not the same as tracking 0 to 64 complaints"
  You say: "and someone asks you, how many ints are in this array? Do you say 3 or 4?"
  You didn't add anything new to the conversation. I already said there are 64 elements. However, 64 elements is not the same as being able to track up 64 complaints. You must start with the initial condition of zero complaints, meaning you can track 0 to 63 complaints with a six bit number.
  
  --
  See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
10. Re:Counter by Zandamesh · 2012-05-29 01:13 · Score: 1
  
  ah I get it. I was thinking of an array of 64 elements, where each element is a Complaint class, while you were thinking of a simple counter.
  
  --
  Lo and behold, for I am a sig!
11. Re:Counter by MyLongNickName · 2012-05-29 01:16 · Score: 1
  
  Yeah, the OP said counter, so I went with that. After my last post I started thinking more about it and figured you were going with some type of class or database record. It is amazing how frequently communications breakdowns happen on simple things. Enjoy the rest of your day :)
  
  --
  See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
12. Re:Counter by TapeCutter · 2012-05-29 01:25 · Score: 1
  
  Zero complaints = empty array
  Complaint #1 = array[0]
  ......
  Complaint #64 = array[63].
  
  --
  And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
13. Re:Counter by Shrike82 · 2012-05-29 01:26 · Score: 2
  
  Seriously guys, how many times do I have to say this. This is simply not the right way to settle an argument online.
  
  You two made the elementary errors of trying to compromise, offering each other a chance to explain your positions, listening to one another, caring about a misunderstanding and finally added insult to injury by wishing him a nice day. For shame.
  
  This should have proceeded immediately to name calling, threats to burn each others' houses down, childish and grammatically incorrect insults and finished with one of you vowing to leave the site and never return. I expect better of you both next time.
  
  --
  You can advertise in this sig from as little as £99.99 a month!
14. Re:Counter by Chrisq · 2012-05-29 01:27 · Score: 1
  
  Ummmmm. no. If you are cheating by assuming that all bits '0' means 1 complaint, then how do you store the 0 complaint starting state?
  Real C programmers would say that starting at 1 is cheating.
15. Re:Counter by txgunslinger · 2012-05-29 01:33 · Score: 1
  
  There was no 0 complaint state. I complained before it became law.
16. Re:Counter by fatphil · 2012-05-29 01:51 · Score: 1
  
  The arithmetic is saturating and the overflow flag is set.
  
  --
  Also FatPhil on SoylentNews, id 863
17. Re:Counter by TFAFalcon · 2012-05-29 02:50 · Score: 1
  
  Null pointer for the counter until a complaint is registered.
18. Re:Counter by Anonymous Coward · 2012-05-29 04:47 · Score: 0
  
  If there's no complaints then why store anything yet?
19. Re:Counter by Anonymous Coward · 2012-05-29 06:08 · Score: 0
  
  int current_complaint = 0; bool add_complaint(complaint *c) { if(current_complaint == 63) return false; complaints[current_complaint++] = c; return true; }
20. Re:Counter by TangoMargarine · 2012-05-29 06:48 · Score: 1
  
  Vertex, vertices, matrix, matrices...index, indices?
  
  --
  Unity? Screw that: XFCE. Slashdot Beta? Screw that: SoylentNews. Australis? Screw that: Pale Moon. UX developers DIAF
21. Re:Counter by Anonymous Coward · 2012-05-29 07:00 · Score: 0
  
  Yep.
  And mice is plural of mex.
This law is a good thing! by ArsenneLupin · 2012-05-29 00:49 · Score: 1

When can we have the same for needless javascript? And for flash?
1. Re:This law is a good thing! by monkeyhybrid · 2012-06-08 01:15 · Score: 1
  
  Javascript and Flash can easily be disabled via your browser's settings, just as cookies can, which makes this law kind of pointless. If you browser doesn't have 'per site' settings for this, there's more than likely an extension to provide that capability.
  All this legislation does is force EU organisations (so no effect on anything outside of EU) to replicate the aforementioned browser cookie blocking functionality but using a method of trust instead of an explicit user setting tightly under a user's control. If users have privacy concerns regarding use of cookies, the only sane way to handle that is for users to take control themselves by disabling use of cookies in their browser settings and then whitelisting sites on a per site basis. We've had that capability since the introduction of cookies.
  The EU could handle this situation much better by organising an information campaign to inform it's citizens of how to handle cookies themselves. At least then the users who want to take action can do so properly with the added benefit of applying to all sites globally, not just those trustworthy enough in the EU to bother conforming.
2. Re:This law is a good thing! by ArsenneLupin · 2012-06-08 01:29 · Score: 1
  
  Javascript and Flash can easily be disabled via your browser's settings, just as cookies can, which makes this law kind of pointless.
  ... and some sites are actually quite good at annoying people who do just that. One trick is to set up a meta http-equiv redirect to a nag page which kicks in if there is no javascript. Or the main content block's display property to none in CSS, and set to something sensible by javascript. Or same idea but with opacity: 0. Or links that point back to page itself (<a href="#"> ) rather than to the subpage they are supposed to point to. Fortunately, sites doing such nonsense are a minority, but they do exist.
  Back when Flash was the rage, one popular annoyance was flash intros which couldn't be skipped. So, if you had flash disabled, you were stuck on an empty page without a link to move on
  Having a law against needless javascript or flash would also stop such shenanigans.
  
  All this legislation does is force EU organisations (so no effect on anything outside of EU) to replicate the aforementioned browser cookie blocking functionality but using a method of trust instead of an explicit user setting tightly under a user's control.
  No, it also forces organizations not to put any shenanigans into their pages which are meant to annoy users who prefer to surf without cookies, javascript or flash.
  
  If users have privacy concerns regarding use of cookies, the only sane way to handle that is for users to take control themselves by disabling use of cookies in their browser settings and then whitelisting sites on a per site basis. We've had that capability since the introduction of cookies.
  Then you have problems with sites that detect the absence of cookies, and redirect you to a nag page if you don't have any.
3. Re:This law is a good thing! by monkeyhybrid · 2012-06-08 01:54 · Score: 1
  
  What you say is true, there are certainly sites out there that really want to get round any measures a user puts in place to block certain behaviour, but if a site is doing stuff like that, would you really trust them to conform with legislation anyway? From my personal experience, the types of sites that exhibit this kind of behaviour are typically not high on my trust list.
  And even if the legal repercussions of not conforming were enough to ensure these sites do conform, then why not just have legislation that requires sites respect a user's browser settings without undue hindrance, rather than requiring a site manually request user permission?
  The fact that this legislation relies on trust, only applies to a subset of the internet, and is going to be ridiculously hard to police, makes me think it will achieve very little apart from annoying a lot of users and providing a false sense of privacy.
4. Re:This law is a good thing! by ArsenneLupin · 2012-06-08 02:32 · Score: 1
  
  What you say is true, there are certainly sites out there that really want to get round any measures a user puts in place to block certain behaviour, but if a site is doing stuff like that, would you really trust them to conform with legislation anyway?
  If legislation is in place, and a site blatantly misbehaves in such a way, this is actionable. At least the bigger sites (such as facebook) would have to comply.
  
  From my personal experience, the types of sites that exhibit this kind of behaviour are typically not high on my trust list.
  But sometimes, it may be a site whose service you absolutely need, such as directory look up... we have the case here in Luxembourg where one directory lookup service pulls such a shenanigan. Fortunately, theyre is a competitor. But what if the competitor starts behaving in the same way?
  And ironically enough, luxtrust.lu, the national Luxembourgish certification agency, pulls the opacity: 0 stunt... an entity that we have to trust...
  Very often though, such things happen due to contractors. Organization contracts out webdesign to a third party firm, which cares more about looks and their own ego than about functionality or their customer's mission, and then such mishaps happen. And when the customer's users bring this to their attention, the contract and warranty period with web design company has run out, and their is no budget planned to fix the mess, so it stays like that for ages...
Click here by Anonymous Coward · 2012-05-29 00:52 · Score: 2, Funny

to see this fabulous girl naked. And to accept cookies from our 100 affiliate analytics firms
Implied, eh? by Anonymous Coward · 2012-05-29 00:56 · Score: 0

presumably there is Implied Consent to pay me £lots for the rights to my personal data for commercial use
Here's hoping... by digitig · 2012-05-29 00:56 · Score: 1

With any luck all 64 complaints will be against government sites.

--
Quidnam Latine loqui modo coepi?
Stupid and impossible law by ewanm89 · 2012-05-29 00:59 · Score: 3, Insightful

How does one opt out of cookies without using a cookie to remember it?
1. Re:Stupid and impossible law by ArsenneLupin · 2012-05-29 01:08 · Score: 3, Informative
  
  How does one opt out of cookies without using a cookie to remember it?
  Using Etags...
2. Re:Stupid and impossible law by Anonymous Coward · 2012-05-29 01:09 · Score: 0
  
  That's a stupid argument. You may not be able to tell the difference between continuous tracking cookies, and a do not track cookie, but they lawmakers can. Sophism is strong in you, but fortunately, the lawmakers know better, and that's scary.
3. Re:Stupid and impossible law by Zocalo · 2012-05-29 01:26 · Score: 5, Interesting
  This isn't about banning cookies, it's about banning user tracking without consent - which includes far more than cookies; browser fingerprints being the main candidate, so the correct intent is there. For a start, it's perfectly OK within the law to set a cookie that tells the site to not track that user, which I suspect will form the bulk of the (incorrect) complaints received by the ICO, but you can't use that cookie to track the user across your site, or any affiliate sites.
  
  The problem with this legislation isn't the intent, it's the complete lack of clarity coming from the ICO who are responsible for its adminstration and enforcement. The law essentially boils down to "do not track your users without their consent", which the ICO has then muddied the waters over by making some vague remarks about implied consent being OK without explaining exactly what they mean. There is a great deal of confusion over whether the request to opt-in/out needs to be overt (i.e. a click-through or banner), whether or not you can set a "do not track" cookie (you can), and so on.
  
  It's not being helped by some totally lame implementations of the consent request, most probably due to lack of clarity from the ICO about what can and can't be done, in the cases of users with cookies and/or JavaScript disabled for a site. A frequent occurance in this case seems to be that such users either have to go through the consent request every visit or have a consent banner permanantly displayed on the screen. Both these problems could (and I'll emphasis that "could") go away quite simply if the ICO were to state that:
  
  If using a script to prompt for consent and if that script is blocked then default to "do not track"
  It's OK to try and set a cookie, read it back and if that fails assume cookies are blocked by the user and implied consent = "do not track", otherwise prompt the user for consent and act accordingly.
  But all that assumes that the websites are going to act in the best interests of their users over the best interests of their bottom line; in many cases sites will be dependant on the revenue they can raise from their users, and a tracked user is going to be better targetted with ads, and thus more likely to click through, than one that is not. The more inconvenient it is for users to opt out of tracking, the more likely we are going to see those sites taking that track. Kudos on that front to the BBC who have a well thought out and graded set of cookie policies you can opt into ranging from "necessary", through "functionality" and "performance", to "behavioural advertising".
  --
  UNIX? They're not even circumcised! Savages!
4. Re:Stupid and impossible law by AmiMoJo · 2012-05-29 01:30 · Score: 2
  
  You don't, you opt-in.
  This law is actually very sensible. There are exemptions for non-tracking cookies, stuff like session tokens used by online shops or banks, misc preferences and so forth. Cookies just primarily to track and target advertising at you need permission and the site has to allow you to opt-in.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
5. Re:Stupid and impossible law by Anonymous Coward · 2012-05-29 01:36 · Score: 0
  
  Turn them off in your browser preferences, or install Cookiemonster in Firefox if you want more fine-grained control.
  The method The Register opted for was telling you they use cookies and giving you the option to either agree to them or if you didn't and carried on using their site they would assume you had agreed to them, this was presented to the reader through a bar overlaid on the bottom of the visible page which is hard to miss.
6. Re:Stupid and impossible law by Alain+Williams · 2012-05-29 02:29 · Score: 1
  
  This law is actually very sensible. There are exemptions for non-tracking cookies, stuff like session tokens used by online shops or banks, misc preferences and so forth.
  That is the whole point: there is not an exemption for session cookies -- only an exemption where they are strictly necessary -- which is a very high standard, also the legislation does not distinguish between a site specific session cookie and a 3rd party cross site cookie. This is what is stupid about it.
  See: cookies_guidance_v3 page 12:
  
  Where the setting of a cookie is deemed 'important' rather than 'strictly necessary', those collecting the information are still obliged to provide information about the device to the potential service recipient and obtain consent.
  Note the v3, they keep on tweaking what they expect people to do.
7. Re:Stupid and impossible law by fatphil · 2012-05-29 02:32 · Score: 1
  
  Firstly - if they recognise me - they are tracking me. I don't care if you call it a "session token" or whatever, it's simply a mechanism for tracking me, nothing more.
  
  --
  Also FatPhil on SoylentNews, id 863
8. Re:Stupid and impossible law by grahamm · 2012-05-29 03:30 · Score: 1
  
  How does one opt out of cookies without using a cookie to remember it?
  By not storing a cookie. If you visit the site and do not opt out, it will send you cookies including one which indicates that you did not opt out of receiving cookies. Then on subsequent visits, if this cookie is presented then the site knows that you did not opt out and can continue to send/update cookies. It, however, mean that you will also have to opt out again on every subsequent visit to the site.
9. Re:Stupid and impossible law by Anonymous Coward · 2012-05-29 04:50 · Score: 0
  
  How do people not understand this?
  If you don't accept the cookies, then the site can't remember and you get asked every damn time.
  That doesn't require any cookies to be set.
10. Re:Stupid and impossible law by Blakey+Rat · 2012-05-29 05:28 · Score: 1
  
  It's worth noting that even the BBC's implementation may not be in compliance with the law. Although it's kind of hard to say, since nobody knows what the hell compliance even looks like at this point--
  what's that? The law's already taken effect and nobody knows how to comply with it? Tough crap, you get a complaint.
  Ridiculous.
  
  --
  Comment of the year
11. Re:Stupid and impossible law by Anonymous Coward · 2012-05-29 08:17 · Score: 0
  
  This isn't about banning cookies, it's about banning user tracking without consent - which includes far more than cookies; browser fingerprints being the main candidate, so the correct intent is there.
  
  The law specifies that you can't store data on a "users' terminal" - so it doesn't cover fingerprints
12. Re:Stupid and impossible law by Terrasque · 2012-05-29 11:16 · Score: 2
  
  I really like the EU "law" / guide that the UK law was made from (found here).
  Let me quote part 25 (with some added emphasis):
  
  However, such devices, for instance so-called "cookies", can be a legitimate and useful tool, for example, in analysing the effectiveness of website design and advertising, and in verifying the identity of users engaged in on-line transactions.
  Where such devices, for instance cookies, are intended for a legitimate purpose, such as to facilitate the provision of information society services, their use should be allowed on condition that users are provided with clear and precise information in accordance with Directive 95/46/EC about the purposes of cookies or similar devices so as to ensure that users are made aware of information being placed on the terminal equipment they are using.
  Users should have the opportunity to refuse to have a cookie or similar device stored on their terminal equipment. This is particularly important where users other than the original user have access to the terminal equipment and thereby to any data containing privacy-sensitive information stored on such equipment.
  Information and the right to refuse may be offered once for the use of various devices to be installed on the user's terminal equipment during the same connection and also covering any further use that may be made of those devices during subsequent connections.
  The methods for giving information, offering a right to refuse or requesting consent should be made as user-friendly as possible. Access to specific website content may still be made conditional on the well-informed acceptance of a cookie or similar device, if it is used for a legitimate purpose.
  So if they refuse to have a cookie or similar device stored on their device, we need to know that the user opted out for that and following connections. Since it's a legitimate purpose, we can store that information. But only if the user does not opt out to storing that information, which .. he already has .. What is this I don't even .. Are those fuckers completely clueless to basic logic?
  
  --
  It's The Golden Rule: "He who has the gold makes the rules."
13. Re:Stupid and impossible law by isorox · 2012-05-30 07:35 · Score: 1
  This isn't about banning cookies, it's about banning user tracking without consent - which includes far more than cookies; browser fingerprints being the main candidate, so the correct intent is there. For a start, it's perfectly OK within the law to set a cookie that tells the site to not track that user, which I suspect will form the bulk of the (incorrect) complaints received by the ICO, but you can't use that cookie to track the user across your site, or any affiliate sites.
  So would a temporary session cookie, often set without the programmers knowledge, be ok?
  How about a cookie which is used to remember you've done an action, but not track you. E.G. "color=red" and "color=blue".
  The problem with this legislation isn't the intent, it's the complete lack of clarity coming from the ICO who are responsible for its adminstration and enforcement. The law essentially boils down to "do not track your users without their consent", which the ICO has then muddied the waters over by making some vague remarks about implied consent being OK without explaining exactly what they mean. There is a great deal of confusion over whether the request to opt-in/out needs to be overt (i.e. a click-through or banner), whether or not you can set a "do not track" cookie (you can), and so on.
  It's not being helped by some totally lame implementations of the consent request, most probably due to lack of clarity from the ICO about what can and can't be done, in the cases of users with cookies and/or JavaScript disabled for a site. A frequent occurance in this case seems to be that such users either have to go through the consent request every visit or have a consent banner permanantly displayed on the screen. Both these problems could (and I'll emphasis that "could") go away quite simply if the ICO were to state that:
  If using a script to prompt for consent and if that script is blocked then default to "do not track"
  It's OK to try and set a cookie, read it back and if that fails assume cookies are blocked by the user and implied consent = "do not track", otherwise prompt the user for consent and act accordingly.
  But all that assumes that the websites are going to act in the best interests of their users over the best interests of their bottom line; in many cases sites will be dependant on the revenue they can raise from their users, and a tracked user is going to be better targetted with ads, and thus more likely to click through, than one that is not. The more inconvenient it is for users to opt out of tracking, the more likely we are going to see those sites taking that track. Kudos on that front to the BBC who have a well thought out and graded set of cookie policies you can opt into ranging from "necessary", through "functionality" and "performance", to "behavioural advertising".
14. Re:Stupid and impossible law by isorox · 2012-05-30 07:36 · Score: 1
  
  Bugger, forgot to snip the rest of the quote.
complaints were probably from web developers by Anonymous Coward · 2012-05-29 01:11 · Score: 0

The complaints were probably from web developers trying to get more work from their existing clients.
Whoopsie by jholyhead · 2012-05-29 01:40 · Score: 2

I bet all 64 complaints were made by web developers against the .gov.uk sites that are non compliant.
Notice Designed Not to be Seen by JimMcc · 2012-05-29 02:59 · Score: 2

I just visited a link on the dailyrecord.co.uk and received some kind of cookie notice. The notice appeared as a pop up in the bottom right corner (the last place an english speaker will scan to) with text in pale grey. The notice was clearly designed to be difficult to notice. Even though I saw it pop up right away, I didn't have a chance to read the text or see which link to use to opt out before the notice disappeared. It was clear from the first sentence that if I did nothing I was consenting to be tracked.
I guess the law, which clearly had good intentions, has been eviscerated so that now the websites can just briefly display a hard to notice blob of text, remove it before you have a chance to read it, and continue tracking you with impunity.
1. Re:Notice Designed Not to be Seen by NoName+Studios · 2012-05-29 05:30 · Score: 1
  
  The page that box links to is missing as well.
  http://www.dailyrecord.co.uk/cookies/
2. Re:Notice Designed Not to be Seen by Anonymous Coward · 2012-05-29 15:43 · Score: 0
  
  Dr Dre Beats He is also single, has had no full time job, and still lives at home with his mother. Not because he wants to, mind you, albeit she and he get along quite well. Rather, Martin has Asperger's, a rather serious case, and on a severity scale from one to ten I would say Martin would rate a nine. On a good day. The thing is, a lot of people with Asperger's somehow manage to have normal lives. Geeky in places, yes, but otherwise normal in the eyes of the world. So why has Martin, with his high IQ, struggled more than most? I have asked myself this question about Martin time and time again. It took me three years to find an answer I could live with. For many years, Martin's mother had been asking herself this same question, each time Martin had a meltdown. At age three or four, the meltdowns were hard to endure. At thirty-six, they were beyond hard. They were almost unbearable. Martin himself had frequently asked me this question as well, each time he spiraled into hopeless which in the first two years was often. And when he would ask me By Dr Dre.
3. Re:Notice Designed Not to be Seen by Anonymous Coward · 2012-05-30 06:11 · Score: 0
  
  Following your warning to be quick off the mark, I clicked on the link in the pop-up - to be sent a 404:
  "404 Error Message: Page Not Found on www.dailyrecord.co.uk
  Unfortunately, the page you were trying to retrieve does not exist on www.dailyrecord.co.uk.
  The Most Common Mistakes In Accessing Our Pages Are:
  1.Making the URL end in .htm - all of our pages end in .html so put an l at the end.
  2.You followed a broken or out-of-date link. If so tell us about it here.
  3.The file no longer exists.
  We Advise You:
  1.Go to our sitemap.
  2.Simply start again at our homepage.
  3.Or search for the article above."
Frivolous cookie problem by Misagon · 2012-05-29 03:25 · Score: 1

I think that the biggest problem is that sites set too many cookies. It can get difficult to distinguish one type of cookie from another.
Browsers have a cookie setting for "Ask me every time", which is practically useless as most of your time web browsing gets spent at clicking the popup dialogue.
One example where no cookie needs to be set at default, is on a web site's front page. The user should then be able to give implicit consent to a cookie by clicking on a link inside the site. Not setting a cookie by default on the front page does not imply that the site would not be able to read (and renew) a cookie on the front page that has previously been set.

--
"We mustn't be caught by surprise by our own advancing technology" -- Aldous Huxley
1. Re:Frivolous cookie problem by laffer1 · 2012-05-29 04:05 · Score: 1
  
  Some sites have a login on the front page. It might be an ajax call. Your front page rule doesn't make sense in all cases.
  Plus, I don't think banning session cookies on a site is necessarily a good thing. Sometimes they're used to track users, other times, it's just convenience by the web app framework and not used for anything but managing logins, shopping carts or similar. Intent matters and this law does not take that into account. It has exactly one exception for a shopping cart.
  
  --
  MidnightBSD: The BSD for Everyone
Implied consent by orkysoft · 2012-05-29 03:43 · Score: 1

So, if your browser is configured to keep cookies, does that imply consent to place cookies?
If you configure your browser to disallow cookies from certain sites, you're denying consent, and it doesn't even require the sites to be changed at all.
So, why does this law exist again? It looks -1, Redundant to me.

--

I suffer from attention surplus disorder.
Biscuit Law by Anonymous Coward · 2012-05-29 08:24 · Score: 0

You mean UK Biscuit Law, they call them biscuits over there.
They should mandate at least two biscuits per person with tea.
good by Anonymous Coward · 2012-05-29 15:34 · Score: 0

Dr Dre Beats Self help for depression techniques teaches you how to overcome depression in your own time and in your own way. It teaches you not only how to become free but also how to stay free. That is very important. Many people today get temporarily relief from depression but not many of those actually stay free from depression. Depression can be defeated once and for all. It is possible to stay free. You must just know how. Do not allow this disease to steal your life. Claim your life back. It is your life. You have been created to live life to the fullest. You have been created to experience joy, inner peace and enduring love. Depression wants to steal all that. Do not allow it to steal from you any longer. Research self help for depression techniques and get to work with techniques that has proven itself to be trustworthy. Your life is counted as great worth and your purpose in this world must be fulfilled in order for this world to be a richer place.
Autism And Asperger's Fear Monster # 2 - Will My Child Ever Be Normal? Martin is a handsome thirty six year old man with a masters degree in history By Dr Dre.
Similar law exist in Sweden by the_arrow · 2012-05-29 18:46 · Score: 1
There is a similar law in Sweden, but instead of saying that the user have to permit cookies, the Swedish law just states that users have to be informed about them:
- That cookies are used
- What they are used for, in general and on the site
- How to disable cookies
--
/ The Arrow
"How lovely you are. So lovely in my straightjacket..." - Nny
The effects of lobbying by Egor_but_no_hunch · 2012-05-29 23:50 · Score: 2

The law was causing havoc for retailers and given that there was no clear guidance on how to handle this, we have a host of implementations, from the BBC which embodies the spirit of the law as it was originally written, to the Financial Times and BT which are using weasel ways (bottom of page, fades out straight away), to Google (which has essentially ignored the guidance).
The ICO, faced with overwhelming discontent from large retailers and retail associations, caved and has essentially ensured the status quo. By allowing implied consent, you can essentially pretend the law does not exist, and the minimum amount of work for a retailer is to include a page buried in the site map, telling you how to turn off cookies entirely in IE.
The law as it was written is actually the problem here. The intention of the law was to restrict the harvesting of user data, be it for behavioural advertising, or for more nefarious reasons.
However, the law was written far too broadly (surprise, surprise), and covered every method a site has of interacting with a browser, which lead to massive confusion about how to handle session cookies, shopping carts, etc.
If the ICO wants to do this properly, amend the law so that it covers the original intentions of stopping third party cookies tracking people round the internet, clarify that first party cookies are fine for handling website functionality[1], and then use their powers to punish the people who break the rules.
[1] Yes, I know there is a way of still using first party cookies as a third party operator and continue to happily track people, but that would fall under "breaking the rules" and get slapped...
Full Disclosure : I worked on our implementation of this law as an integrator for many large multinational retailers.