EU Cookie compliance ?

[Bruv]

Is this site considering the compliance situation ?

Cookie Compliance

[spot]

What aspect of the new EU regulations do you feel FG fails to comply with? <<< this question is real, I'd like an answer please.

We place cookies into your browser to establish a persistent login for your convenience. We record your session pointers, your user ID, a couple of login flags and a timestamp showing when you were last here and which function you last performed. The EU allows that sort of cookie without our asking your permission beforehand.

We don't, as far as I'm aware, place any cookies which enable any other site to track the threads you've seen or the searches you've performed or the text you've either red or written. We leave no history of your personality in your cookie store. Those are cookies that would fall into the category which require explicit consent.

Why do you feel we should be considering the compliance situation? In what respect are we currently non-compliant?

[Bruv]

As I understand it, any use of cookies, has to be with consent, any cookies.

See Implied Consent here.

[spot]

Bruv;1394452 wrote: As I understand it, any use of cookies, has to be with consent, any cookies.

See Implied Consent here.


Perhaps you'd best go off and find out the actual requirements rather than trying to stir up needless contention. Some cookies require explicit consent to meet EU regulations. FG uses no such cookies. As such, FG is fully compliant with the new EU regulations.

[Bruv]

spot;1394455 wrote: Perhaps you'd best go off and find out the actual requirements rather than trying to stir up needless contention. Some cookies require explicit consent to meet EU regulations. FG uses no such cookies. As such, FG is fully compliant with the new EU regulations.




What a strange answer.

Why did the answer to the first post simply say.....

We have considered it and we are compliant, thank you for your concern

[spot]

Bruv;1394457 wrote: What a strange answer.

Why did the answer to the first post simply say.....

We have considered it and we are compliant, thank you for your concernBecause we didn't consider it in the slightest, because we didn't need to, because the new regulations don't apply to us, because we only use cookies for navigation purposes and not for value-added advertising. Because I particularly wanted to know what aspect of the new EU regulations you feel FG fails to comply with, which for some reason you seem reluctant to tell me despite my explicitly asking.

[Bruv]

spot;1394458 wrote: Because we didn't consider it in the slightest, because we didn't need to, because the new regulations don't apply to us, because we only use cookies for navigation purposes and not for value-added advertising. Because I particularly wanted to know what aspect of the new EU regulations do you feel FG fails to comply with, which for some reason you seem reluctant to tell me despite my explicitly asking.


If you have not considered it, then perhaps you ought to give it a cursory glance..............just in case.

I did give a link, if my understanding is incorrect I offer my humble apologies.

But as I said, I understand ALL cookies need consent.

[LarsMac]

So post something on the initial screen stating what kind of cookies might be used here, and that continuing to use the site implies consent to use those cookies.

Something along those lines.

[LarsMac]

LarsMac;1394463 wrote: So post something on the initial screen stating what kind of cookies might be used here, and that continuing to use the site implies consent to use those cookies.

Something along those lines.


IT could be as complicated as a gateway page, similar to those pages the alcohol producers use where the visitor must assert that he/she is of legal age to consume their products.

Or as simple as a notice in BIG RED LETTERS stating that continuing on is implicit consent to use certain cookies.

I will have Pecan Sandies, please.

[LarsMac]

Here seems to be the most directly informative.

And they have the best and simplest example in their own application, I think.

I have already "borrowed " the code format for my website.

[spot]

I'm at a loss, I really am. FG is fully compliant, no notice is required about navigational cookies, no request for agreement is required, nobody need be told that cookies are issued by FG. What's wrong with people? Where on earth are you lot getting this bizarre notion that any change is needed to become compliant? We are absolutely fully compliant without extra information, without querying newbies or existing members, we're on the right side of the law, finis.

[spot]

Bruv;1394461 wrote: But as I said, I understand ALL cookies need consent.


On a point of information, There is an exception to the requirement to provide information about cookies and obtain consent where the use of the cookie is:

(a) for the sole purpose of carrying out the transmission of a communication over an electronic communications network; or

(b) where such storage or access is strictly necessary for the provision of an information society service requested by the subscriber or user.

http://www.ico.gov.uk/news/blog/2012/~/ ... ce_v3.ashx

There are no cookies stored by FG which don't fall fully into this category.

[Bruv]

"Nearly all websites use cookies to track the interaction of users with their web pages. For example, cookies are used (amongst many other things) to track which pages website users have visited, to enable log-in procedures and to serve targeted advertising.

Under the new law, use of cookies is only permitted with users' explicit consent. This is a change from the previous position, whereby website operators were permitted to install cookies on a users' computer as long as users had been given the opportunity to opt-out and had been provided with information about how those cookies will be used."

I am at a loss how you believe FG is exempt, or complies.

I realise the new 'Law' is a pain in the butt, and I don't really fully understand the reasoning behind it or the intricacies of it, but as far as I can see the ruling is that any use of cookies is liable to be explained and agreed to by users of the website.

This includes innocuous 'log in' and other common or garden cookies used by forums to allow ease of personal experience.

Perhaps you could point me to the ruling that exempts the class of cookie FG uses.

I get the impression you think such a query is tiresome, and the answer is obvious to a person with a greater grasp of the Ruling, ignore my ramblings if you feel it so inconsequential as not to matter.

[spot]

Bruv;1394482 wrote: Perhaps you could point me to the ruling that exempts the class of cookie FG uses.
In what way did my previous post not do exactly that?

[Bruv]

By not following through the same document to the bit that says ?.......

The term 'strictly necessary' means that such storage of or access to information should be essential, rather than reasonably necessary, for this exception to apply..........

Where the setting of the cookie is deemed 'important' rather than 'strictly necessary' , those collecting the information are still obliged to provide information about the device to the potential service recipient and obtain consent.

[spot]

There are no cookies stored by FG which aren't essential to the site's operation.

Let me try this from a different tack. FG operates a package along with fifty thousand other forum sites. That package is written by a firm called vBulletin. At some stage vBulletin may or may not add code specific to compliance with European regulations for, hypothetical though they currently are, cookies which vBulletin adds for advertising purposes but which FG opts out of. If vBulletin does, and FG opts into that set of currently hypothetical cookies, then FG will turn on the cookie permission notice and tick-box. The likelihood is much the same as that of me wrestling large numbers of anacondas for fun but who knows.

Meanwhile, vBulletin has added no such code and (as far as I'm aware) uses no such cookies anyway. As far as I'm aware, all cookies used in vBulletin's code is strictly essential for the navigation of the site. Without them, for example, every page request you make would require you to retype your password. Not asking you to do that is what essential means.

I absolutely guarantee that nobody at FG is going to write code to append to the vBulletin package to put pop-ups onto anyone's screen relating to opt-in tickboxes for cookies we don't issue. Put it from your mind, it will not happen.

Do you understand yet that not all cookies need consent?

[Bruv]

Now................why didn't you say that to start with ?

If you are happy I am happy (while not necessarily being 100% convinced)

[Bryn Mawr]

spot;1394477 wrote: I'm at a loss, I really am. FG is fully compliant, no notice is required about navigational cookies, no request for agreement is required, nobody need be told that cookies are issued by FG. What's wrong with people? Where on earth are you lot getting this bizarre notion that any change is needed to become compliant? We are absolutely fully compliant without extra information, without querying newbies or existing members, we're on the right side of the law, finis.


I, for one, was at a loss as to what the law requires and have just spent the best part of an hour reading through the links provided by Bruv and Lars to convince myself that we are compliant.

Yes, I agree that we are compliant - but it is certainly not obvious from the summaries and it's only when you get into the wording of the law that the reason becomes evident.

[spot]

My problem is that I went through years of some posters - RJ and JJ, for example, though there were several others - attacking the administration and moderation policies of FG with threads which started exactly like this one. I need desensitizing.

[Bruv]

Bryn Mawr;1394561 wrote:

Yes, I agree that we are compliant - but it is certainly not obvious from the summaries and it's only when you get into the wording of the law that the reason becomes evident.
So it takes a very good look to make sure, I am happy you are happy and hope you don't think my query was being argumentative without cause.

[Bruv]

spot;1394563 wrote: I need desensitizing.


No you don't.

And with a zeeeeee ?

[Bryn Mawr]

Bruv;1394564 wrote: So it takes a very good look to make sure, I am happy you are happy and hope you don't think my query was being argumentative without cause.


To my shame I didn't know anything about this change so no, a valid query and I thank you for raising it.

[spot]

As for privacy issues there's a degree of control available within browsers. One of the reason I dislike this prattish attempt at legislation is that the only way a website is going to know whether a user has accepted cookie terms for the site is to store yet another bloody cookie.

I bin all cookies each time I close my browser, so all the sites that comply with this EU directive are going to ask me every time I go there to accept their cookie policy. And, of course, if you refuse to accept the cookie terms then the majority of such sites will refuse you access, just as many now do if you turn off Javascript.

There are ways of dealing with it all. The Javascript thing I handle with an addon called Noscript which lets me selectively enable Javascript for sites I both trust and use. I'm sure an addon will show up eventually that invents a "yeah whatever" response to "have you accepted my terms" or any other intrusive cookie twaddle instead of retaining the offensive cookie itself. If nobody puts one out by the end of summer I might even roll my own sleeves up, I'm that annoyed about it.

Here's my cookie etc privacy settings, if anyone's interested:

Attached files

[LarsMac]

I really think all this is a bit heavy-handed. The gummint wants to protect us from ourselves.

If you don't want your browsing to be tracked, all the browsers (At least I "think" all) should provide some way to privatize your browsing. A little self-determination and RTFM can't be all THAT difficult. Why does the gummint not simply publish how to protect your privacy, and let folks take responsibility for their own privacy?

Personal responsibility. what a concept.

[Bryn Mawr]

LarsMac;1394571 wrote: I really think all this is a bit heavy-handed. The gummint wants to protect us from ourselves.

If you don't want your browsing to be tracked, all the browsers (At least I "think" all) should provide some way to privatize your browsing. A little self-determination and RTFM can't be all THAT difficult. Why does the gummint not simply publish how to protect your privacy, and let folks take responsibility for their own privacy?

Personal responsibility. what a concept.


Totally agree!

[spot]

It's related to topics like supermarket loyalty cards. I don't store long-term cookies on behalf of websites, I don't use loyalty cards either. Oh - excuse me - "Reward" cards.

[LarsMac]

I would be interested in knowing what your server logs for this particular connection from which I post this entry.

[spot]

LarsMac;1394574 wrote: I would be interested in knowing what your server logs for this particular connection from which I post this entry.


It would have been easier to answer if you'd not immediately logged out - normally I'd have that detail one click away for the following three hours. The logs are on some remote site in Texas.

[Bryn Mawr]

LarsMac;1394574 wrote: I would be interested in knowing what your server logs for this particular connection from which I post this entry.


The Chaos Computer Club in Hamburg - are you moving to the dark side?

[spot]

I didn't realize he meant just the IP address. It shows you're running Tor, Lars.

It also claims you're running Firefox 5.0 on Windows 7 but that's what Tor does among other things, lies about your user agent.

[Bruv]

spot;1394568 wrote:

Here's my cookie etc privacy settings, if anyone's interested:


Anyone ?

Nah!!!

[Bruv]

LarsMac;1394571 wrote: I really think all this is a bit heavy-handed. The gummint wants to protect us from ourselves.

If you don't want your browsing to be tracked, all the browsers (At least I "think" all) should provide some way to privatize your browsing. A little self-determination and RTFM can't be all THAT difficult. Why does the gummint not simply publish how to protect your privacy, and let folks take responsibility for their own privacy?

Personal responsibility. what a concept.


Most people are not as computer savvy as me, and I know next to nothing.

The gummint insist you wear seatbelts, carry insurance, have a licence, but anyone can buy a PC and surf the www, unaware that 'people' are watching your every move. Some of these people want to sell you things, some have far too much time on their hands and have other more sinister motives.

Would you allow a stranger to take a look through your household rubbish and to have a map of your travels ?

[spot]

What I have trouble understanding is why this particular aspect of browsing, cookies, is considered so off-limits or invasive of privacy as to require specific legislation.

I've written login front-ends and navigation tracking for websites. In every tracking instance I catered for I had a choice - either store the detail on the user PC with cookies or store it in my server database as table entries. Each provided exactly the same degree of tracking capability, since the user identifies himself to the server when he logs into his account. Had I been inclined there's server modules on the market that identify every client machine exactly, too, so I could have known who the user was and what PC was requesting the information, but I've not used modules like that myself. With a module like that, the server can provide navigation tracking and history for the client PC whether it's logged in or not, with or without any opt-in or acceptance of terms, explicit or implied.

The thing cookies can do if the server software is aggressive enough is to leave enough data to inform all its other participating cartel member sites of your preferences. The typical server database can't be searched by third parties, but the cookies on your PC can be if the server-owner grants permission.

Using the settings I offered ("Here's my cookie etc privacy settings, if anyone's interested") stops that data sharing through the PC dead in its tracks. That's why I put the snapshots here. There's nothing I or anyone else can do to avoid tracking by the sort of server module I described short of anonymized browsing of the kind LarsMac just demonstrated, and only then if you never log in.