84 replies to this topic

[DunWeb]

Ok, the EU cookie laws mean nothing to me....but, one question keeps coming to mind.....


What bureaucratic idiot decided that website cookies needed a governing policy ?  What a crock of sh*t !


JMO


Chris

[puddlec]

just upload to the addon section instructions on how i added jpecrga to oscomerce
http://addons.oscommerce.com/info/8453
basically what it does is to have a inobtrusive method of gaining user consent BEFORE using Google Analytics which requies cookies.

[germ]

I'm SOOOOOO glad we leave the cookie business to the Girl Scouts and the Keebler elves on this side of the pond...

[DunWeb]

germ, on 25 May 2012 - 04:47 PM, said:

I'm SOOOOOO glad we leave the cookie business to the Girl Scouts and the Keebler elves on this side of the pond...

LMAO....me too....BUT, you guys have Homeland security trying to control the internet there.......nothing good could come from that !



Chris

[MrPhil]

Montey, on 25 May 2012 - 01:56 PM, said:

Is there a way to find out what cookies my site uses?

Go into your browser and ask it to display all cookies. Those generated by your site will be easy to see, but Third Party (e.g., Google Analytics) may be difficult to tell what site they came from.

Quote

And some webhosts offer analytics that track visitors IP addresses and locations, is this done with cookies?

Depends. Your host has access to logged access information that browsers can't see, and so usually doesn't need to resort to cookies. Third Party analytics like Google do usually need to use cookies.

DunWeb, on 25 May 2012 - 02:03 PM, said:

What bureaucratic idiot decided that website cookies needed a governing policy ?  What a crock of sh*t !

As with most intrusive regulations, the intentions were good but the implementation was badly flawed. The idea was to stop the massive invasion of privacy by "tracking cookies". Unfortunately, the bureaucrats simply banned the use of all cookies (without explicit permission by the browser user), not really differentiating between cookies necessary to run a site (e.g., sessions) and evil tracking.

Just ignore the EU cookie laws. They're not worth the paper they're written on. Maybe if you call them "biscuits" (British usage) instead, the law won't apply to them?

[Mort-lemur]

@puddlec

Great - I will embody that on my 2.2 sites, I have used a cookie viewer as I went around my site, and apart from the Google analytics and site functionality cookies, I have a host of cookies set by facebook (for the like buttons) and Youtube (for videos showing products in use).

Do I need to worry about these ? or do I overlook them as they are set externally?

This is what the ICO website privacy policy says about this:

Quote

YouTube cookies

We embed videos from our official YouTube channel using YouTube’s privacy-enhanced mode. This mode may set cookies on your computer once you click on the YouTube video player, but YouTube will not store personally-identifiable cookie information for playbacks of embedded videos using the privacy-enhanced mode. To find out more please visit YouTube’s embedding videos information page.

[puddlec]

Mort-lemur, on 25 May 2012 - 06:00 PM, said:

@puddlec

Great - I will embody that on my 2.2 sites, I have used a cookie viewer as I went around my site, and apart from the Google analytics and site functionality cookies, I have a host of cookies set by facebook (for the like buttons) and Youtube (for videos showing products in use).

Do I need to worry about these ? or do I overlook them as they are set externally?

This is what the ICO website privacy policy says about this:

i only wrote the insturcutions for osc2.3.1 as that is all i use now,

http://www.bbc.co.uk/privacy/cookies/managing/cookie-settings.html that is the bbc's take on this cookie nonsense - which does mention youtube at the bottom under third party cookies, dunno if you can use simular text

[DunWeb]

Why not just put a disclaimer on the front of your websites stating "THIS WEBSITE USES ALL VARIETIES OF COOKIES.  THIS IS YOUR OFFICIAL NOTICE".


That would take care of everything....if ALL websites did that, it would make the cookie law redundant.


Chris

[Mort-lemur]

puddlec, on 25 May 2012 - 06:39 PM, said:

i only wrote the insturcutions for osc2.3.1 as that is all i use now,

http://www.bbc.co.uk/privacy/cookies/managing/cookie-settings.html that is the bbc's take on this cookie nonsense - which does mention youtube at the bottom under third party cookies, dunno if you can use simular text

I dont suppose anyone can take a look at this for 2.2 - as I cant get it to fit

Thanks

[burt]

I agree.  It is well intentioned, but badly implemented as is the case with most things "internet"...

It truly is nonsense - another way to handcuff site owners trying to be entrepreneurial, in this time of austerity.  

It's not the wild west it once was...not sure if that's a good thing or a bad thing.

[Mort-lemur]

OK spent all day on this now - and its driving me nuts !

Time for a break...........

[MrPhil]

burt, on 25 May 2012 - 08:35 PM, said:

It's not the wild west it once was...not sure if that's a good thing or a bad thing.

I had to chuckle when I read that. The "Wild West" never was. It was purely 20th century mythology built up in the movies and TV shows. According to historians, there was actually less gunplay in the dusty streets of almost any western settlement than there is today in most large US cities. Disease, privation, isolation, abuse of Indians and minorities, sure. Wild? No.

The Internet and the World Wide Web were architected on the premise that its users would be basically honest and fair in dealing with each other. In academic, military, and government usage, that was probably a fairly safe bet. Once it was thrown open to commercial usage, and money could be made, the cockroaches poured out of the woodwork. I'd almost say that you had it backwards -- it started out genteel and is getting rougher and rougher.

[burt]

puddlec, on 25 May 2012 - 02:55 PM, said:

http://addons.oscommerce.com/info/8453

Does not work with .js off...
Shopowners who rely on this addon are shooting themselves in the foot.
However, it is better than not using anything!

[burt]

ICO have softened quite a bit...

Quote

Our latest guidance (May 2012) sets out the changes to the cookies law and explains the steps you need to take to ensure you comply. The updated guidance provides additional information around the issue of implied consent:

- Implied consent is a valid form of consent and can be used in the context of compliance with the revised rules on cookies.
- If you are relying on implied consent you need to be satisfied that your users understand that their actions will result in cookies being set. Without this understanding you do not have their informed consent.
- You should not rely on the fact that users might have read a privacy policy that is perhaps hard to find or difficult to understand.

We now need only "implied consent".   Now the question is, what is "implied consent" and how do we get it ?

In my (non legal) opinion....

Have a message at the top of your site, on ALL pages, directing your site visitors to your privacy policy.  On the privacy policy page have a list of the cookies and the usual privacy stuff.  Also have some type of wording as so;  "by using our site, you agree that we may set these cookies"...

Note that implied consent, and the softening of the ICO stance on this will allow us to continue to use Analytics WITHOUT having an opt out.

Enough?  Any other views?

----

NOTE:  I am not a lawyer.  I like to read stuff and formulate my own view on it.  I would prefer that you do the same;

ICO cookies page: http://www.ico.gov.uk/for_organisations/privacy_and_electronic_communications/the_guide/cookies.aspx

[Biancoblu]

"Implying" means "suggesting, indicating by a hint", so what ICO are saying is confusing, in fact first they say that "implied consent" is sufficient and then they state "You should not rely on the fact that users might have read a privacy policy that is perhaps hard to find or difficult to understand."
If "implied consent" is sufficient, it means that by visiting a site people know that the setting of cookies is a logical consequence. If you need to have an opt out and a warning regarding the setting of cookies, that is not implied anymore.

I would have a clear and unequivocal section about cookies in the privacy page, as for having a text on top of all pages, I guess that's the best way to protect yourself, but it does detract from the general look and feel of a site.
How about getting the opinion of an internet lawyer?

[Juto]

Hi, cookie laws is something for the kitchen.. or?

If you need a sample text have a look at my experimental site http://www.u2commerce.com
Look in the footer and feel free to copy if you like it.

Sara

[puddlec]

burt, on 26 May 2012 - 08:06 AM, said:

Does not work with .js off...
Shopowners who rely on this addon are shooting themselves in the foot.
However, it is better than not using anything!

true, tried it would js on, and there was no cookie set from google analytics,
browsers have a do not track option, and google have got something that stops analytics - so would work with implied consent (along with a priv

[burt]

Juto, on 26 May 2012 - 11:12 AM, said:

Hi, cookie laws is something for the kitchen.. or?

If you need a sample text have a look at my experimental site http://www.u2commerce.com
Look in the footer and feel free to copy if you like it.

Sara

Your site set a cookie called "please_accept_for_session".  It did not give me the chance to decline.
I think you need to have a more prominent message, like your "no javascript" message to direct people to your cookies page rather than have them try to find it.
.
Nice "no .js" message by the way, I like that

Edited by burt, 27 May 2012 - 08:49 AM.

[burt]

Biancoblu, on 26 May 2012 - 09:42 AM, said:

it does detract from the general look and feel of a site.

It does.  And could very well affect sales.

Quote

How about getting the opinion of an internet lawyer?

I might have to...

[strub]

I woul simply look at the big shops what they do about it. But I haven't seen any messages of cookie usage by them yet. So i don' t care about it to much.