UK ‘cookie law’ takes effect

[Chippiewill]

A few high-profile U.K. websites have in the past few days started to warn its visitors that it uses cookies on their sites.

You had until today to comply with the new European cookie law.

The E.U.’s “e-Privacy” Directive, which first came into force in 2002, was amended in 2009. Each of the E.U.’s 27 member states were told to bring the Directive into their own member state’s law by this time last year, including the United Kingdom.

The U.K.’s amended Privacy and Electronic Communication Regulations (PECR) Act 2011 was brought into force on May 26, 2011. The law stated, amongst other things, that companies operating in the E.U. and the U.K. must obtain the consent from its website users.

The Directive dictates that users should be aware of which kind of cookie is being set, varying from “essential” cookies, such as those used to remember which goods are in your e-shopping cart, to “non-essential” cookies that can be used to track user behaviour.

Correct. The E.U. Directive contains only a portion relating to cookies, but also targets “non-essential tracking”, regardless of whether a cookie is involved or not.

Arguably it has distracted many from the wider implications of the Directive. Website and Web application operators need to determine whether third-party trackers — such as advertisers and analytics — are used on their sites.

U.S.-based companies with a presence in the European Union, no matter how small, are still liable to E.U. laws, regardless of whether your website or Web application is hosted in the E.U. or elsewhere. Mobile application developers are also subject to the E.U. laws (see below).

http://www.zdnet.com/blog/london/uk-...d-to-know/4910

I may very well regret posting this here (Hi Dan!) but this has got to be the dumbest law I've seen in a while. Website owners shouldn't have to look after their users, users already have all the necessary tools to deny cookies that they don't want. All this is going to do is lead to confusion and increased costs (Sounds familiar from something coming from the EU). The most ludicrous part is that the EU seems to think it has some right to impose it's law on other countries (Although the US does behave in kind), it seems today that we have to obey the laws of every country, not just the ones we live in.

[peteyt]

http://www.zdnet.com/blog/london/uk-...d-to-know/4910

I may very well regret posting this here (Hi Dan!) but this has got to be the dumbest law I've seen in a while. Website owners shouldn't have to look after their users, users already have all the necessary tools to deny cookies that they don't want. All this is going to do is lead to confusion and increased costs (Sounds familiar from something coming from the EU). The most ludicrous part is that the EU seems to think it has some right to impose it's law on other countries (Although the US does behave in kind), it seems today that we have to obey the laws of every country, not just the ones we live in.

The problem is that sites that don't comply aren't going to be fined but supported - Okay that's a good thing because many small sites especially ones used for personal use won't really know what to do if they have cookies but I wonder if anyone will be fined - I read the other day many government sites haven't been able to comply in time.

I'm using Do Not Track Plus right now so I'm okay

[Lee]

The problem is that sites that don't comply aren't going to be fined but supported - Okay that's a good thing because many small sites especially ones used for personal use won't really know what to do if they have cookies but I wonder if anyone will be fined - I read the other day many government sites haven't been able to comply in time.

I'm using Do Not Track Plus right now so I'm okay

So if you break this law, nothing happens?

[Jutnux]

So if you break this law, nothing happens?

There will be people who think this and then they'll get caught and have a hefty fine imposed on them (up to a maximum of £500k)

[Lee]

There will be people who think this and then they'll get caught and have a hefty fine imposed on them (up to a maximum of £500k)

Wow, £500k for not alerting users that cookies may be used! What's the big scare about cookies anyway I thought they where harmless.

[Jutnux]

Wow, £500k for not alerting users that cookies may be used! What's the big scare about cookies anyway I thought they where harmless.

Services and websites abuse them to track users whenever they are doing things. The Facebook like button does it, the Twitter 'tweet' button does it and so do a lot of other services. Every time you go on a web page these services build up a profile about you and I believe this is what the new cookie law is trying to stop.

[Chippiewill]

This is the equivalent of saying in a car crash it's the wall's responsibility to protect the passengers rather than the car. It's about 10x easier to make the browser put up a dialogue for cookie usage than it is for the website to put up a dialogue for it.

[efq]

That's why most websites I visited today through up these little floating boxes about Cookies.

[Lee]

This is the equivalent of saying in a car crash it's the wall's responsibility to protect the passengers rather than the car. It's about 10x easier to make the browser put up a dialogue for cookie usage than it is for the website to put up a dialogue for it.

It's not that hard to do a javascript alert with a little sentance in it, click ok and it's history right?

[Chippiewill]

It's not that hard to do a javascript alert with a little sentance in it, click ok and it's history right?

Yeah, but you've got to do all the back-end stuff which is really awkward as you have to make unnecessary DB calls just to check if you've seen them before rather than just getting the session id or creating a new session. Whereas all the browser has to do is keep a list of websites it's allowed or denied cookies or third-party cookies.

The irony is you have to have hardcore tracking just to see if you're allowed to track them.