Slashdot Mirror

← Back to Stories (view on slashdot.org)

64 Complaints Received On UK Cookie Law

Posted by timothy on from the these-cookies-taste-awful! dept.

judgecorp writes "Privacy watchdog, the Information Commissioner's Office, has already received 64 complaints under the UK's Cookie Law, which requires sites to get permission to track users with cookies. The law only came into effect on Saturday, and many sites do not expect to comply soon. To make life more complicated, the ICO has updated its advice, apparently allowing 'implied consent' instead of actually making a user click a box to give permission for cookies."

18 of 86 comments (clear)

  1. Implied Consent? by Anonymous Coward · · Score: 4, Insightful

    "Implied Consent" is nothing more than a way to skirt responsibility of law. If THEY can do it, then so can we.

    1. Re:Implied Consent? by SkunkPussy · · Score: 2

      yeah i fucking hate this spam copout where implied consent seems to be accepted. resulting in my receiving 2 mobile spam texts a day recently.

      --
      SURELY NOT!!!!!
    2. Re:Implied Consent? by Errol+backfiring · · Score: 4, Insightful

      "Implied Consent" is the most stupid term I ever read.

      --
      Nae king! Nae laird! Nae yurrupiean pressedent! We willna be fooled again!
    3. Re:Implied Consent? by SJHillman · · Score: 4, Funny

      Your post gives me implied consent to sleep with your sister and your girlfriend.

    4. Re:Implied Consent? by Chrisq · · Score: 3, Insightful

      Your post gives me implied consent to sleep with your sister and your girlfriend.

      I can see rapists having a tattoo on their chest "reading this message grants me implied consent... "

    5. Re:Implied Consent? by Rogerborg · · Score: 2, Funny

      Your post gives me implied consent to sleep with your sister and your girlfriend.

      How did you know he was from Cornwall? Are you tracking him?

      --
      If you were blocking sigs, you wouldn't have to read this.
  2. Counter by SJHillman · · Score: 2

    They've actually received several million complaints, but only had a 6 bit counter.

    1. Re:Counter by Zandamesh · · Score: 2

      no, if indexes go from 0 to 63, and it allows 64 elements :->

      --
      Lo and behold, for I am a sig!
    2. Re:Counter by Shrike82 · · Score: 2

      Seriously guys, how many times do I have to say this. This is simply not the right way to settle an argument online.

      You two made the elementary errors of trying to compromise, offering each other a chance to explain your positions, listening to one another, caring about a misunderstanding and finally added insult to injury by wishing him a nice day. For shame.

      This should have proceeded immediately to name calling, threats to burn each others' houses down, childish and grammatically incorrect insults and finished with one of you vowing to leave the site and never return. I expect better of you both next time.

      --
      You can advertise in this sig from as little as £99.99 a month!
  3. Click here by Anonymous Coward · · Score: 2, Funny

    to see this fabulous girl naked. And to accept cookies from our 100 affiliate analytics firms

  4. Stupid and impossible law by ewanm89 · · Score: 3, Insightful

    How does one opt out of cookies without using a cookie to remember it?

    1. Re:Stupid and impossible law by ArsenneLupin · · Score: 3, Informative

      How does one opt out of cookies without using a cookie to remember it?

      Using Etags...

    2. Re:Stupid and impossible law by Zocalo · · Score: 5, Interesting
      This isn't about banning cookies, it's about banning user tracking without consent - which includes far more than cookies; browser fingerprints being the main candidate, so the correct intent is there. For a start, it's perfectly OK within the law to set a cookie that tells the site to not track that user, which I suspect will form the bulk of the (incorrect) complaints received by the ICO, but you can't use that cookie to track the user across your site, or any affiliate sites.

      The problem with this legislation isn't the intent, it's the complete lack of clarity coming from the ICO who are responsible for its adminstration and enforcement. The law essentially boils down to "do not track your users without their consent", which the ICO has then muddied the waters over by making some vague remarks about implied consent being OK without explaining exactly what they mean. There is a great deal of confusion over whether the request to opt-in/out needs to be overt (i.e. a click-through or banner), whether or not you can set a "do not track" cookie (you can), and so on.

      It's not being helped by some totally lame implementations of the consent request, most probably due to lack of clarity from the ICO about what can and can't be done, in the cases of users with cookies and/or JavaScript disabled for a site. A frequent occurance in this case seems to be that such users either have to go through the consent request every visit or have a consent banner permanantly displayed on the screen. Both these problems could (and I'll emphasis that "could") go away quite simply if the ICO were to state that:
      1. If using a script to prompt for consent and if that script is blocked then default to "do not track"
      2. It's OK to try and set a cookie, read it back and if that fails assume cookies are blocked by the user and implied consent = "do not track", otherwise prompt the user for consent and act accordingly.

      But all that assumes that the websites are going to act in the best interests of their users over the best interests of their bottom line; in many cases sites will be dependant on the revenue they can raise from their users, and a tracked user is going to be better targetted with ads, and thus more likely to click through, than one that is not. The more inconvenient it is for users to opt out of tracking, the more likely we are going to see those sites taking that track. Kudos on that front to the BBC who have a well thought out and graded set of cookie policies you can opt into ranging from "necessary", through "functionality" and "performance", to "behavioural advertising".

      --
      UNIX? They're not even circumcised! Savages!
    3. Re:Stupid and impossible law by AmiMoJo · · Score: 2

      You don't, you opt-in.

      This law is actually very sensible. There are exemptions for non-tracking cookies, stuff like session tokens used by online shops or banks, misc preferences and so forth. Cookies just primarily to track and target advertising at you need permission and the site has to allow you to opt-in.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    4. Re:Stupid and impossible law by Terrasque · · Score: 2

      I really like the EU "law" / guide that the UK law was made from (found here).

      Let me quote part 25 (with some added emphasis):

      However, such devices, for instance so-called "cookies", can be a legitimate and useful tool, for example, in analysing the effectiveness of website design and advertising, and in verifying the identity of users engaged in on-line transactions.

      Where such devices, for instance cookies, are intended for a legitimate purpose, such as to facilitate the provision of information society services, their use should be allowed on condition that users are provided with clear and precise information in accordance with Directive 95/46/EC about the purposes of cookies or similar devices so as to ensure that users are made aware of information being placed on the terminal equipment they are using.

      Users should have the opportunity to refuse to have a cookie or similar device stored on their terminal equipment. This is particularly important where users other than the original user have access to the terminal equipment and thereby to any data containing privacy-sensitive information stored on such equipment.

      Information and the right to refuse may be offered once for the use of various devices to be installed on the user's terminal equipment during the same connection and also covering any further use that may be made of those devices during subsequent connections.

      The methods for giving information, offering a right to refuse or requesting consent should be made as user-friendly as possible. Access to specific website content may still be made conditional on the well-informed acceptance of a cookie or similar device, if it is used for a legitimate purpose.

      So if they refuse to have a cookie or similar device stored on their device, we need to know that the user opted out for that and following connections. Since it's a legitimate purpose, we can store that information. But only if the user does not opt out to storing that information, which .. he already has .. What is this I don't even .. Are those fuckers completely clueless to basic logic?

      --
      It's The Golden Rule: "He who has the gold makes the rules."
  5. Whoopsie by jholyhead · · Score: 2

    I bet all 64 complaints were made by web developers against the .gov.uk sites that are non compliant.

  6. Notice Designed Not to be Seen by JimMcc · · Score: 2

    I just visited a link on the dailyrecord.co.uk and received some kind of cookie notice. The notice appeared as a pop up in the bottom right corner (the last place an english speaker will scan to) with text in pale grey. The notice was clearly designed to be difficult to notice. Even though I saw it pop up right away, I didn't have a chance to read the text or see which link to use to opt out before the notice disappeared. It was clear from the first sentence that if I did nothing I was consenting to be tracked.

    I guess the law, which clearly had good intentions, has been eviscerated so that now the websites can just briefly display a hard to notice blob of text, remove it before you have a chance to read it, and continue tracking you with impunity.

  7. The effects of lobbying by Egor_but_no_hunch · · Score: 2

    The law was causing havoc for retailers and given that there was no clear guidance on how to handle this, we have a host of implementations, from the BBC which embodies the spirit of the law as it was originally written, to the Financial Times and BT which are using weasel ways (bottom of page, fades out straight away), to Google (which has essentially ignored the guidance).

    The ICO, faced with overwhelming discontent from large retailers and retail associations, caved and has essentially ensured the status quo. By allowing implied consent, you can essentially pretend the law does not exist, and the minimum amount of work for a retailer is to include a page buried in the site map, telling you how to turn off cookies entirely in IE.

    The law as it was written is actually the problem here. The intention of the law was to restrict the harvesting of user data, be it for behavioural advertising, or for more nefarious reasons.

    However, the law was written far too broadly (surprise, surprise), and covered every method a site has of interacting with a browser, which lead to massive confusion about how to handle session cookies, shopping carts, etc.

    If the ICO wants to do this properly, amend the law so that it covers the original intentions of stopping third party cookies tracking people round the internet, clarify that first party cookies are fine for handling website functionality[1], and then use their powers to punish the people who break the rules.

    [1] Yes, I know there is a way of still using first party cookies as a third party operator and continue to happily track people, but that would fall under "breaking the rules" and get slapped...

    Full Disclosure : I worked on our implementation of this law as an integrator for many large multinational retailers.