Slashdot Mirror

← Back to Stories (view on slashdot.org)

Watchdog "Not Ready" To Probe Cookie Complaints

Posted by Unknown on from the cookie-monster's-reign-of-terror-continues dept.

nk497 writes "The UK data watchdog has admitted it doesn't have any staff investigating cookie consent complaints, more than a year after the law came in via an EU directive. The regulation requires websites to ask before dropping cookies and other tracking devices onto users' computers, and came into law in May 2011. The Information Commissioner's Office gave websites a year's grace period to update their websites, but failed to use that time to get its team together, meaning the 320 reports of sites not in compliance it's already received haven't been investigated at all."

11 of 166 comments (clear)

  1. Like anyone is going to follow this by Anonymous Coward · · Score: 4, Interesting

    I have to wonder if the people who wrote this law even considered the complaints they likely received at the time to the effect that it would make the internet practically unusable. Yes, it's a good sentiment to not want to "track" people, but with the increasing use of cookies for actual technical purposes - not to mention logins and the like - this would quickly become unfeasible and irritating. Anyway, what of serverside tracking - you know, like Facebook almost certainly does using its extensive "Like this" and Facebook integration APIs? I am more worried about that than cookies.

    No other country's developers are going to give a crap what the EU/British government says. All this will do is hamper European businesses' internet presence and probably cause a few notable companies (Google, etc) to sever ties with the specific countries actually enforcing it. There are certainly plenty of other reasons to do so these days.

    It's kind of sad when the US is one of the less technically inept governments in the world, and it only is because of general failure to do anything.

    --BKY1701

    1. Re:Like anyone is going to follow this by Anonymous+Brave+Guy · · Score: 4, Informative

      What actual technical purposes for cookies are there?

      Some obvious ones are:

      1. Maintaining an authenticated user session (logging in and out securely)

      2. Storing the current state of the user's session (shopping carts and the like)

      3. Remembering user preferences from one visit to the next

      4. Analytics within your own site

      I wish you apologists for the privacy-violators had a better grasp of the technology; the whole point of cookies is to track the user, that's what they were invented for.

      That simply isn't true. There are plenty of valid concerns regarding using cookies, particularly third party ones, but if they were only meant for tracking then why bother inventing things like session cookies?

      Now, some kind of tracking, like session tracking, may be necessary for the functionality of your site, but if you'd done your homework, you know that the makers of the directive considered that, and gave a specific exemption.

      And that specific exemption is so tightly worded that it doesn't even cover all of the examples above, which is why we then wound up with the formal opinion of the EU data protection authorities a couple of months ago covering things like first party analytics cookies.

      I'm a strong advocate of privacy, but I don't see any serious privacy problem with any of the usages mentioned above, there are obvious potential benefits to the user in each case. Regardless, how are all these "This web site uses cookies, and we know that no-one is enforcing the rules so we've put this token irritating box up even though we're relying on implied consent and we already set them all anyway" boxes doing anything useful whatsoever?

      --
      If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
    2. Re:Like anyone is going to follow this by mvdwege · · Score: 4, Interesting

      All four of your examples are examples of user tracking.

      Face it, cookies are a workaround for the stateless nature of HTTP. Cookies are meant for tracking by definition

      And you know what? Numbers 1 and 2 are covered. Number 3 is covered once you asked for permission, which you can do using number 1. That leaves 'analytics', which is usually PR-speak for 'tracking user browsing and selling it to the highest bidder'.

      So of your three examples, 2 of them are covered, one of them is covered by extension, and one of them can be done without. I'd say, no great loss.

      You want to track me? You need my permission, and you don't get it by default.

      --
      "I know I will be modded down for this": where's the option '-1, Asking for it'?
    3. Re:Like anyone is going to follow this by Anonymous+Brave+Guy · · Score: 4, Insightful

      Number 3 is covered once you asked for permission, which you can do using number 1.

      Only if you force users to create an account just to keep your site's media player size the same or some other trivial but convenient detail.

      That leaves 'analytics', which is usually PR-speak for 'tracking user browsing and selling it to the highest bidder'.

      Nonsense. Every business I've worked with in recent years has used analytics to see how visitors are using their own site and ultimately provide a better experience for those visitors. Every single one. And for the record, exactly none of them sold any of that analytics data to anyone.

      You want to track me? You need my permission, and you don't get it by default.

      Then turn off cookies in your browser. It's not hard, and if you don't know how, a quick Google search will surely tell you.

      However, I'm afraid I'm not going to compromise on the experience I can offer the other 99.997% of visitors to my sites because you want to make a fuss. No-one's forcing you to visit those sites, our policies are clearly stated and always have been, we're not doing anything even remotely shady in the eyes of just about everyone (except you, apparently) and just about everyone including us and many other visitors benefits if we pay attention to our analytics reports.

      You might like to consider that if you really feel strongly about Internet privacy, you aren't doing anyone any favours either by scaremongering or by attempting to redefine commonly understood terms like "tracking" to mean something convenient for your argument but different to what everyone else means by them. When those of us who want to improve the privacy situation without throwing the baby out with the bathwater come to write to our politicians or send money to privacy groups, all it takes to counteract our reasoned arguments is one PR guy for a commercial ad network and someone hysterical like you, and the politicians who aren't experts are convinced that the advertisers are the only ones being calm and sensible, and therefore nothing needs to be done at all.

      --
      If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
  2. Dumb laws are dumb. by VortexCortex · · Score: 5, Informative

    When you go to a web site that "stores cookies" in your browser, what happens is that a HTTP "Set-Cookie" header is sent to your browser. YOU HAVE THE POWER TO DISABLE COOKIES in your browser. It's not like the remote site can make your browser save the cookie.

    The user already has every capability to prevent the remote sites from storing any cookies. Simply DISABLE ALL COOKIES. Then, if you run across a site that has a feature requiring cookies (stateful sessions, like logging in), then and ONLY THEN DO YOU ENABLE COOKIES for that site alone. White list it. Oh your browser doesn't have a white list? YES IT DOES. IE does. FF has the Cookie Monster plugin among other ways, Chrome has -- Fuck Chrome! Chromium Exists. Chrome is closed source and has Google's secret advertising sauce added if you don't like cookies why would you use Chrome?! Google Sells Ads.

    Now, being a primordial deep one from time immemorial, I remember an age before cookies existed. I used caller ID, bitrate and handshake timings to log and verify my visitors' identity in the BBS era. Then came the Internet. I used a hash of the user agent, IP address, and other header strings along with URL munging (crazy crap you see after the ? in your address bar) to identify and verify users. Cookies allowed us to stop crapping up every URL on the page, and causing massive link rot... So, you want to make laws about cookies, eh? Well there are levels of tracking we are willing to accept, and we don't even need the damn cookies to do so. Enjoy server side storage of your IP address, browser signatures, and Query Strings cocking up your bullshit European URLs....

    Get bent morons. Cookies are good for you, at least YOU can control them. You can't very well control whether or not servers use URL munging....

    1. Re:Dumb laws are dumb. by epp_b · · Score: 4, Insightful

      I've been wanting to say exactly this every time I see another retarded story about cookies. Thanks for giving me a hand.

      Just in case it was missed: COOKIES ARE HELPFUL TO YOU, YOU MORONS.

      Want online shopping? Cookies.
      Automatic login to 9000 different sites? Cookies.
      Remembered configurations and searches? Cookies.
      Convenient URLs that you can remember? Cookies.

      As the parent explained, YOU hold the control in deciding what, how and when sites can store cookies on your machine. If you can't be arsed to spend a half hour learning to protect your privacy, you don't deserve it.

      Dim-witted, pandering, posturing politicians passing some idiotic "cookie legislation" is going to cause you to have *less* privacy, security and convenience.

  3. Why is the burden on millions... by LMariachi · · Score: 4, Insightful

    This is stupid. Why is the burden on millions of websites instead of a handful of browsers? Mandate that any web browser distributed in the U.K. default to "Ask me before allowing cookies." It should be the default anyway.

  4. SO what your saying is by Nihn · · Score: 4, Funny

    They have been accepting money but not producing anything...politics as usual.

  5. It's a damn stupid law by maroberts · · Score: 5, Interesting

    Am I the only one who thinks that these popups which state "we're using cookies" is highly annoying?

    Almost everyone apart from your aged grannie knows that you are tracked on sites by use of cookies, so what is the point of this bureaucratic nonsense? It's almost like a secret plot; a small step to making the net unusable.

      If you really want to ban something, block sites from opening 3rd party poker/porn sessions in windows behind your current window, not that such things happen to me of course.....

    [/rant]

    --

    Donte Alistair Anderson Roberts - hi son!
    Karma: Chameleon

  6. Re:Cookies suck by symbolset · · Score: 4, Interesting

    Tim Berners-Lee. The guy who invented the thing.

    --
    Help stamp out iliturcy.
  7. facts by Tom · · Score: 4, Informative

    I hate to burst everyone's babble with facts, but here you are:

    http://www.ico.gov.uk/for_organisations/privacy_and_electronic_communications/the_guide/cookies.aspx

    important key points:

    • Implicit consent is valid in many cases
    • some cookie uses are exempt, especially session ids, shopping carts, etc.

    Sorry for brutally slaughtering half the comments posted so far.

    As I read it, what this basically asks me to do is put an information that my site uses cookies somewhere with a link to a page that explains what I use the cookies for. If you're doing the usual stuff (session ids), you're probably done with two sentences.

    --
    Assorted stuff I do sometimes: Lemuria.org