[closed] How can we control cookies with new EU legislation? (47 posts)

  1. esmi
    Forum Moderator
    Posted 5 years ago #

    The UK law is quite specific

    This isn't UK law - it's EU law. Semantics, possibly but there is a difference :-)

    I believe that this can be fixed by having the response cookies not set unless the user checks a box in the reply field,

    Or by displaying a clear warning immediately above the comment area.

  2. coder-monkey
    Posted 5 years ago #

    Sorry Esmi - I was speaking specifically about the UK law, as this is what is affecting me, however the EU directive was almost as specific - but it is open to interpretation by each nation state.

    A clear warning will probably not be enough for UK law for the response cookies - even though users are warned of the cookies being used, non-essential cookies will still require the consent before being set.

  3. So do what I suggested and tell WP to flush cookies on every page load if not logged in. No more cookies. The WP_flush call will do it.

  4. coder-monkey
    Posted 5 years ago #

    Hmmm, I don't know whether that would work because you are actually deleting cookies from the users computer that you had previously put on their without their express permission. What would happen if you set a cookie on one page, but then the user closed their browser or clicked away from your site. They would not hit the "delete cookies" command again, and so would have a cookie on their machine. I know it is a little pedantic, but unfortunately lawyers tend to look at the minutia!

  5. Yeah, well given that the EU (AND UK) laws say 'third party cookies' over and over.... Anyway. Put the call in the footer, and it'll do it at the end of the page load. SHOULD take care of it. You'll have to test.

  6. coder-monkey
    Posted 5 years ago #

    Ipstenu - thanks for your help. I would, however like to clarify that UK laws specifically cover all cookies, not just those from third parties. In fact the ICO Cookie Regulation guidelines mentions how to deal with third-party cookies almost as a footnote (See page 9).

  7. I actually read the long form doc, which that one is commenting from (and not in full). Their advice in that PDF is no more or less complete than Esmi's or mine. As I've mentioned many times in this thread, get yer butt to a solicitor (lawyer) if you live in an affected country.

    The full and complete directive.

    66. Third parties may wish to store information on the equip­
    ment of a user, or gain access to information already
    stored, for a number of purposes, ranging from the legiti­
    mate (such as certain types of cookies) to those involving
    unwarranted intrusion into the private sphere (such as spy­
    ware or  viruses). It is therefore of paramount importance
    that users be provided with clear and comprehensive infor­
    mation when engaging in any activity which could result
    in such storage or gaining of access. The methods of pro­
    viding information and offering the right to refuse should
    be as user-friendly as possible. Exceptions to the obligation
    to provide information and offer the right to refuse should
    be limited to those situations where the technical storage
    or access is strictly necessary for the legitimate purpose of
    enabling the use of a specific service explicitly requested by
    the subscriber or user. Where it is technically possible and
    effective, in accordance with the relevant provisions of
    Directive 95/46/EC, the user’s consent to processing may
    be expressed by using the appropriate settings of a browser
    or other application. The enforcement of these require­
    ments should be made more effective by way of enhanced
    powers granted to the relevant national authorities

  8. RiosWebDesignCom
    Posted 5 years ago #

    Seems to me that once a website has this option enabled: http://www.cookielaw.org/the-cookie-collector.aspx displayed it on the screen, would that be enough?

    It has to be something easy to implement, perhaps google can do something about it and include it as part of the adsense program to help their publishers and website owners.

    Will USA use similar law in the near future?

    Are there clear information about it? and easy to apply in 3 simple steps? Perhaps this is what legislators and society need to do first, then inform, then apply the law. Do you want to share it here?

    What is the official organization to verify that a website is playing by the rules?

  9. Will USA use similar law in the near future?

    Gosh, I hope not. It's idiotic.

    Are there clear information about it?

    And that, my friend, is 100% of the problem with the law :) No, there isn't. This is 'get a lawyer' territory.

  10. esmi
    Forum Moderator
    Posted 5 years ago #

    What is the official organization to verify that a website is playing by the rules?

    There isn't one, as far as I am aware - which is often the case with new EU legislation. The member countries often have no framework in place to deal with it.

  11. SebastianCrumpCOI
    Posted 5 years ago #

    I see esmi just beat me to it. Just to confirm - while it's EU legislation, which should therefore be the same across the whole EU it is up to the individual member countries to implement and there will likely therefore be differences in both implementation and governance in each country.

    In the UK the Information Commissioner's Office is the official organisation and they have some information - whether it's clear for your purposes, I could not tell you.

  12. esmi
    Forum Moderator
    Posted 5 years ago #

    If it helps at all, I've finally gotten around to creating a small plugin - eCookie Warning - that adds a warning about cookies to the native WP registration page. Hopefully this will help sites comply with the new regs. At worst, it shows a willingness to comply which can go a long way in these situations.


  13. jsp_1983
    Posted 4 years ago #

    Here in the UK there's been a lot of discussion about the law, but not much movement on solutions - presumably because it's up there with asking car manufacturers to start making cars with only square wheels.

    There appears to be quite a bit of misunderstanding and legalese in this thread, which demonstrates just how awful this bureaucratic EU Directive is.

    We're still no closer to something that will work out for all users of cookies.

    I'm looking for a plugin that will allow me to block users based on whether or not they accept cookies for my site, as detailed here: http://wordpress.stackexchange.com/questions/36665/how-can-users-who-do-not-opt-to-have-cookies-set-be-blocked-from-using-a-site

    It might appear to be a bit extreme, but what are the alternatives? I don't have the technical resources or knowledge to implement a sophisticated solution, which puts me in the same category as 95% of all other businesses and website owners (whether they're businesses, charities or individuals). It's no great loss to me if I block traffic that would otherwise have opted not to set cookies.

  14. Jonathan UK
    Posted 4 years ago #

    On 13 December 2011, the UK's Information Commissioner's Office (ICO) published updated guidance, which will probably be the last guidance update before the UK deadline for complying with the EU Cookie Law.

    It seems very clear to me that UK-based web publishers who are using WordPress will have to obtain prior consent for any and all cookies that are associated with a typical WordPress installation.

    I have very limited coding skills, so am desperately hoping that WordPress will grasp this bull by the horns and incorporate functionality within the core product to enable publishers to gather the required consents and manage / limit cookie placement accordingly.

    Otherwise, I honestly have no idea how I can possibly comply with this law.



  15. Jonathan UK
    Posted 4 years ago #

    I have added a feature request / idea here:


    Any supporting votes would be greatly appreciated.

  16. Answered there - 3.4 will have the ability to make comment_* cookies pluggable, putting the responsibility on your shoulders to handle it how YOU interpret it.

    As always, talk to a lawyer before making a snap decision.

  17. Jonathan UK
    Posted 4 years ago #

    Sorry, but making something pluggable means nothing to me.

    WordPress needs to incorporate user-friendly functionality that covers this issue. This should be within the standard admin menus and cater to users with zero technical knowledge (like me).

    There is no merit in every individual user consulting a lawyer. That would only make lots of lawyers needlessly rich.

    If WordPress doesn't address this issue adequately, it will no longer meet the needs of European web publishers.

Topic Closed

This topic has been closed to new replies.

About this Topic