European Union cookie law. Yes another topic!

[Dmacleo]

and if, as has been suggested before, the US passes a law saying that the EU cookie law cannot be implemented in US their adding this to software makes them break that (it it were passed) law.

its up to the webmasters to make sure they run their sites IAW their laws.

the car manufacturer does not limit the car to the max speed limit in the country you are in, nor should it.

its up to you to follow your laws.

you're given the tools to do so.

[Chillyware]

I have also wondered about it last year :-0

[Chillyware]

the car manufacturer does not limit the car to the max speed limit in the country you are in, nor should it.

its up to you to follow your laws.

No if a vehicle does not comply with EU law it may not even have this car on the road in the EU

Its the Low,

Close this topic

[Aiwa]

No if a vehicle does not comply with EU law it may not even have this car on the road in the EU

Its the Low,

Close this topic

I think you've misunderstood dmacleo's analogy... A vehicle that complies with all safety laws of the EU and is legal to drive in the EU can still break the law if the driver breaks the posted speed limits... It's not the vehicles fault, it's the drivers fault... The car company can't be held liable for the driver breaking the law and the car company cannot program ways to stop the driver from doing so..

My favorite engineering saying in terms of design:

You can design something to be idiot proof, but you'll always find a bigger idiot.

[Chillyware]

I think you've misunderstood dmacleo's analogy... A vehicle that complies with all safety laws of the EU and is legal to drive in the EU can still break the law if the driver breaks the posted speed limits... It's not the vehicles fault, it's the drivers fault... The car company can't be held liable for the driver breaking the law and the car company cannot program ways to stop the driver from doing so..

My favorite engineering saying in terms of design:

You can design something to be idiot proof, but you'll always find a bigger idiot.

Oke thanks to pont it to me ;-)

[Chillyware]

For all the Dutch members

Link to the Low :-(

http://www.rijksoverheid.nl/onderwerpen/ict/veilig-online-en-e-privacy/internetbezoek-volgen-met-cookies

Internetbezoek volgen met cookies

Informatie over uw websitebezoek kan samen met uw persoonlijke gegevens worden opgeslagen op uw computer. Ook kan die informatie vanaf uw computer door websitebeheerders worden uitgelezen. Dit gebeurt met behulp van cookies. Dit zijn kleine bestanden die internetinstellingen opslaan op uw computer.

2 soorten cookies

Er zijn cookies die uw voorkeuren (zoals taalinstellingen) en uw ingevulde (persoonlijke) gegevens opslaan. Dat kan handig zijn bij het vullen van een boodschappenmandje in een internetwinkel. Of als ‘geheugen’ wanneer u op de betreffende website in de toekomst terugkeert.

Daarnaast zijn er cookies die gebruikt worden voor het opstellen van bezoekersprofielen en het volgen van surf- en zoekgedrag. Al deze persoonlijke gegevens kunnen, al dan niet tegen betaling, gedeeld worden met commerciële partijen en advertentienetwerken.

Toestemming voor plaatsen cookies

Sinds 5 juni 2012 moeten op grond van de Telecommunicatiewet websites u informeren als zij cookies willen plaatsen die bijvoorbeeld uw surfgedrag bijhouden. Zij mogen deze alleen plaatsen als u hiervoor toestemming geeft.

Websites hebben uw toestemming niet nodig voor cookies die noodzakelijk zijn om een dienst of webshop te laten functioneren. Dit zijn bijvoorbeeld bestanden die bijhouden wat u in uw virtuele winkelwagentje heeft.

Toestemming verwerken persoonsgegevens

Als er met cookies persoonsgegevens worden verwerkt, is naast de Telecommunicatiewet ook de Wet bescherming persoonsgegevens van toepassing. Op grond van deze wet moet degene die persoonsgegevens verwerkt voor die verwerking in de regel zogenoemde ondubbelzinnige toestemming hebben.

Sinds 1 januari 2013 geldt hierbij voor cookies die surfgedrag volgen een rechtsvermoeden: de wet gaat er dan vanuit dat wie een cookie plaatst om surfgedrag te volgen, dat doet om persoonsgegevens te verwerken. Dit betekent dat voor cookies die surfgedrag volgen in de regel ondubbelzinnige toestemming vereist is, tenzij de plaatser van de cookies kan bewijzen dat hij geen persoonsgegevens verwerkt.

Melden veiligheidsinbreuken

Sinds 5 juni 2012 moeten telecombedrijven veiligheidsinbreuken melden (meldplicht veiligheidsinbreuken). Zij worden verplicht het verlies, ongewild vrijkomen, diefstal of misbruik van persoonsgegevens direct te melden aan de toezichthouder OPTA. Het doel hiervan is de kwaliteit en beveiliging van netwerken en diensten inzichtelijk te maken en te optimaliseren. Daardoor zal het vertrouwen in en daarmee het gebruik van ICT-diensten toenemen.

Ook moeten bedrijven gebruikers informeren over de veiligheidsinbreuk(en) als de inbreuk naar verwachting nadelige gevolgen zal hebben voor hun persoonlijke levenssfeer (bijvoorbeeld misbruik van creditcardgegevens). Daarnaast moeten gebruikers worden geïnformeerd over de voorzorgsmaatregelen die zij kunnen nemen om negatieve gevolgen van de veiligheidsinbreuk te beperken.

[Chillyware]

English

http://www.government.nl/privacy

Privacy

Personal data that are collected via this site are used by central government only for the purpose for which you left them. Central government thereby complies with the privacy legislation.

How does central government handle your personal data?

Where your personal data are processed, it is stated exactly which data will be used for what purposes. The central government uses your personal data only for the purpose for which you left them. This means that if you fill in your name and address to forward a brochure, for example, these data are not used to send you other brochures, unless that is indicated. It also means that the central government does not use your data for other purposes, such as sending press releases, for example.

Data can however be used for detection if offences are committed via the site or punishable statements are made (and further exceptions as referred to in article 43 Personal Data Protection Act). Personal data are retained for no longer than is necessary for the purpose for which the data were collected. For all processing of personal data, only data that you have actively left behind are used.

What is the Personal Data Protection Act?

The Personal Data Protection Act (Wbp) helps to protect the privacy of citizens. The Wbp is applicable to data that is processed via the web sites of ministries, among other things. The

Dutch Data Protection Authority supervises the Personal Data Protection Act. View or download the

Dutch Personal Data Protection Act on the web site of the Dutch Data Protection Authority.

What is personal data?

Personal data is information that is reducible to one person. An example of personal data is a name or a home address, but e-mail addresses can also be personal data.

This concerns the following data: your IP address, the address of your Internet provider, the browser you use (such as Internet Explorer or Firefox), the time and duration of your visit and which pages you view. Use is also made of cookies. A cookie is a file that is saved on your computer with which you can be recognised on subsequent visits to the web site. Cookies only contain a unique number and no personal data. Government.nl does not use IP addresses and cookies to identify you personally. Cookies cannot be used to identify you on the web sites of third parties. If you object to the use of cookies, you can set this up in your browser.

[Marcher Technologies]

:ermm: And this is why the whole law makes so little sense it's just not funny.

A: Your server records the IP of the user when they request the webpage, before headers, cookies, or any javascript/html/css is even sent to the browser, HOW are you going to stop that?

B: an IP is seriously not personably identifiable information, being quite easily forged, or dynamic.

Definitively written by a bunch of lawyers with 0 clue of how the modern web works. :rolleyes:

That said...

If you object to the use of cookies, you can set this up in your browser.

Right answer! The tools to do this have always been available in every browser in existence, I do not understand how or why the EU thinks that the website should be responsible for the user's cookie settings.

The only sites in existence that actually already comply(no matter your definition) are static HTML websites with no analytics.

[BigStamp]

I remember reading when I was doing my research that the UK Information Commission had said there would be a expectation of software developers to make their software compliant, so if that's the case then there is some burden on IPS to make sure the software complies.

The problem is this isn't a European Law, its a directive that the member states have to implement in local law and that's where the problem is stemming from. Each member can implement it differently, and to different extents.

I mean the ICO in the UK changed its interpretation of it at the 11th hour and said implied consent is fine, and has been said before even the Government websites haven't implemented it properly, until they do, we've got nothing to worry about, as if the ICO wanted to go after anyone for it, (which they've said they won't, as long as they are trying to implement it) there are far bigger fish for them to go after first.

[Michel_72]

I hope that Michel_72 can, after reading this topic, understand why we have not yet acted.

Sorry, I really can't. I can not figure out how to comply to this law since I don't know how to implement a banner in my IP.community setup that does not execute any cookie of javascript until the user has approved the site uses cookies.

I was hoping IPS would understand that a lot of their customers need help implementing such a banner in IP.Board....but...... I guess not. A simple blog post with some examples would have been sufficient...

I remain a little disappointed.

[Aiwa]

I remember reading when I was doing my research that the UK Information Commission had said there would be a expectation of software developers to make their software compliant, so if that's the case then there is some burden on IPS to make sure the software complies.

IPS is not an EU based company. It's like asking a power plant in Chicago to comply with California emissions standards. Ya, sure, law makers want software companies to make their horrible document a reality, but there is no 'requirement'..

Sorry, I really can't. I can not figure out how to comply to this law since I don't know how to implement a banner in my IP.community setup that does not execute any cookie of javascript until the user has approved the site uses cookies.

I was hoping IPS would understand that a lot of their customers need help implementing such a banner in IP.Board....but...... I guess not. A simple blog post with some examples would have been sufficient...

I remain a little disappointed.

Which came first, the chicken of the egg?

The whole problem here is that no one knows how to comply with this law... That's the ROOT of the issue here... How can IPS give you examples of how to comply when they don't know?

If you know what you have to do to comply, then draw it up... Request a modification in the mod request forums... Or start a topic and ask others to help you make your vision a reality...

Do you need implied consent? Do you need someone to accept something? What? If you have the answers, then you need to start speaking up and asking people to help you with specific instructions for what YOU think YOU need to do to comply with the law.

[Michel_72]

To me it's very clear what needs done to comply.

As soon as we get the fine, I can tell you how much is was and what needs done to make sure we don't get any further fines. ;)

All I am asking is for IPS to show a little more proactive behavior towards a large portion of their customers. No customers no IPS.

[Marcher Technologies]

To me it's very clear what needs done to comply.

Sorry, I really can't. I can not figure out how to comply to this law since I don't know how to implement a banner in my IP.community setup that does not execute any cookie of javascript until the user has approved the site uses cookies.

we have, there is seriously 1 way with a dynamic software like IPBoard to do that.

Plain-Jane HTML page.

session_id cookie is created on first load of any IPB page with all cookies cleared, is low-level required for function(should therefore 'supposedly' be exempt, but you don't appear to think this).

[Lewis P]

To me it's very clear what needs done to comply.

Come on then, tell us.

3 lawyers that I personally know have each interpreted it differently, so I'm guessing that you must be one of those on the EU panel that decided this should become a guideline and you know the exact things needed to comply?

[Charles]

You're overlooking the fact that your peers, other IPS clients, are not onboard with this either. Read this topic again. We are listening to our clients as you can see from this very topic they agree with us.

[Aiwa]

To me it's very clear what needs done to comply.

And that's your interpretation of the law... Which is precisely what this discussion is about. Others interpret it differently.

If you know what YOU need to do to comply with the law, then YOU need to seek out HOW to do it. All you've said here is "You can't set cookies", "IPS tell me how to fix it". Neither of which gets down to which consent or HOW this should be implemented.

You know what you've got in your head and what you think you're asking here, but you haven't DETAILED anything...

[BigStamp]

IPS is not an EU based company. It's like asking a power plant in Chicago to comply with California emissions standards. Ya, sure, law makers want software companies to make their horrible document a reality, but there is no 'requirement'..

[BigStamp]

They sell to people in the EU, so I don't think saying your not a EU based company is a get out of jail free card. But saying that I'm no legal expert but I wouldn't personally expect them to anyway, its just what I had read.


Edit, for some reason it won't allow me to quote you.

[BigStamp]

To me it's very clear what needs done to comply.

As soon as we get the fine, I can tell you how much is was and what needs done to make sure we don't get any further fines. ;)

All I am asking is for IPS to show a little more proactive behavior towards a large portion of their customers. No customers no IPS.

There is a mod in the market place that meets the requirement, its free, and it complies, I use it on my sites. I don't understand what the problem is.

[Charles]

BigStamp: Can you please post a bug report about the issues you're having with quoting and editing? Anything we can do to reproduce it would be helpful :)

[IveLeft...]

I think they should bubblegum sort of bomb on the EU headquarters in Brussels (or wherever it is) that would save us £millions and loads of hassle cos they would all be stuck together and not dream up stupid laws and carp.....

[Marcher Technologies]

There is a mod in the market place that meets the requirement, its free, and it complies, I use it on my sites. I don't understand what the problem is.

That the user likely lives in a country to implement one of the harshest interpretations of this directive, not allowing implicit consent or low-level cookies required for site function?

This is a guess, but is also a literal statement of how insane this 'Directive' with hundreds of interpretations IS.

[Aiwa]

Mod in the Marketplace:

As stated in the listing, it does not guarantee compliance, but it is something as opposed to nothing, is it not?

[IveLeft...]

Mod in the Marketplace:

As stated in the listing, it does not guarantee compliance, but it is something as opposed to nothing, is it not?

Thats what i have, its ok, not perfect, a better solution would be something done by IPB that can be customised and have a tick box for on/off

[Dmacleo]

pure html landing page, ask to accept cookies, then to forums.

then next time someone gets a hair across their butt you can add yet another page in front of that to ask if they are ok with accepting an page asking them to accept cookies.

it never ends.