New Cookie Regulation in the EU

General questions relating to Joomla! 1.5 There are other boards for more specific help on Joomla! features and extensions.

Moderator: General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting.
Forum Post Assistant - If you are serious about wanting help, you should use this tool to help you post.
blaab
Joomla! Apprentice
Joomla! Apprentice
Posts: 11
Joined: Wed Jul 14, 2010 1:41 pm

New Cookie Regulation in the EU

Post by blaab » Tue May 17, 2011 2:24 pm

I've heard there are shortly to be new laws in the UK regarding the use of cookies:

http://www.ico.gov.uk/~/media/documents ... ations.pdf

Does anyone have a solution or ideas for use with joomla for when this becomes law in the UK?
Be who you are and say what you feel, as those who mind don't matter and those who matter wont mind.

jan_suhr
Joomla! Apprentice
Joomla! Apprentice
Posts: 41
Joined: Sat Jan 26, 2008 2:48 pm
Location: Nyköping
Contact:

Re: New Cookie Regulation in the EU

Post by jan_suhr » Thu May 19, 2011 6:53 am

It will be effective on July 1, 2011. At least in Sweden.

It's a crazy law that nobody wants but we quicly need a plugin for Joomla?

blaab
Joomla! Apprentice
Joomla! Apprentice
Posts: 11
Joined: Wed Jul 14, 2010 1:41 pm

Re: New Cookie Regulation in the EU

Post by blaab » Thu May 19, 2011 7:52 am

jan_suhr wrote:It will be effective on July 1, 2011. At least in Sweden.
I believe it becomes law in the UK on the 26th May! although i believe they are allowing a time period for everyone to impliment a solution asap. Fingers crossed for a plugin soon.
Be who you are and say what you feel, as those who mind don't matter and those who matter wont mind.

User avatar
pe7er
Joomla! Master
Joomla! Master
Posts: 22841
Joined: Thu Aug 18, 2005 8:55 pm
Location: Nijmegen, Netherlands
Contact:

Re: New Cookie Regulation in the EU

Post by pe7er » Thu May 19, 2011 10:10 am

blaab wrote:Does anyone have a solution or ideas for use with joomla for when this becomes law in the UK?
A Joomla site uses "sessions" (a temporary browser identification ID) to determine which information to serve to what user, and to check if someone has been logged in and should have access to certain menu items/pages.

I think that Joomla only uses cookies when a visitor uses the login form, and uses the "remember me" option below the login form.

The PDF contains the following text:
The only exception to this rule is if what you are doing is ‘strictly necessary’ for a service requested by the user. This exception is a narrow one but might apply, for example, to a cookie you use to ensure that when a user of your site has chosen the goods they wish to buy and clicks the ‘add to basket’ or ‘proceed to checkout’ button, your site ‘remembers’ what they chose on a previous page. You would not need to get consent for this type of activity.
IMHO Joomla's cookies to remember a login name + password are a
‘strictly necessary’ for a service requested by the user
because they requested their login to be remembered themselves.
Kind Regards,
Peter Martin, Global Moderator
https://db8.nl - Joomla specialist, Nijmegen, Nederland
The best website: https://the-best-website.com

blaab
Joomla! Apprentice
Joomla! Apprentice
Posts: 11
Joined: Wed Jul 14, 2010 1:41 pm

Re: New Cookie Regulation in the EU

Post by blaab » Fri May 20, 2011 10:27 am

Thanks pe7er! :D
Be who you are and say what you feel, as those who mind don't matter and those who matter wont mind.

sputnikweb
Joomla! Apprentice
Joomla! Apprentice
Posts: 11
Joined: Mon May 23, 2011 10:32 am

Re: New Cookie Regulation in the EU

Post by sputnikweb » Mon May 23, 2011 10:55 am

Unfortunately, as far as I can tell Joomla sessions start the moment a user arrives at the website and not just when you log in, and these are not "strictly necessary" like a shopping cart session might be. Try clearing all your cookies and sessions annd then visiting one of your Joomla website's front page. A quick check of your sessions before even moving on to another page will show you that sessions have already begun.

IMHO this is a typical scenario where politicians have what is best for "the people" without due consideration and consulation with people who actually have a decent understand for the finer details of how the web works on both a technical and a social level. This is going to have far reaching effects over the functionality of websites, stats gathering, even innocent affiliate cookies. And the people who actually dish out not-so-innocent cookies - the people who this regulation is designed to bring down, won't give a monkey's whatsit about the law and carry on regardless - it's good, old-fashioned, conscientious developers like you and me that have to take the hit!

Enough of my rant! :)

I've just been asked to look into this for one of my clients - the law comes in on the 26th May 2011 although these will be a certain grace period allowed as developers need to figure out the best solutions to this problem. One possible solution I've read about is that this consent could be given as part of your browser settings although it will be years before this is fully implemented and for the population to update their browsers... it staggers me to find some of my clients still using IE6!

I have tried a very simple approach to killing sessions and cookies by modifying index.php but I was not very successful - the solution to this is going to be a little tricky.

As far as I see it at the moment, there are three solution:

1. we either need a confirmation process before the user is even allowed to view the website which allows them to confirm that they will accept cookies (which is going to cause problems with a search engine spider potentialy being presented the same confirmation question and so indexing that instead of the website's true content)

2. Completely stop Joomla's use of unnecessary cookies and sessions. The problem with this is when you then update your Joomla core with security updates you run the risk of overwriting your changes and reinstating cookies.

3. Perhaps writing a plugin that runs silently that destroys cookies after they are made? This way we won't be hacking the core code (which I'm never comfortable doing because this can introduce bugs and problems mentioned above).

My guess is they will roll this law out and nobody will take much interest, and it will never be successfully sued over it - it's just a lot of tedious "paperwork" for us to have to accommodate, and hoops we have to jump through for our more law-abiding clients!

jbudd
Joomla! Ace
Joomla! Ace
Posts: 1149
Joined: Wed Jan 18, 2006 1:28 pm
Location: West Midlands, UK
Contact:

Re: New Cookie Regulation in the EU

Post by jbudd » Mon May 23, 2011 11:11 am

A little quote from the PDF:
The previous rule on using cookies for storing information was that
you had to:
> tell people how you use cookies, and
> tell them how they could ‘opt out’ if they objected.
Many websites did this by putting information about cookies in their
privacy policies and giving people the possibility of ‘opting out’.
This rule was set out in Regulation 6 of the Privacy and Electronic Communications Regulations 2003

I dont think very many Joomla websites comply with this rule either. Has anyone ever been sued/prosecuted as a result?

User avatar
pe7er
Joomla! Master
Joomla! Master
Posts: 22841
Joined: Thu Aug 18, 2005 8:55 pm
Location: Nijmegen, Netherlands
Contact:

Re: New Cookie Regulation in the EU

Post by pe7er » Mon May 23, 2011 11:48 am

sputnikweb wrote:Unfortunately, as far as I can tell Joomla sessions start the moment a user arrives at the website and not just when you log in, and these are not "strictly necessary" like a shopping cart session might be. Try clearing all your cookies and sessions annd then visiting one of your Joomla website's front page. A quick check of your sessions before even moving on to another page will show you that sessions have already begun.
Note that sessions <> cookies...
a session = temporary ID that is stored on the server, meant for a website to "identify" a user during his visit.
a cookie = a temporary ID that is stored in a file on the PC of the visitor, meant for a website to identify a user with future visits.

A browser session is started everytime you start up your webbrowser.
The webbrowser will create a local session ID that is used to communicate with webservers.
Sessions are temporary, and only remembered on the server for a certain amount of time.
It's configured as "Session Lifetime" variable under "Session Settings" in the Global Configuration of your website.
By default Joomla stores a session in the jos_sessions table, and will remember it for 15 minutes after the last user activity.

Sessions are necessary to identify page requests etc.
For example: two users from within a company, who are behind the same firewall (1 IP address) both request the same Search Page at the same website. Sessions are used to determine which search results should be presented to which user.


Cookies are not necessary to visit a website.
They can be handy for a user to "be remembered" at a site, so they don't have to login again.
And that is done at a user's request (if they click "remember me").
Kind Regards,
Peter Martin, Global Moderator
https://db8.nl - Joomla specialist, Nijmegen, Nederland
The best website: https://the-best-website.com

jbudd
Joomla! Ace
Joomla! Ace
Posts: 1149
Joined: Wed Jan 18, 2006 1:28 pm
Location: West Midlands, UK
Contact:

Re: New Cookie Regulation in the EU

Post by jbudd » Mon May 23, 2011 12:16 pm

Note that sessions <> cookies...
a session = temporary ID that is stored on the server, meant for a website to "identify" a user during his visit.
a cookie = a temporary ID that is stored in a file on the PC of the visitor, meant for a website to identify a user with future visits.
...
Cookies are not necessary to visit a website.
I just used Google Chrome, Options | Under the bonnet | Content settings |All cookies & site data | Remove all.
Then I closed Chrome, reopened it and visited my site front page. I did not login.
Now it shows blackwellcomputing.co.uk 3 cookies.
These are: fpssCookie (Front Page Slideshow), font_size (template) and b82841cc.....................
The content of the last one is the same as session_id of a record in jos_sessions




ps The session and fpss cookies expire "when I close my browser" but the font size one expires 22 May 2012!

User avatar
abernyte
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 3907
Joined: Fri May 15, 2009 2:01 pm
Location: Écosse - Scozia - Escocia - Škotija -स्कॉटलैंड

Re: New Cookie Regulation in the EU

Post by abernyte » Mon May 23, 2011 12:34 pm

I raised this a while ago: http://forum.joomla.org/viewtopic.php?p=2437904
As the regulation stands if it is passed into National Law "come scrito" then there is no opt out from achieving informed consent prior to dropping any cookie on a site user.
Those who claim that the admin login cookie is permitted under the "necessary for a service" clause are sadly deluding themselves!

Will the law be enforced? It is unlikely that anyone will be pursued immediately by any EU member government, but even unpopular laws become enforced over time.

The fact remains that using Joomla out of the box will render a user in breach of national legislation. That is perhaps an acceptable risk when using the site for yourself but it will surely leave you exposed to legal action from any client that you leave with a site breaching the law.

It is contradictory that we view any mention of warez and craczs on these Fora as a breach of the rules and delete them (Pe7er would be first to the delete button!). Yet we have a section in the JED for and openly discuss Google Analytics and tracking which will now be illegal in the EU unless handled properly.
What we obtain too cheap, we esteem too lightly…Thomas Paine

jbudd
Joomla! Ace
Joomla! Ace
Posts: 1149
Joined: Wed Jan 18, 2006 1:28 pm
Location: West Midlands, UK
Contact:

Re: New Cookie Regulation in the EU

Post by jbudd » Mon May 23, 2011 12:44 pm

Abernyte, in that other thread, you and other senior members of the Joomla community say that you think a cookie is first set on logging in.
My little experiment above shows that this is not true.

If not even the experts know about Joomla's use of cookies, how can any site owner possibly comply with the law?

jb

jbudd
Joomla! Ace
Joomla! Ace
Posts: 1149
Joined: Wed Jan 18, 2006 1:28 pm
Location: West Midlands, UK
Contact:

Re: New Cookie Regulation in the EU

Post by jbudd » Mon May 23, 2011 12:53 pm

Here is the Privacy Statement for the Information Commissioners Office site (they administer these regulations in the UK)
It will be interesting to see what change they make on Thursday.
Our use of cookies
The Information Commissioner’s Office website uses Google Analytics to help analyse how users use the site. This analytical tool uses 'cookies', which are text files placed on your computer, to collect standard internet log information and visitor behaviour information in an anonymous form. The information generated by the cookie about your use of the website (including your IP address) is transmitted to Google. This information is then used to evaluate visitors use of the website and to compile statistical reports on website activity for the ICO.

The ICO will not (and will not allow any third party) to use the statistical analytics tool to track or to collect any personally identifiable information of visitors to our site. We will not associate any data gathered from this site with any personally identifying information from any source as part of our use of the Google statistical analytics tool. Google will not associate your IP address with any other data held by Google. Neither the ICO nor Google will link, or seek to link, an IP address with the identity of a computer user.

Further information about cookies
The Interactive Advertising Bureau (IAB) is an industry body that develops standard and guidelines to support online business processes. It has produced a series of web pages which explain how cookies work and how they can be managed.

Disabling and enabling cookies
You have the ability to accept or decline cookies by modifying the settings on your browser. The IAB site tells you how to remove cookies from your browser. This advice currently comprises the following steps (however please check the IAB site for the latest guidance).

If you are using Microsoft Windows Explorer:

open ‘Windows Explorer’;
click on the ‘Search’ button on the tool bar;
type ‘cookie’ into the search box for ‘Folders and files’;
select ‘My computer’ in the ’Look in’ box;
click ‘Search now’;
double click on the folders that are found;
select any cookie file; and then
use the ‘Delete’ button on your keyboard.

If you are not using Microsoft Windows Explorer, then you should select ‘cookies’ in the ‘Help’ function for information on where to find your cookie folder.

Links to other sites
This privacy policy does not cover the links within this site linking to other sites. Please read the ICO's reciprocal linking policy for more information.

User avatar
abernyte
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 3907
Joined: Fri May 15, 2009 2:01 pm
Location: Écosse - Scozia - Escocia - Škotija -स्कॉटलैंड

Re: New Cookie Regulation in the EU

Post by abernyte » Mon May 23, 2011 12:56 pm

The confusion can arise from not viewing session cookies as "real cookies"
Session cookies are of course time limited and "real cookies" persistent. What we need to remember is the the legislation does not differentiate in anyway, be it a 1st person, 3rd person or session cookie then explicit and informed consent is required before the cookie drop.
If you can login with acquiring a session cookie then I want to use your browser and settings!
What we obtain too cheap, we esteem too lightly…Thomas Paine

sputnikweb
Joomla! Apprentice
Joomla! Apprentice
Posts: 11
Joined: Mon May 23, 2011 10:32 am

Re: New Cookie Regulation in the EU

Post by sputnikweb » Mon May 23, 2011 1:02 pm

Hey - if any of you guys fancy a laugh over this rather dry subject. This might appeal to the more ironic nature of British humour...

This is the page on the official Information Commissioner's Office website which describes the new law:

http://www.ico.gov.uk/~/media/documents ... ations.pdf

This in itself isn't very funny... however now try visiting the root domain http://www.ico.gov.uk and have a quick look at your cookies... I'm getting 5 completely unauthorised cookies dumped on my machine!

Pot... kettle...black!??

blaab
Joomla! Apprentice
Joomla! Apprentice
Posts: 11
Joined: Wed Jul 14, 2010 1:41 pm

Re: New Cookie Regulation in the EU

Post by blaab » Tue May 24, 2011 8:15 am

Will be interesting to see if they change their own website by thursday! :laugh:
Be who you are and say what you feel, as those who mind don't matter and those who matter wont mind.

sputnikweb
Joomla! Apprentice
Joomla! Apprentice
Posts: 11
Joined: Mon May 23, 2011 10:32 am

QUICK AND DIRTY FIX (1.0.0 beta)

Post by sputnikweb » Tue May 24, 2011 9:39 am

OK guys - I think I've got a quick fix for now. It's a bit dirty and might need a bit of tweaking for your exact needs but it should at least keep us on the right side of the so-called law for now.

In J!1.5.23, dig out libraries/joomla/session/session.php and look for

Code: Select all

session_start(); 
which I found on line 423. This seems to be the master session starter and kicks off the sessions on both the front end and administrator.

Change this to

Code: Select all

if (substr($_SERVER['SCRIPT_NAME'] , 0 , 14) == "/administrator"){session_start();}
This makes sure that it only starts the session if the user is attempting to log into the admin area but doesn't start the session if a visitor is browsing the front end.

Obviously, if you've got front end login requirements or you've changed the name of the admin area you'll need to change this code accordingly but I don't see it being too tricky if you know your way around a little basic php.

Next, in the same file, you'll need to find

Code: Select all

session_regenerate_id();
which I found around line 512 and comment this out

Code: Select all

# session_regenerate_id();
I hope this helps a few people :) Hopefully J1.6 or future versions will eventually build in the ability to turn off sessions for casual site browsers so we don't need to perform this type of core hacking.
Last edited by sputnikweb on Tue May 24, 2011 9:56 pm, edited 1 time in total.

User avatar
abernyte
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 3907
Joined: Fri May 15, 2009 2:01 pm
Location: Écosse - Scozia - Escocia - Škotija -स्कॉटलैंड

Re: New Cookie Regulation in the EU

Post by abernyte » Tue May 24, 2011 5:27 pm

Good bit of work. Thanks for this effort. It should help on some sites enormously.
Take a virtual cold beer from me!
What we obtain too cheap, we esteem too lightly…Thomas Paine

zeno
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 124
Joined: Sun Oct 14, 2007 7:16 pm

Re: New Cookie Regulation in the EU

Post by zeno » Wed May 25, 2011 12:36 pm

The ICO website has just changed. It now has an opt-in notice at the top of every page:
On 26 May 2011, the rules about cookies on websites changed. This site uses cookies. One of the cookies we use is essential for parts of the site to operate and has already been set. You may delete and block all cookies from this site, but parts of the site will not work. To find out more about cookies on this website and how to delete cookies, see our privacy notice.

I accept cookies from this site.
With a tick box and a 'Continue' button. I've not spent time looking to see what happens when you browse the site without agreeing.

Their privacy page now seems to imply that sessionID is considered a cookie and it is considered by them to be essential.

Even if someone came up with a joomla plugin that did the same, who would want such a notice at the top of every page? An alternative may be to have it as a popup dialog box over every page (with the page greyed out) asking for permission to drop cookies before anyone sees the page. But presumably that would need a cookie to record your previous permission... :-\

zeno
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 124
Joined: Sun Oct 14, 2007 7:16 pm

Re: New Cookie Regulation in the EU

Post by zeno » Wed May 25, 2011 12:51 pm

Clearing ICO cookies then refreshing the ICO's home page drops a ASP.NET_SessionId cookie.

If browse the website without ticking the tick box and clicking Continue, I can't see any more cookies, but the message is still at the top of every page.

If I do accept, the message no longer appears at the top of the page and I get four cookies: __utma, __utmb, __utmc and __utmz.

This is at the limit of my understanding, so I'll have to leave it to others to say what they think it all means for joomla.

jbudd
Joomla! Ace
Joomla! Ace
Posts: 1149
Joined: Wed Jan 18, 2006 1:28 pm
Location: West Midlands, UK
Contact:

Re: New Cookie Regulation in the EU

Post by jbudd » Wed May 25, 2011 1:13 pm

Well it is interesting to see they consider it OK to create the session cookie without prior explicit permission.

If you do accept cookies, they store that permission, of course, in a cookie which expires in 2 years time.

There are extensions which warn if the visitor is using IE6. Something like that could presumably be easily modified to make a cookie warning/agree drop-down.

Does Joomla have a function to set cookies I wonder? If so I suppose it could be tweeked to check for a cookies_ok cookie before setting them.

zeno
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 124
Joined: Sun Oct 14, 2007 7:16 pm

Re: New Cookie Regulation in the EU

Post by zeno » Wed May 25, 2011 1:30 pm

jbudd wrote:Well it is interesting to see they consider it OK to create the session cookie without prior explicit permission.
In their privacy notice, they call it an 'Essential site cookie' and say:
This cookie is essential for the online notification form to operate and is set upon your arrival to the ICO site. This cookie is deleted when you leave the ICO website.

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 39210
Joined: Sat Apr 05, 2008 9:58 pm

Re: New Cookie Regulation in the EU

Post by Webdongle » Wed May 25, 2011 2:14 pm

Could it be argued that all cookies placed on a computer are done with the users permission. If the user fails to set their Browser to refuse cookies and the Browser automatically accepts the cookie ... then the user of the PC has accepted the cookie ?

I just looked at the cookies from my site, only 3 and one of those is tinymicepaste. But what of cookies from extensions ? Would they not place cookies listed under other sites ? Like statcounter, does that put cookies on a computer if used as an extension ?

How can we know what extensions are placing cookies when our sites are visited ?

The ico put 2 cookies on my PC although their notice says only 1.
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"The definition of insanity is doing the same thing over and over again, but expecting different results": Albert Einstein.

zeno
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 124
Joined: Sun Oct 14, 2007 7:16 pm

Re: New Cookie Regulation in the EU

Post by zeno » Wed May 25, 2011 2:35 pm

Webdongle wrote:Could it be argued that all cookies placed on a computer are done with the users permission. If the user fails to set their Browser to refuse cookies and the Browser automatically accepts the cookie ... then the user of the PC has accepted the cookie ?
No. From what I've read (and I am certainly not an expert!), there has to be explicit acceptance of cookies per site and the overall browser settings are not sufficient.
I just looked at the cookies from my site, only 3 and one of those is tinymicepaste. But what of cookies from extensions ? Would they not place cookies listed under other sites ? Like statcounter, does that put cookies on a computer if used as an extension ?

How can we know what extensions are placing cookies when our sites are visited ?

The ico put 2 cookies on my PC although their notice says only 1.
Good point about other sites, but the guidance doesn't say anything about all cookies having to be identified as having been dropped for the main site - giving your permission for cookies from a site presumably allows cookies listed under other sites.

jbudd
Joomla! Ace
Joomla! Ace
Posts: 1149
Joined: Wed Jan 18, 2006 1:28 pm
Location: West Midlands, UK
Contact:

Re: New Cookie Regulation in the EU

Post by jbudd » Wed May 25, 2011 2:42 pm

Really we could do with a "euro_setcookie" that overrides setcookie. Not sure if function overrides are possible with PHP

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 39210
Joined: Sat Apr 05, 2008 9:58 pm

Re: New Cookie Regulation in the EU

Post by Webdongle » Wed May 25, 2011 4:28 pm

zeno wrote:...Good point about other sites, but the guidance doesn't say anything about all cookies having to be identified as having been dropped for the main site - ...
But my point was not about if cookies were allowed. I was how to stop cookies from extensions. jbudd covered that though.

At the moment I'm looking for a plugin that only allows people access to my site if they agree to cookies. And if they don't then they can't view.
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"The definition of insanity is doing the same thing over and over again, but expecting different results": Albert Einstein.

User avatar
abernyte
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 3907
Joined: Fri May 15, 2009 2:01 pm
Location: Écosse - Scozia - Escocia - Škotija -स्कॉटलैंड

Re: New Cookie Regulation in the EU

Post by abernyte » Wed May 25, 2011 5:30 pm

Stop press from UK Gov. They have given us one years grace to come up with a solution. Note not one year to ignore this and hope it goes away, but one year in which to comply with the regulation before enforcement.
Nice of them. Bless!
Using a browser setting will not wash I suspect. Neelie Kroes was quite specific on that point so until the browser blocks all cookies by default, and I don't see that ever happening, we can't rely on that.
The best the browser devs will provide will be this wishy-washy "please don't track me" but only if you have signed up for that particular scheme and haven't read the small print con trick. I bet Neelie doesn't fall for it either!
What we obtain too cheap, we esteem too lightly…Thomas Paine

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 39210
Joined: Sat Apr 05, 2008 9:58 pm

Re: New Cookie Regulation in the EU

Post by Webdongle » Wed May 25, 2011 8:33 pm

What script are the ICO using on their site to distinguish between allowing or not allowing cookies ?

How difficult would it be to use that script (or similar) in a Plugin ?
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"The definition of insanity is doing the same thing over and over again, but expecting different results": Albert Einstein.

User avatar
abernyte
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 3907
Joined: Fri May 15, 2009 2:01 pm
Location: Écosse - Scozia - Escocia - Škotija -स्कॉटलैंड

Re: New Cookie Regulation in the EU

Post by abernyte » Thu May 26, 2011 7:50 am

Pedant Alert!
When visiting the ICO site at http://www.ico.gov.uk you are presented with a panel on the home page which among other things states:
One of the cookies we use is essential for parts of the site to operate and has already been set (my highlighting)
As the Directive states quite clearly:
Member States shall ensure that the storing of information, or the gaining of access to information already stored, in the terminal equipment of a subscriber or user is only allowed on condition that the subscriber or user concerned has given his or her consent, having been provided with clear and comprehensive information, in accordance with Directive 95/46/EC, inter alia about the purposes of the processing.Article 5(3) of the Privacy and Electronic Commications Directive
then they appear to be in breach of their own regulations.

They are attempting to hide behind the 2009 Recital which gives limited consent for a session cookies essential to the operation of the site. But... that derogation only applies to:
...a service explicitly requested by the subscriber or user to provide the service.Article 5(3) of the Privacy and Electronic Commications Directive
As I requested no service prior to visiting the site their banner warning is complete bollocks.

How are we expected to comply with this law when the ICO appears unable to?
What we obtain too cheap, we esteem too lightly…Thomas Paine

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 39210
Joined: Sat Apr 05, 2008 9:58 pm

Re: New Cookie Regulation in the EU

Post by Webdongle » Thu May 26, 2011 3:30 pm

It looks like another case of the Legal fraternity going to make a lot of money out of test cases ?
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"The definition of insanity is doing the same thing over and over again, but expecting different results": Albert Einstein.

sputnikweb
Joomla! Apprentice
Joomla! Apprentice
Posts: 11
Joined: Mon May 23, 2011 10:32 am

Re: New Cookie Regulation in the EU

Post by sputnikweb » Fri May 27, 2011 9:03 am

I think the UK government has realised that this is fairly unworkable - at least for the immediate future. The BBC have an article on it here:

http://www.bbc.co.uk/news/technology-13541250


Locked

Return to “General Questions/New to Joomla! 1.5”