WordPress.org

Forums

theWebalyst EU Cookies Plugin
[resolved] Does not provide compliance (10 posts)

  1. microbe
    Member
    Posted 3 years ago #

    The plugin does not prevent cookies being set. It generates a standard text privacy policy which only covers Google Analytics cookies.

    This is not in any way a plugin which is going to help you comply with the Directive.

    http://wordpress.org/extend/plugins/eu-cookies-plugin/

  2. theWebalyst
    Member
    Plugin Author

    Posted 3 years ago #

    Microbe,

    Thanks for your comment, but I think it is unfair and untrue as I'll explain.

    You say this doesn't help "in any way" to comply with the EU privacy directive. What is needed for compliance depends on your website, and for most websites the EU Cookies Plugin will be all that is needed for compliance. Certainly some will need to do more, but most will not.

    As explained in the documentation, the solution provided by the EU Cookies Plugin will be sufficient for almost all websites, and mimics the the compliance measures taken by the website of the UK government department that oversees implementation of EU privacy policy, the Department of Culture Media and Sport. The enforcement body is the ICO, and this is overseen by the DCMS, so I think it is fair to follow the lead set by the DCMS which uses Google Analytics.

    You only need to do more than this if your website uses cookies in ways that are intended to be caught by the stricter provisions for consent, such as cookies used to track individuals across websites (typically when serving adverts). If your website does this, you certainly do need to do more, but as I pointed out this plugin is aimed to provide a quick solution for the majority of websites which just use Google analytics and it achieves this.

    The important point is that everyone needs to do something! So getting informed is important, and I ask people to check after installing to ensure what the plugin generated privacy page says about their website is in fact true.

    If you maintain your position I'd appreciate you being more specific about why you think the plugin will not help comply with the directive.

    Mark

  3. dartiss
    Member
    Posted 3 years ago #

    I totally agree with Microbe. I've been doing some invesitgation into the ICO policy and this certainly doesn't meet it. To simply say that this is what the DCMS site does is not sufficient - the ICO site is the one to look at and follow its advise.

    The government has stated in the last week that it's website will not be ready for the ICO regulations, so using one of theirs for evidence of compliance is flawed.

    A privacy policy should be provided, which this plugin does make a vague attempt at (although it should be a lot more details and personalised to the individual site) but, if your site uses cookies, you need to offer the visitor a choice of saving them or not, unless they are required for the site to run (e.g. saving items in a shopping basket).

    You can find further information here... http://www.ico.gov.uk/for_organisations/privacy_and_electronic_communications/the_guide/cookies.aspx

    David.

  4. theWebalyst
    Member
    Plugin Author

    Posted 3 years ago #

    Hi dartiss,

    Thanks for your comment and for explaining your position.

    The purpose of this plugin is to do what is in the best interest of website owners and visitors. My opinion is that we must try to avoid putting up popups, scarey messages or any other measures that would devastate website traffic or break functionality. I believe such measures be against the interests of website visitors as well as owners.

    I have investigated the letter of the law here, and followed the developments and debate amongst designers and enforcement, and am very aware of the information you cited. When I first looked into this I thought as you did! But let's be realistic and think about how this is going to play out, and whether it is wise to be one of what I imagine will be a tiny minority of websites that follow the line you advocate.

    No, as I point out in my reasoning (here: How To Get Ready For The EU Cookie Directive), I suggest that it is better for businesses and other website owners to take a decision about how far to go, and keep a close eye on how both practice and enforement play out. Again, I think this is also in the interests of users.

    It takes no more than a moment to see that overly zealous enforcement (or implementation) will be unhelpful for users. So my approach, and my plugin, is designed to act in good faith, and genuinely seek to meet the aims of the law - which is to ensure users have the information and control (informed consent) necessary to decide what and how they and the personal information are treated when they visit a website.

    I suggest you take a look at the post I mentioned for more information, and then let's see what happens in practice.

    I think it is unjustified to mark this plugin as broken and give it a zero star rating (as microbe appears to have done), when it does exactly what it says. I hope that microbe will review and reconsider in the light of what I have said. Or if not, to revisit those decisions when he sees what happens in practice.

    I don't expect masses of UK websites, let alone those world-wide, to suddenly be covered in Cookie Consent request messages on May 26th. Nor at any time in the future.

    Time will tell!

    Mark

  5. theWebalyst
    Member
    Plugin Author

    Posted 3 years ago #

    Well, at the last moment the ICO has changed its stance. So it seems those of us wise enough to be pragmatic have been vindicated!

    The introduction of implied consent:
    "...shifts responsibility to the user rather than the website operator, and will come as a relief to thousands of website operators who have been struggling to comply with new EU directives "

    This means that theWebalyst EU Cookies Plugin is not just a pragmatic and sensible approach, but should meet the letter of compliance as required by the ICO, for most websites.

    Even those with functions such as shopping carts can now heave a sigh of relief because they are no longer required to obtain consent before saving every damn cookie to a user's machine!

    Here's some background:
    http://www.guardian.co.uk/technology/2012/may/26/cookies-law-changed-implied-consent

    I would appreciate it if microbe would now correct his assertions, and acknowledge that this plugin a) is not broken and b) does help compliance, and for the majority of websites is probably all that is needed. You might also kindly re-consider your star rating!

    Mark

  6. dartiss
    Member
    Posted 3 years ago #

    Mark,

    microbe was hardly likely to know (as you weren't) that the law was going to be applied differently at the last minute. Indeed, all this proves is that your approach WAS wrong before they made this change.

    Reading the ICO information that is linked to in the Guardian article confirms that at the least you need an obvious link to any policy, not a just a simple "Privacy Policy" link in the footer and a thorough cookie policy providing details of what cookies are used on your site. Does this plugin provide this?

    David.

  7. theWebalyst
    Member
    Plugin Author

    Posted 3 years ago #

    David,

    Thanks for your comment, but I think you saying the update "proves" anything is way too strong. As I say, I think it vindicates my approach. Further moves in that direction will also justify it.

    I think your point assumes I was arguing this complies with the letter of ICO guidance, but I have never claimed that and you can read precisely what I do claim, what I recommend, and why I recommend it in my blog.

    So I think that you and microbe have missed the point of my plugin - which I contend "helps compliance" and clearly is not broken.

    The plugin does not guarantee compliance, no-one knows what will in the end be deemed compliant, and if you read the updated guidance it is neither clear nor in fact logical.

    For example, they use the analogy of visiting a doctor to suggest that visiting alone would not be "implied consent" to the doctor recording personal information about you. Er hello! Has anyone ever been to the doctor and had them ask before they recorded anything? I certainly have not, so the example given seems to me to show only that they are confused themselves. Or in fact that the analogy they chose can be used to argue that simply visiting a website is a form of implied consent, at least to the degree to which users might expect cookies to be used.

    But my approach is not about achieving compliance. It is about not sabotaging your website traffic (e.g. with pop-ups), and not getting caught in the net of cookie law enforcement (e.g. by not doing enough). So to say my plugin doesn't comply is both untrue (only a court can determine that), and irrelevant (I don't guarantee compliance - and by the way, can you show me *anyone* who does).

    So what to do?

    If you believe it is appropriate to put up pop-ups, or put the privacy link in a banner at the top of your page for every visitor, then by all means do it. I don't believe this is wise at this point. I suggest that the very few who do take such extreme measures do so only with good reason. It is my opinion, as I have explained here and at more length in my blog, this is not appropriate for the majority of websites - and I walk this talk. Go to any of my websites and you will find me using the approach I recommend (and my own plugin).

    If you or microbe recommend otherwise, are you following your own guidance? If so, I hope you will contribute to the debate by sharing links showing what you are doing, and also the impact on yours (or your client's) website traffic. If there's no impact, then maybe it is appropriate for more websites than I suggest, but for most I think the work required will be enough reason to avoid it if at all possible. Again, as I argue in my blog.

    If you want to take the point up in more depth, I hope you'll read my reasoning and comment on it there, as well as following up here.

    See:
    How To Comply With The EU Cookie Directive (from May 26th 2012)

    Best,

    Mark

  8. mckendrick
    Member
    Posted 3 years ago #

    Has anyone looked at the very discreet BT.COM popup? On my screen it sits on the lower right corner of my page for a few seconds. The first time I looked for it I didn't even notice it. Second time around I saw it and if you are fast enough you can click on it to say that you agree with it and if you don't click, your agreement is assumed. Hardly a responsible and well-thought out response by the user.

    Listening to the ICO film of Dave Evans I think that at the start all that is expected of us is to show that we are aware that something needs to be done and I think this plugin will cover us at the present. As the other European countries who were probably responsible for this piece of legislation haven't even got around to implementing it, we'll need to wait and see how this pans out. It is possible that the UK implementation of the law won't satisfy the legal requirements of some other states. When we know we can then take further action.

  9. theWebalyst
    Member
    Plugin Author

    Posted 3 years ago #

    mckendrick,

    Thanks for contributing to the debate - its nice to hear another pragmatic voice! Thought I was all alone :-)

    I agree we need to monitor and respond in an ongoing way.

    I was hit by a big unmissable banner on the BBC news site this morning (right across the top of the page). Yet another variation. It will be interesting to see how high profile websites handle this, because they are most likely to be test cases.

    Mark

  10. theWebalyst
    Member
    Plugin Author

    Posted 3 years ago #

    Interestingly I have not acknowledged the BBC banner or given *any* websites permission, nor cleared the banners yet they have disappeared (at least from the BBC website).

    This either means the BBC have either stopped showing the banner, or have stored a cookie (without my explicit permission) to record the fact that the banner has been shown.

    Anyway, I'm closing this issue now as the critics are not responding. I provided clear answers to the points they made and offered to debate with them.

    Many people are finding this plugin useful because they find it to be simple and appropriate compared to the mostly over complicated and over the top solutions.

    We wait to see how the law and its implementation will turn out in practice, and I will update users of this plugin as things develop.

    So far everything has tended to re-affirm my approach (including the last minute update by the ICO to their cookie guidance on "implicit permission").

    Please keep your comments and reports coming.

    Mark

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • theWebalyst EU Cookies Plugin
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic