Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

64 Complaints Received On UK Cookie Law

timothy posted more than 2 years ago | from the these-cookies-taste-awful! dept.

Privacy 86

judgecorp writes "Privacy watchdog, the Information Commissioner's Office, has already received 64 complaints under the UK's Cookie Law, which requires sites to get permission to track users with cookies. The law only came into effect on Saturday, and many sites do not expect to comply soon. To make life more complicated, the ICO has updated its advice, apparently allowing 'implied consent' instead of actually making a user click a box to give permission for cookies."

cancel ×

86 comments

Sorry! There are no comments related to the filter you selected.

Implied Consent? (4, Insightful)

Anonymous Coward | more than 2 years ago | (#40141021)

"Implied Consent" is nothing more than a way to skirt responsibility of law. If THEY can do it, then so can we.

Re:Implied Consent? (2)

SkunkPussy (85271) | more than 2 years ago | (#40141047)

yeah i fucking hate this spam copout where implied consent seems to be accepted. resulting in my receiving 2 mobile spam texts a day recently.

Re:Implied Consent? (4, Funny)

SJHillman (1966756) | more than 2 years ago | (#40141089)

Your post gives me implied consent to sleep with your sister and your girlfriend.

Re:Implied Consent? (3, Insightful)

Chrisq (894406) | more than 2 years ago | (#40141467)

Your post gives me implied consent to sleep with your sister and your girlfriend.

I can see rapists having a tattoo on their chest "reading this message grants me implied consent... "

Re:Implied Consent? (0)

Anonymous Coward | more than 2 years ago | (#40162607)

A recent case in Australia of a guy who 'raped' his wife 50 years ago when they were married tried using the 'implied consent' thing, saying in his day a woman wasn't allowed to deny her husband sex. He tried to have the case dismissed, but the judges are allowing the case to proceed.

Re:Implied Consent? (2, Funny)

Rogerborg (306625) | more than 2 years ago | (#40142157)

Your post gives me implied consent to sleep with your sister and your girlfriend.

How did you know he was from Cornwall? Are you tracking him?

Re:Implied Consent? (4, Insightful)

Errol backfiring (1280012) | more than 2 years ago | (#40141063)

"Implied Consent" is the most stupid term I ever read.

Re:Implied Consent? (1)

Anonymous Coward | more than 2 years ago | (#40141101)

I'll use that defense in my rape hearing. I thought drinking 12 beers and passing out on my floor was implied consent.

Re:Implied Consent? (0)

Anonymous Coward | more than 2 years ago | (#40141663)

like "war on terror"? :)

Re:Implied Consent? (0)

Anonymous Coward | more than 2 years ago | (#40141749)

When you enter a restaurant and place an order, you give the implied consent to exchange money for goods and services.

Re:Implied Consent? (1)

TFAFalcon (1839122) | more than 2 years ago | (#40142259)

No you don't. You do then when you ORDER your food. Or do you consider it OK for them to bring you a glass of water and charge you 100$ for it as soon as you sit down?

Re:Implied Consent? (1)

TangoMargarine (1617195) | more than 2 years ago | (#40146155)

When you enter a restaurant and place an order

No you don't. You do then when you ORDER your food.

Really? Let's read more slowly before we flame.

Re:Implied Consent? (1)

1s44c (552956) | more than 2 years ago | (#40153251)

When you enter a restaurant and place an order

No you don't. You do then when you ORDER your food.

Really? Let's read more slowly before we flame.

Entering the restaurant has nothing to do with it. Placing the order is the important bit.

Re:Implied Consent? (1)

TangoMargarine (1617195) | more than 2 years ago | (#40191157)

If we're talking a sit-down restaurant (I wouldn't personally call fast food a "restaurant"), you kind of have to be inside to place an order. Even if you could order over the phone, you still have to physically enter the place. So yes, entering the restaurant AND placing an order are important.

Re:Implied Consent? (1)

HanktheTankCDN (1865222) | more than 2 years ago | (#40141865)

Its stupid in this case but smart when dealing with medical emergencies. If you are unconscious, implied consent gives someone there to help you the consent to save your life by giving you CPR. "Important in this case implied consent is." (Return of the Jedi)

Re:Implied Consent? (1)

Errol backfiring (1280012) | more than 2 years ago | (#40154095)

Not really. That is "medical necessity". As my consent cannot be asked in such a case, an emergency decision is made. That is not my consent, not even implied, but I am probably very glad afterwards.

Re:Implied Consent? (1)

vsync64 (155958) | more than 2 years ago | (#40184221)

It's a term of art [lmgtfy.com] [1].

  1. term of art [lmgtfy.com]

Re:Implied Consent? (0)

Anonymous Coward | more than 2 years ago | (#40141093)

if she dressed sexy and got drunk, there is Implied Consent, officer.

Re:Implied Consent? (0)

Anonymous Coward | more than 2 years ago | (#40141443)

You seem to consist of meaty parts and breakable bones. That's implied consent for beating you up, citizen.

Re:Implied Consent? (1)

digitig (1056110) | more than 2 years ago | (#40141185)

Read the guidance. The constraints on "implied consent" are pretty stringent: whoever is setting the cookie needs to be able to prove that the user understood in advance that cookies would be set and what that means.

Re:Implied Consent? (1)

mrbester (200927) | more than 2 years ago | (#40141305)

As a user of websites I know this can happen so they are fine under the law. As a user of my company's website I know this does happen because I'm in the development team so that is fine under the law.

Oh, you meant some other user? How is a site supposed to know what a random user knows, let alone prove it when there is no definition of "user"?

Re:Implied Consent? (1)

TFAFalcon (1839122) | more than 2 years ago | (#40142287)

If the site does not know the user consents, it should ASK him. Isn't this what this law is all about?

Re:Implied Consent? (1)

Rogerborg (306625) | more than 2 years ago | (#40142185)

You say "need to" as though it has any meaning in the context of the ICO's toothless barking.

If the tentacle of the State charged with enforcing a law obviously doesn't really give a damn about it, why would anyone else?

Re:Implied Consent? (1)

tepples (727027) | more than 2 years ago | (#40142397)

whoever is setting the cookie needs to be able to prove that the user understood in advance that cookies would be set and what that means.

But when someone logs into a site with a username and password, can't it be assumed that a reasonable person would understand that logging in bakes cookies?

Re:Implied Consent? (1)

digitig (1056110) | more than 2 years ago | (#40192899)

whoever is setting the cookie needs to be able to prove that the user understood in advance that cookies would be set and what that means.

But when someone logs into a site with a username and password, can't it be assumed that a reasonable person would understand that logging in bakes cookies?

No. It can be assumed that a knowledgeable person would understand that, but I doubt most web users, however reasonable, would know that. Anyway, my concern is over analytics, which doesn't require the site user to log in.

Re:Implied Consent? (1)

Xest (935314) | more than 2 years ago | (#40141445)

Maybe Gary McKinnon should just switch to this defence.

"What? Sorry American military, I assumed because you had blank passwords that I had your implied consent I could login? Does this mean I don't have to be extradited"

Like you say, implied consent is basically a way of saying "You don't actually have to really give a shit about this law".

Hey look (1)

Anonymous Coward | more than 2 years ago | (#40141041)

A power of 2!

Counter (2)

SJHillman (1966756) | more than 2 years ago | (#40141077)

They've actually received several million complaints, but only had a 6 bit counter.

Re:Counter (1)

MyLongNickName (822545) | more than 2 years ago | (#40141113)

Nice try, but that would only allow for 63.

Re:Counter (2)

Zandamesh (1689334) | more than 2 years ago | (#40141123)

no, if indexes go from 0 to 63, and it allows 64 elements :->

Re:Counter (1)

MyLongNickName (822545) | more than 2 years ago | (#40141181)

64 elements is not the same as tracking 0 to 64 complaints.

Re:Counter (1)

SJHillman (1966756) | more than 2 years ago | (#40141237)

But 64 complaints is the same as a counter going from 0 to 63. To make it human readable, you'd just add 1 to the value of the counter.

Re:Counter (1)

Anonymous Coward | more than 2 years ago | (#40141259)

Ummmmm. no. If you are cheating by assuming that all bits '0' means 1 complaint, then how do you store the 0 complaint starting state?

Re:Counter (1)

Chrisq (894406) | more than 2 years ago | (#40141481)

Ummmmm. no. If you are cheating by assuming that all bits '0' means 1 complaint, then how do you store the 0 complaint starting state?

Real C programmers would say that starting at 1 is cheating.

Re:Counter (1)

txgunslinger (932679) | more than 2 years ago | (#40141535)

There was no 0 complaint state. I complained before it became law.

Re:Counter (1)

TFAFalcon (1839122) | more than 2 years ago | (#40142305)

Null pointer for the counter until a complaint is registered.

Re:Counter (0)

Anonymous Coward | more than 2 years ago | (#40144199)

If there's no complaints then why store anything yet?

Re:Counter (0)

Anonymous Coward | more than 2 years ago | (#40145487)

int current_complaint = 0;
 
bool add_complaint(complaint *c) {
  if(current_complaint == 63) return false;
  complaints[current_complaint++] = c;
  return true;
}

Re:Counter (1)

Zandamesh (1689334) | more than 2 years ago | (#40141257)

If you have an array of ints:
int[] numberList = { 1, 2, 3, 4 }
and someone asks you, how many ints are in this array? Do you say 3 or 4?

Re:Counter (1)

MyLongNickName (822545) | more than 2 years ago | (#40141313)

I say: "64 elements is not the same as tracking 0 to 64 complaints"
You say: "and someone asks you, how many ints are in this array? Do you say 3 or 4?"

You didn't add anything new to the conversation. I already said there are 64 elements. However, 64 elements is not the same as being able to track up 64 complaints. You must start with the initial condition of zero complaints, meaning you can track 0 to 63 complaints with a six bit number.

Re:Counter (1)

Zandamesh (1689334) | more than 2 years ago | (#40141363)

ah I get it. I was thinking of an array of 64 elements, where each element is a Complaint class, while you were thinking of a simple counter.

Re:Counter (1)

MyLongNickName (822545) | more than 2 years ago | (#40141377)

Yeah, the OP said counter, so I went with that. After my last post I started thinking more about it and figured you were going with some type of class or database record. It is amazing how frequently communications breakdowns happen on simple things. Enjoy the rest of your day :)

Re:Counter (2)

Shrike82 (1471633) | more than 2 years ago | (#40141469)

Seriously guys, how many times do I have to say this. This is simply not the right way to settle an argument online.

You two made the elementary errors of trying to compromise, offering each other a chance to explain your positions, listening to one another, caring about a misunderstanding and finally added insult to injury by wishing him a nice day. For shame.

This should have proceeded immediately to name calling, threats to burn each others' houses down, childish and grammatically incorrect insults and finished with one of you vowing to leave the site and never return. I expect better of you both next time.

Re:Counter (1)

TapeCutter (624760) | more than 2 years ago | (#40141463)

Zero complaints = empty array
Complaint #1 = array[0]
......
Complaint #64 = array[63].

Re:Counter (1)

TangoMargarine (1617195) | more than 2 years ago | (#40146195)

Vertex, vertices, matrix, matrices...index, indices?

Re:Counter (0)

Anonymous Coward | more than 2 years ago | (#40146361)

Yep.

And mice is plural of mex.

Re:Counter (1)

game kid (805301) | more than 2 years ago | (#40141149)

The counter is 1-based and clamps higher amounts to 64. The guy who made the counter figured the law would get some complaint at some point (because party politics), and was inspired by the "Retweeted" counter below Twitter posts that clamps at 100 (the pay didn't motivate him enough to go that high).

Re:Counter (1)

Anonymous Coward | more than 2 years ago | (#40141161)

You're forgetting the implied complaint numbered 0.

Re:Counter (1)

fatphil (181876) | more than 2 years ago | (#40141677)

The arithmetic is saturating and the overflow flag is set.

This law is a good thing! (1)

ArsenneLupin (766289) | more than 2 years ago | (#40141157)

When can we have the same for needless javascript? And for flash?

Re:This law is a good thing! (1)

monkeyhybrid (1677192) | more than 2 years ago | (#40255927)

Javascript and Flash can easily be disabled via your browser's settings, just as cookies can, which makes this law kind of pointless. If you browser doesn't have 'per site' settings for this, there's more than likely an extension to provide that capability.

All this legislation does is force EU organisations (so no effect on anything outside of EU) to replicate the aforementioned browser cookie blocking functionality but using a method of trust instead of an explicit user setting tightly under a user's control. If users have privacy concerns regarding use of cookies, the only sane way to handle that is for users to take control themselves by disabling use of cookies in their browser settings and then whitelisting sites on a per site basis. We've had that capability since the introduction of cookies.

The EU could handle this situation much better by organising an information campaign to inform it's citizens of how to handle cookies themselves. At least then the users who want to take action can do so properly with the added benefit of applying to all sites globally, not just those trustworthy enough in the EU to bother conforming.

Re:This law is a good thing! (1)

ArsenneLupin (766289) | more than 2 years ago | (#40256077)

Javascript and Flash can easily be disabled via your browser's settings, just as cookies can, which makes this law kind of pointless.

... and some sites are actually quite good at annoying people who do just that. One trick is to set up a meta http-equiv redirect to a nag page which kicks in if there is no javascript. Or the main content block's display property to none in CSS, and set to something sensible by javascript. Or same idea but with opacity: 0. Or links that point back to page itself (<a href="#"> ) rather than to the subpage they are supposed to point to. Fortunately, sites doing such nonsense are a minority, but they do exist.

Back when Flash was the rage, one popular annoyance was flash intros which couldn't be skipped. So, if you had flash disabled, you were stuck on an empty page without a link to move on

Having a law against needless javascript or flash would also stop such shenanigans.

All this legislation does is force EU organisations (so no effect on anything outside of EU) to replicate the aforementioned browser cookie blocking functionality but using a method of trust instead of an explicit user setting tightly under a user's control.

No, it also forces organizations not to put any shenanigans into their pages which are meant to annoy users who prefer to surf without cookies, javascript or flash.

If users have privacy concerns regarding use of cookies, the only sane way to handle that is for users to take control themselves by disabling use of cookies in their browser settings and then whitelisting sites on a per site basis. We've had that capability since the introduction of cookies.

Then you have problems with sites that detect the absence of cookies, and redirect you to a nag page if you don't have any.

Re:This law is a good thing! (1)

monkeyhybrid (1677192) | more than 2 years ago | (#40256385)

What you say is true, there are certainly sites out there that really want to get round any measures a user puts in place to block certain behaviour, but if a site is doing stuff like that, would you really trust them to conform with legislation anyway? From my personal experience, the types of sites that exhibit this kind of behaviour are typically not high on my trust list.

And even if the legal repercussions of not conforming were enough to ensure these sites do conform, then why not just have legislation that requires sites respect a user's browser settings without undue hindrance, rather than requiring a site manually request user permission?

The fact that this legislation relies on trust, only applies to a subset of the internet, and is going to be ridiculously hard to police, makes me think it will achieve very little apart from annoying a lot of users and providing a false sense of privacy.

Re:This law is a good thing! (1)

ArsenneLupin (766289) | more than 2 years ago | (#40256901)

What you say is true, there are certainly sites out there that really want to get round any measures a user puts in place to block certain behaviour, but if a site is doing stuff like that, would you really trust them to conform with legislation anyway?

If legislation is in place, and a site blatantly misbehaves in such a way, this is actionable. At least the bigger sites (such as facebook) would have to comply.

From my personal experience, the types of sites that exhibit this kind of behaviour are typically not high on my trust list.

But sometimes, it may be a site whose service you absolutely need, such as directory look up... we have the case here in Luxembourg where one directory lookup service [yellow.lu] pulls such a shenanigan. Fortunately, theyre is a competitor [editus.lu] . But what if the competitor starts behaving in the same way?

And ironically enough, luxtrust.lu [luxtrust.lu] , the national Luxembourgish certification agency, pulls the opacity: 0 stunt... an entity that we have to trust...

Very often though, such things happen due to contractors. Organization contracts out webdesign to a third party firm, which cares more about looks and their own ego than about functionality or their customer's mission, and then such mishaps happen. And when the customer's users bring this to their attention, the contract and warranty period with web design company has run out, and their is no budget planned to fix the mess, so it stays like that for ages...

Click here (2, Funny)

Anonymous Coward | more than 2 years ago | (#40141173)

to see this fabulous girl naked. And to accept cookies from our 100 affiliate analytics firms

Implied, eh? (0)

Anonymous Coward | more than 2 years ago | (#40141201)

presumably there is Implied Consent to pay me £lots for the rights to my personal data for commercial use

Here's hoping... (1)

digitig (1056110) | more than 2 years ago | (#40141209)

With any luck all 64 complaints will be against government sites.

Stupid and impossible law (3, Insightful)

ewanm89 (1052822) | more than 2 years ago | (#40141233)

How does one opt out of cookies without using a cookie to remember it?

Re:Stupid and impossible law (3, Informative)

ArsenneLupin (766289) | more than 2 years ago | (#40141303)

How does one opt out of cookies without using a cookie to remember it?

Using Etags [wikipedia.org] ...

Re:Stupid and impossible law (0)

Anonymous Coward | more than 2 years ago | (#40141317)

That's a stupid argument. You may not be able to tell the difference between continuous tracking cookies, and a do not track cookie, but they lawmakers can. Sophism is strong in you, but fortunately, the lawmakers know better, and that's scary.

Re:Stupid and impossible law (5, Interesting)

Zocalo (252965) | more than 2 years ago | (#40141475)

This isn't about banning cookies, it's about banning user tracking without consent - which includes far more than cookies; browser fingerprints being the main candidate, so the correct intent is there. For a start, it's perfectly OK within the law to set a cookie that tells the site to not track that user, which I suspect will form the bulk of the (incorrect) complaints received by the ICO, but you can't use that cookie to track the user across your site, or any affiliate sites.

The problem with this legislation isn't the intent, it's the complete lack of clarity coming from the ICO who are responsible for its adminstration and enforcement. The law essentially boils down to "do not track your users without their consent", which the ICO has then muddied the waters over by making some vague remarks about implied consent being OK without explaining exactly what they mean. There is a great deal of confusion over whether the request to opt-in/out needs to be overt (i.e. a click-through or banner), whether or not you can set a "do not track" cookie (you can), and so on.

It's not being helped by some totally lame implementations of the consent request, most probably due to lack of clarity from the ICO about what can and can't be done, in the cases of users with cookies and/or JavaScript disabled for a site. A frequent occurance in this case seems to be that such users either have to go through the consent request every visit or have a consent banner permanantly displayed on the screen. Both these problems could (and I'll emphasis that "could") go away quite simply if the ICO were to state that:
  1. If using a script to prompt for consent and if that script is blocked then default to "do not track"
  2. It's OK to try and set a cookie, read it back and if that fails assume cookies are blocked by the user and implied consent = "do not track", otherwise prompt the user for consent and act accordingly.

But all that assumes that the websites are going to act in the best interests of their users over the best interests of their bottom line; in many cases sites will be dependant on the revenue they can raise from their users, and a tracked user is going to be better targetted with ads, and thus more likely to click through, than one that is not. The more inconvenient it is for users to opt out of tracking, the more likely we are going to see those sites taking that track. Kudos on that front to the BBC who have a well thought out and graded set of cookie policies [bbc.co.uk] you can opt into ranging from "necessary", through "functionality" and "performance", to "behavioural advertising".

Re:Stupid and impossible law (1)

Blakey Rat (99501) | more than 2 years ago | (#40144847)

It's worth noting that even the BBC's implementation may not be in compliance with the law. Although it's kind of hard to say, since nobody knows what the hell compliance even looks like at this point--

what's that? The law's already taken effect and nobody knows how to comply with it? Tough crap, you get a complaint.

Ridiculous.

Re:Stupid and impossible law (0)

Anonymous Coward | more than 2 years ago | (#40147581)

This isn't about banning cookies, it's about banning user tracking without consent - which includes far more than cookies; browser fingerprints being the main candidate, so the correct intent is there.

The law specifies that you can't store data on a "users' terminal" - so it doesn't cover fingerprints

Re:Stupid and impossible law (1)

isorox (205688) | more than 2 years ago | (#40159041)

This isn't about banning cookies, it's about banning user tracking without consent - which includes far more than cookies; browser fingerprints being the main candidate, so the correct intent is there. For a start, it's perfectly OK within the law to set a cookie that tells the site to not track that user, which I suspect will form the bulk of the (incorrect) complaints received by the ICO, but you can't use that cookie to track the user across your site, or any affiliate sites.

So would a temporary session cookie, often set without the programmers knowledge, be ok?

How about a cookie which is used to remember you've done an action, but not track you. E.G. "color=red" and "color=blue".

The problem with this legislation isn't the intent, it's the complete lack of clarity coming from the ICO who are responsible for its adminstration and enforcement. The law essentially boils down to "do not track your users without their consent", which the ICO has then muddied the waters over by making some vague remarks about implied consent being OK without explaining exactly what they mean. There is a great deal of confusion over whether the request to opt-in/out needs to be overt (i.e. a click-through or banner), whether or not you can set a "do not track" cookie (you can), and so on.

It's not being helped by some totally lame implementations of the consent request, most probably due to lack of clarity from the ICO about what can and can't be done, in the cases of users with cookies and/or JavaScript disabled for a site. A frequent occurance in this case seems to be that such users either have to go through the consent request every visit or have a consent banner permanantly displayed on the screen. Both these problems could (and I'll emphasis that "could") go away quite simply if the ICO were to state that:

  1. If using a script to prompt for consent and if that script is blocked then default to "do not track"
  2. It's OK to try and set a cookie, read it back and if that fails assume cookies are blocked by the user and implied consent = "do not track", otherwise prompt the user for consent and act accordingly.

But all that assumes that the websites are going to act in the best interests of their users over the best interests of their bottom line; in many cases sites will be dependant on the revenue they can raise from their users, and a tracked user is going to be better targetted with ads, and thus more likely to click through, than one that is not. The more inconvenient it is for users to opt out of tracking, the more likely we are going to see those sites taking that track. Kudos on that front to the BBC who have a well thought out and graded set of cookie policies [bbc.co.uk] you can opt into ranging from "necessary", through "functionality" and "performance", to "behavioural advertising".

Re:Stupid and impossible law (1)

isorox (205688) | more than 2 years ago | (#40159053)

Bugger, forgot to snip the rest of the quote.

Re:Stupid and impossible law (2)

AmiMoJo (196126) | more than 2 years ago | (#40141509)

You don't, you opt-in.

This law is actually very sensible. There are exemptions for non-tracking cookies, stuff like session tokens used by online shops or banks, misc preferences and so forth. Cookies just primarily to track and target advertising at you need permission and the site has to allow you to opt-in.

Re:Stupid and impossible law (1)

Alain Williams (2972) | more than 2 years ago | (#40142053)

This law is actually very sensible. There are exemptions for non-tracking cookies, stuff like session tokens used by online shops or banks, misc preferences and so forth.

That is the whole point: there is not an exemption for session cookies -- only an exemption where they are strictly necessary -- which is a very high standard, also the legislation does not distinguish between a site specific session cookie and a 3rd party cross site cookie. This is what is stupid about it.

See: cookies_guidance_v3 [ico.gov.uk] page 12:

Where the setting of a cookie is deemed 'important' rather than 'strictly necessary', those collecting the information are still obliged to provide information about the device to the potential service recipient and obtain consent.

Note the v3, they keep on tweaking what they expect people to do.

Re:Stupid and impossible law (1)

fatphil (181876) | more than 2 years ago | (#40142089)

Firstly - if they recognise me - they are tracking me. I don't care if you call it a "session token" or whatever, it's simply a mechanism for tracking me, nothing more.

Re:Stupid and impossible law (0)

Anonymous Coward | more than 2 years ago | (#40141553)

Turn them off in your browser preferences, or install Cookiemonster in Firefox if you want more fine-grained control.

The method The Register opted for was telling you they use cookies and giving you the option to either agree to them or if you didn't and carried on using their site they would assume you had agreed to them, this was presented to the reader through a bar overlaid on the bottom of the visible page which is hard to miss.

Re:Stupid and impossible law (1)

grahamm (8844) | more than 2 years ago | (#40142935)

How does one opt out of cookies without using a cookie to remember it?

By not storing a cookie. If you visit the site and do not opt out, it will send you cookies including one which indicates that you did not opt out of receiving cookies. Then on subsequent visits, if this cookie is presented then the site knows that you did not opt out and can continue to send/update cookies. It, however, mean that you will also have to opt out again on every subsequent visit to the site.

Re:Stupid and impossible law (2)

Terrasque (796014) | more than 2 years ago | (#40149913)

I really like the EU "law" / guide that the UK law was made from (found here [europa.eu] ).

Let me quote part 25 (with some added emphasis):

However, such devices, for instance so-called "cookies", can be a legitimate and useful tool, for example, in analysing the effectiveness of website design and advertising, and in verifying the identity of users engaged in on-line transactions.

Where such devices, for instance cookies, are intended for a legitimate purpose, such as to facilitate the provision of information society services, their use should be allowed on condition that users are provided with clear and precise information in accordance with Directive 95/46/EC about the purposes of cookies or similar devices so as to ensure that users are made aware of information being placed on the terminal equipment they are using.

Users should have the opportunity to refuse to have a cookie or similar device stored on their terminal equipment. This is particularly important where users other than the original user have access to the terminal equipment and thereby to any data containing privacy-sensitive information stored on such equipment.

Information and the right to refuse may be offered once for the use of various devices to be installed on the user's terminal equipment during the same connection and also covering any further use that may be made of those devices during subsequent connections.

The methods for giving information, offering a right to refuse or requesting consent should be made as user-friendly as possible. Access to specific website content may still be made conditional on the well-informed acceptance of a cookie or similar device, if it is used for a legitimate purpose.

So if they refuse to have a cookie or similar device stored on their device, we need to know that the user opted out for that and following connections. Since it's a legitimate purpose, we can store that information. But only if the user does not opt out to storing that information, which .. he already has .. What is this I don't even .. Are those fuckers completely clueless to basic logic?

Re:Stupid and impossible law (0)

Anonymous Coward | more than 2 years ago | (#40144261)

How do people not understand this?

If you don't accept the cookies, then the site can't remember and you get asked every damn time.

That doesn't require any cookies to be set.

complaints were probably from web developers (0)

Anonymous Coward | more than 2 years ago | (#40141327)

The complaints were probably from web developers trying to get more work from their existing clients.

Whoopsie (2)

jholyhead (2505574) | more than 2 years ago | (#40141585)

I bet all 64 complaints were made by web developers against the .gov.uk sites that are non compliant.

In other words (-1, Offtopic)

beats571 (2650175) | more than 2 years ago | (#40142327)

Cheap Beats By Dre [discount-b...ydrdre.com] In other words, by using a bit of the old contrast and compare By Dr Dre [discount-b...ydrdre.com] .

Notice Designed Not to be Seen (2)

JimMcc (31079) | more than 2 years ago | (#40142441)

I just visited a link on the dailyrecord.co.uk and received some kind of cookie notice. The notice appeared as a pop up in the bottom right corner (the last place an english speaker will scan to) with text in pale grey. The notice was clearly designed to be difficult to notice. Even though I saw it pop up right away, I didn't have a chance to read the text or see which link to use to opt out before the notice disappeared. It was clear from the first sentence that if I did nothing I was consenting to be tracked.

I guess the law, which clearly had good intentions, has been eviscerated so that now the websites can just briefly display a hard to notice blob of text, remove it before you have a chance to read it, and continue tracking you with impunity.

Re:Notice Designed Not to be Seen (0)

Anonymous Coward | more than 2 years ago | (#40151807)

Dr Dre Beats [discount-b...ydrdre.com] He is also single, has had no full time job, and still lives at home with his mother. Not because he wants to, mind you, albeit she and he get along quite well. Rather, Martin has Asperger's, a rather serious case, and on a severity scale from one to ten I would say Martin would rate a nine. On a good day. The thing is, a lot of people with Asperger's somehow manage to have normal lives. Geeky in places, yes, but otherwise normal in the eyes of the world. So why has Martin, with his high IQ, struggled more than most? I have asked myself this question about Martin time and time again. It took me three years to find an answer I could live with. For many years, Martin's mother had been asking herself this same question, each time Martin had a meltdown. At age three or four, the meltdowns were hard to endure. At thirty-six, they were beyond hard. They were almost unbearable. Martin himself had frequently asked me this question as well, each time he spiraled into hopeless which in the first two years was often. And when he would ask me By Dr Dre [discount-b...ydrdre.com] .

Re:Notice Designed Not to be Seen (0)

Anonymous Coward | more than 2 years ago | (#40157877)

Following your warning to be quick off the mark, I clicked on the link in the pop-up - to be sent a 404:
"404 Error Message: Page Not Found on www.dailyrecord.co.uk
  Unfortunately, the page you were trying to retrieve does not exist on www.dailyrecord.co.uk.
The Most Common Mistakes In Accessing Our Pages Are:
1.Making the URL end in .htm - all of our pages end in .html so put an l at the end.
2.You followed a broken or out-of-date link. If so tell us about it here.
3.The file no longer exists.
We Advise You:
1.Go to our sitemap.
2.Simply start again at our homepage.
3.Or search for the article above."

Frivolous cookie problem (1)

Misagon (1135) | more than 2 years ago | (#40142855)

I think that the biggest problem is that sites set too many cookies. It can get difficult to distinguish one type of cookie from another.
Browsers have a cookie setting for "Ask me every time", which is practically useless as most of your time web browsing gets spent at clicking the popup dialogue.

One example where no cookie needs to be set at default, is on a web site's front page. The user should then be able to give implicit consent to a cookie by clicking on a link inside the site. Not setting a cookie by default on the front page does not imply that the site would not be able to read (and renew) a cookie on the front page that has previously been set.

Re:Frivolous cookie problem (1)

laffer1 (701823) | more than 2 years ago | (#40143549)

Some sites have a login on the front page. It might be an ajax call. Your front page rule doesn't make sense in all cases.

Plus, I don't think banning session cookies on a site is necessarily a good thing. Sometimes they're used to track users, other times, it's just convenience by the web app framework and not used for anything but managing logins, shopping carts or similar. Intent matters and this law does not take that into account. It has exactly one exception for a shopping cart.

Implied consent (1)

orkysoft (93727) | more than 2 years ago | (#40143189)

So, if your browser is configured to keep cookies, does that imply consent to place cookies?

If you configure your browser to disallow cookies from certain sites, you're denying consent, and it doesn't even require the sites to be changed at all.

So, why does this law exist again? It looks -1, Redundant to me.

Biscuit Law (0)

Anonymous Coward | more than 2 years ago | (#40147707)

You mean UK Biscuit Law, they call them biscuits over there.

They should mandate at least two biscuits per person with tea.

good (0)

Anonymous Coward | more than 2 years ago | (#40151749)

Dr Dre Beats [discount-b...ydrdre.com] Self help for depression techniques teaches you how to overcome depression in your own time and in your own way. It teaches you not only how to become free but also how to stay free. That is very important. Many people today get temporarily relief from depression but not many of those actually stay free from depression. Depression can be defeated once and for all. It is possible to stay free. You must just know how. Do not allow this disease to steal your life. Claim your life back. It is your life. You have been created to live life to the fullest. You have been created to experience joy, inner peace and enduring love. Depression wants to steal all that. Do not allow it to steal from you any longer. Research self help for depression techniques and get to work with techniques that has proven itself to be trustworthy. Your life is counted as great worth and your purpose in this world must be fulfilled in order for this world to be a richer place.
Autism And Asperger's Fear Monster # 2 - Will My Child Ever Be Normal? Martin is a handsome thirty six year old man with a masters degree in history By Dr Dre [discount-b...ydrdre.com] .

Similar law exist in Sweden (1)

the_arrow (171557) | more than 2 years ago | (#40152579)

There is a similar law in Sweden, but instead of saying that the user have to permit cookies, the Swedish law just states that users have to be informed about them:

  • That cookies are used
  • What they are used for, in general and on the site
  • How to disable cookies

The effects of lobbying (2)

Egor_but_no_hunch (2444330) | more than 2 years ago | (#40153767)

The law was causing havoc for retailers and given that there was no clear guidance on how to handle this, we have a host of implementations, from the BBC which embodies the spirit of the law as it was originally written, to the Financial Times and BT which are using weasel ways (bottom of page, fades out straight away), to Google (which has essentially ignored the guidance).

The ICO, faced with overwhelming discontent from large retailers and retail associations, caved and has essentially ensured the status quo. By allowing implied consent, you can essentially pretend the law does not exist, and the minimum amount of work for a retailer is to include a page buried in the site map, telling you how to turn off cookies entirely in IE.

The law as it was written is actually the problem here. The intention of the law was to restrict the harvesting of user data, be it for behavioural advertising, or for more nefarious reasons.

However, the law was written far too broadly (surprise, surprise), and covered every method a site has of interacting with a browser, which lead to massive confusion about how to handle session cookies, shopping carts, etc.

If the ICO wants to do this properly, amend the law so that it covers the original intentions of stopping third party cookies tracking people round the internet, clarify that first party cookies are fine for handling website functionality[1], and then use their powers to punish the people who break the rules.

[1] Yes, I know there is a way of still using first party cookies as a third party operator and continue to happily track people, but that would fall under "breaking the rules" and get slapped...

Full Disclosure : I worked on our implementation of this law as an integrator for many large multinational retailers.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>