WordPress.org

Ready to get started?Download WordPress

Ideas

Add core functions to comply with EU Cookie Law

  1. fountaininternet
    Member

    It would be terrible usability to prevent someone from accessing a site until they've accepted, say, a tracking cookie. There are better ways to handle these regs.

    Posted: 2 years ago #
  2. Ipstenu (Mika Epstein)
    Half-Elf Support Rogue & Mod

    It's really simple. Is there an acceptance cookie? Yes - then load WP pages as usual, No - Only send the user the intercept page. At what point in this are you suggesting that third party plugins are called?

    So every time a page loads, it has to check for a cookie and make sure you have it. And every time you go to a new computer, or device, or flush your cache, you start over and over. Oh, and you have to make sure that the intercept page isn't touched by any plugin you've installed (which is 100% your responsibility). I know for a fact that Google Analytics would be on that page. So now we have to have it be a non WordPrss page....

    And in the end, you've done no more than BBC did with their banner at the top of your page saying 'If you keep reading, you accept cookies. Here's more info.'

    Posted: 2 years ago #
  3. AngusP
    Member

    12345

    You can see what level of compliance is (well, will be) required by looking at major UK sites like the BBC's and Channel 5. A small header either states that by continuing to use the site you are granting permission for cookies to be used, or a similar header has a button that grants permission for the site to use cookies. Because of the intricacies of Internet law, it is likely that the explicit permission (button) format will be the required implementation.

    At the moment (early 2012) compliance, although suggested, is not required, but eventually it will become an enforced requirement to have cookie use permission. As WordPress powers a large percentage of the web (close to 20%, I think) it is very important that this be implemented into the core as soon as is possible, as nontechnical user's can't be required to hack WordPress themselves, and even experienced developers would struggle.

    Consulting a (UK) lawyer is a responsibility of the WordPress Foundation and/or Automattic. Even so, implement first ask questions later. Even though the penalty for non compliance has yet to be defined, it will most likely take the form of a fine, which is something that every WordPress site owner in the UK will not want to pay.

    At the moment, I don't know how this legislation applies to non UK sites, and whether it is limited to the '.uk' TLD or not.

    tl;dr: Implement now, ask questions later

    Posted: 2 years ago #
  4. Quentin Pain
    Member

    12345

    This is one long thread and amazingly no one has mentioned the biggest ecommerce site on the planet, and the fact they have a UK branch: Amazon.co.uk

    Not only is there no cookie warning anywhere on the landing pages, but one doesn't show up when you hit the 'add to basket' button when not signed in.

    I just checked the site from scratch and 4 cookies are placed simply on searching. I spotted another (but it may have been there from the first hit) when I added Seth Godin's Permission Marketing book (which I thought was apt) to the cart.

    Not a single warning, nothing, nada. The ICO, having watered down the rules the day before the amnesty, are obviously under immense pressure to do... nothing! Imagine them fining Amazon.

    Anyway, another dumb ass law we tax payers are paying for. Apologies for the rant.

    Posted: 2 years ago #
  5. AngusP
    Member

    12345

    Point taken. Whether Amazon will get fined or not only time will tell, and I guess they aren't setting a very good example. Google UK doesn't ask either, but for them implementing the law is a huge change to their code base, probably costing more than the fine. Fact is, it is a stupid law that is in most cases complete overkill, but it seems to follow the trend of recent EU laws...
    But WordPress has a responsibility to its user base to safeguard them from what is a substantial fine. Not all users are liable, but many companies use WP. As is, implementing the law properly is a huge task for a web developer, that would most definitely require core hacking.
    And anyway, how do you determine whether someone is exempt or not? Whether they have a .uk, .eu, .de or whatever address, or where their servers are?

    Posted: 2 years ago #
  6. jjh
    Member

    12345

    I am a EU citizen running a small blog/website. To be honest, I can't understand the panic in the above posts - so two add my two cents:

    1. Let's first wait and see how the law is executed. If at all, it is likely to hit the big data collectors first, i.e. google and facebook.

    2. Should the issue become relevant, I would modify my template and copy-paste some legal text, e.g. adding a line like this site uses cookies, and that by using the site, users consent to the cookies.

    So imho no need for big changes anywhere, let alone modifications to WordPress core.

    Posted: 2 years ago #
  7. isemann
    Member

    Something to deal with this rather than the hell I've just been through would be very good.

    Surely Automattic could come up with something in the Core that developers admins, editors could use. Something with check boxes depending on the setup (like does your site use tracking software? - tick box), some text samples about cookies etc. (editable?) and so on.

    Given that they are so useful, mostly benign, so widely used and implemented it seems a brouhaha over nothing. But with a massive fine and scaring people even more. After all, most people will have heard of cookies but ask them, 'What can cookies do to your computer?' and they'll be clueless.

    Obviously Automattic must have a super-strong indemnity for themselves but I think it would really pull in a lot of users if it was something that was either in the core or an official plugin. (perhaps an official plugin would strengthen the indemnity?)

    R!

    Posted: 1 year ago #
  8. Ipstenu (Mika Epstein)
    Half-Elf Support Rogue & Mod

    Automattic is not WordPress.org software, they just donate a lot of time and money to WP. I know it's confusing.

    WordPress has the hooks already to make those check boxes, and anyone could write a plugin to do that.

    Posted: 1 year ago #
  9. isemann
    Member

    True.

    There are plugins out there already but I'm not a fan of plugin overload and sometimes there are 'trust' issues that take time and effort to investigate.

    For small businesses without tons of money thinking of using WordPress this could be the deciding factor.

    For all intents and purposes Automattic pretty much 'make' WordPress and considering the .com flavour, it might make sense to donate some time & money to this. A solution might attract/keep some websites? Particularly small business in Europe.

    Just opinions and ideas of course.

    R!

    Posted: 1 year ago #
  10. Ipstenu (Mika Epstein)
    Half-Elf Support Rogue & Mod

    Plugin overload is a myth :) And yes, trust is an issue, but the community is very good at self policing.

    Also remember this, a plugin is how a LOT of code becomes a part of core, so by demonstrating its need :) More people use it, more likely it ends up in core.

    Posted: 1 year ago #

RSS feed for this topic

Reply »

You must log in to post.

  • Rating

    12345
    32 Votes
  • Status

    This idea is under consideration