EU Cookie Law compliance?
Are there any plans to make WordPress powered sites compliant with the new EU cookie law?
This is where a visitor has got to be asked permission before cookies can be placed in their browser by the website.
Here are more details:
Are there any solutions planned?
see this topic: http://wordpress.org/support/topic/how-can-we-control-cookies-with-new-eu-legislation
and this plugin: http://quirm.net/2011/08/09/ecookie-warning-plugin/
OK, so I am 99% sure that WP is ok with it’s cookie’s as they re deemed necessary.. but what about the commenting system?
What is the solution to stop cookies being set when a user replies to a comment?
Are there any other cookies that need to be addressed?
Solid, clear advice would be great.
Thanks in advance.
You can’t stop them from being sent, but you can wipe them out.
So that snippet will delete the cookie after it’s been sent to the user’s computer? When will it do this? When they leave the site?
Please excuse my lack of understanding with cookies!
Also, does that now make my website ‘legal’ with the upcoming new law??
Only a lawyer can say if that makes your site legal. Don’t ask internet strangers, ask a lawyer.
And that snippet will delete a cookie every time they load one of your pages. It will set the cookie and then immediately remove it.
Unfortunately, in the UK setting the cookie (unless you have express permission from the user) is the part that breaches the law no matter how quickly you remove it. This may or may not be the same in other EU countries.
In the UK: the Finnish approach would be illegal.
I have a funny question…
Wouldn’t that mean EVERY page load needs to ask the questions again? Otherwise we are tracking the user ( to make sure we don’t send them cookies ) who said they don’t want to be tracked.
This whole thing is silly. Let users control cookies from the browser side or prosecute companies that are doing malicious things with people’s info. Cookies in and of themselves are not the problem and trying to make any single website responsible for asking permission to use them is the wrong way to do it and next to impossible to do correctly.
It works like this:
If the cookie exists
Use the cookie
If no cookie exists then
Ask the user if it’s ok to save the cookie
If the user says yes
Save the cookie
The logic here is that if the cookie can be found, we can assume the client has consented. We only need to ask permission to save it (and of course allow the user to remove all their cookies as a later date).
For the scenario you’re specifically talking about – to avoid detecting ‘no cookie’ and asking if it’s ok to create one, then I ‘think’ it’s ok to create a cookie that holds zero personal information, merely acting as a state flag (need to verify that).
I’m led to believe that a strictly ‘technical’ cookie is exempt, but you must be able to satisfy any investigators query about your use of the cookie.
A cookie to remember ‘no cookies’ should be ok.
A cookie to track visits is not ok.
As ever, it’s not been 100% thought through!
You can also (in some regions) use implied consent, where you place a notice on your site telling the user you ARE using cookies, and they can choose to opt out – something the BBC are currently doing.
to avoid detecting ‘no cookie’ and asking if it’s ok to create one, then I ‘think’ it’s ok to create a cookie that holds zero personal information, merely acting as a state flag
And that is where the catch-22 comes in. They have the exception that “being necessary for the program to function” can allow a cookie, but to me attaching a cookie to a specific user that needs to know who they are next time they come back defeats that whole purpose. Obviously nothing personal is being stored but I could still see it beng called a “tracking” device.
Let’s look at it the other way around…
Let’s say user A has no problem with cookies and User B has concerns about privacy, so would prefer not to have cookies.
User B does not want cookies. So they visit site 1 and say no. Site 1 becomes unusable to them, or limited, or just sends them to a privacy statement. Or.. the site has no cookies now, so EVERY page that loads prompts them about whether to allow cookies. This continues on EVERY site they visit.
Then… a few weeks pass. User A has approved all the sites they normally visit so internet is pretty much back to normal. Then they need to try a new browser or clear their settings for some reason. Sometimes clearing cookies is necessary. Now, all those sites have forgotten about the fact that User A is okay with cookies and he has to re-approve all the sites.
No matter the preferred method of “complying” with this ridiculous law on each site, this is the only end result. Endless prompts, re-prompts and frustration.
If it as easy as just allowing a user to opt-out, shouldn’t that be handled ONCE by a browser?
In fact, browsers already do this:
Check out the awesome footer they use on that site, btw. Or the ugly header on the ICO site: http://www.ico.gov.uk/for_the_public/topic_specific_guides/online/cookies.aspx
Won’t that be a great way to greet ALL new visitors to EVERY site?
MartyThornley – You’ve hit the nail on the head as to why this law is poorly thought out, IMO. 😉
I have over 200 clients, all running wordpress sites, some with e-commerce. The few sites that have tried to implement a solution (such as the ICO’s own website), have seen a falls in visitor traffic of up to 70%.
Can one single person out there tell me that they would find losing 70% of their visitors an acceptable price to pay to comply with this? When this Law is repealed, all of the companies that have spent out on solutions will just have lost a lot of time and money.
One interesting other point, all cookie popups I have seen break accessibility guidelines and leave the site open to legal action by visitors with disabilities. It really is a Lose-Lose situation.
I would find it funny if the ICO was sued though!
- The topic ‘EU Cookie Law compliance?’ is closed to new replies.