Jump to content

European Union cookie law. Yes another topic!


Michel_72

Recommended Posts

I would advise you to get a new lawyer, because both the EU directive and the Dutch law are very clear about cookies.

Dutch law: Only cookies that are absolutely necessary for a website to function properly may be written without consent of the visitor. Any cookie that tracks privacy related data (IP address and any other data from the visitors PC or network) may only be written after explicit consent. There is no discussion about that. Lawyer says this, lawyer says that is irrelevant. A judge will look at facts and fact is that this Dutch law is not to be interpreted in different ways. It is clearly written on paper (my link to OPTA a few posts backs). OPTA is checking websites and in fact enforcing the law.

On most websites that means you would have to replace the index and implement 'leave' or 'approve all cookies' buttons if you want to comply. A simple website statistics tool writes a tracking cookie. Facebook, twitter..they all do..

Nobody says IPS is RESPONSIBLE. I don't say they are!

They just shouldn't be sitting on their hands, but assist any way they can on order to help their customers. That's called proactive SERVICE/SUPPORT!

A simple blog post suggesting a few different ways to help customers to comply to this law would be sufficient.

Apparently that is to much to ask for IPS.

For now my last post on the subject. Please leave the topic in place. When we get a fine or written warning, I would like to give this topic a bump.

Kind regards,

Michel

Sure dude , thanks for the advise :)

Link to comment
Share on other sites

  • Replies 176
  • Created
  • Last Reply

You keep saying IPS isn't responsible, yet you want a blog post from them that 'says how to comply'. That blog post and statement WOULD make them responsible. That's what you don't seem to comprehend.

If IPS says anywhere 'this is how you comply', they are liable.

It's not a sit on your hands approach, there are too many interpretations by the different countries to provide a single solution for everyone. And no two lawyers can seem to agree on how it needs to be done.

Blurring the website doesn't do squat for stopping cookies FYI. It's just an overlay / CSS property that gets applied AFTER the site loads and set its cookies.

As stated by others, HTML landing page is the only sure fire method at this point.

Link to comment
Share on other sites

No one should write "tracking cookies" to anyone, and in my book they are malware.

As a person who installs and configures analytics tools for a living, this makes me very sad.

Anyways, a few of our EU clients have a simple HTML landing page (as many have suggested) that you are forced to land on that explains what is going on, why the EU sticking their noses where they shouldn't be, and that unless the consumer accepts all cookies, they'll be sent away from the site. This is really about all you can do if you want to comply 100% with those messy laws.

Link to comment
Share on other sites

Lets be fair , EU has valid reasons on implementing something like this. There are thousands of websites that try to take advantage of their users by tracking tons of detailed information and try to profit over their users information.


However the problem lies within how this requirement was put in place. This issue should be discussed with web community and experts and a feasible correct requirement should be put in place. Laws regarding Internet must have input from Internet world as Internet world differs from actual world.

Link to comment
Share on other sites

The issue is that there is not one cookie law. Each country has its own implementation of the EU directive into national law. The Netherlands is one of the countries that implemented the EU directive in the most strict way. Meaning that all website cookies need to be fully described on the website and any cookie which is not necessary for the user needs to be agreed upon before it can be placed. Its nothing short of idiotic, but it is what it is. At least at the moment.

A major issue is that EU countries need to start giving out hefty fines starting this month. In the Netherlands the Watchdog has announced that they will be giving out fines of up to €450.000 EURO.

The Watchdog has created a crawler that checks if websites comply with the law.

What is needed is that websites add a section about cookies to their privacy statement, which lists explicitly:

- what cookies are.

- which cookies the website uses.

- what these cookies are for.

Webmasters can figure this out themselves, but it should not take IPS more than 30 minutes to whip such text up for its customers.

If a website uses anything other than functional cookies, then (at least in the Netherlands) there should be a cookie warning that users can click on to agree.

This is needed for:

- Any IPS cookies other than functional cookies

- Google Analytics (as activated in IPS admin panel

- Facebook connect (As activated in IPS admin panel)

- Facebook like (As activated in IPS admin panel)

- Any other social bookmarking script thats defined in the IPS admin panel.

In principle IPS admin panel has sight on the above scripts and therefore its possible to use the data in IPS to define if these cookies are used.

This could be useful to many, but as mentioned before there are large discrepancies between countries and it is likely that politicians will back peddle from their idiotic laws once the public begins to complain (already happening)

So I am not sure that we can expect IPS to do a lot about this, but I do think that its important for IPS to realize that its possible that IPS clients may get hit very hard by these laws. 6 figure fines are no joke. And if IPS customers get hit hard then that would be bad for IPS as well.

Link to comment
Share on other sites

In addition to being something that is unclear on how it needs to be implemented, it's an EU law only. If IPS was forced to write their software which complied with EU laws, then they'd need to comply with every other set of laws as well. I would not be surprised if some countries had laws that said that every page must contain the text "All hail our benevolent leader" on it somewhere, would IPS need to comply with that as well?

The EU is a major source of the customer base of IPS, obviously, but at the end of the day I think it is more up to individual site owners who operate in the EU to comply with EU law than it is IPS's responsibility.

It is only an EU law, but as far as I am aware it also applies to sites outside the EU that trade or encourage EU residents to participate.

Link to comment
Share on other sites

Michel_72, I know this is a complicated subject, but I just wanted to let you know that my own website (I'm in The Netherlands aswell), complies with the cookie law.

TFCommunity.com

Like said before, everyone has it's own interpretation of the law, but I had it reviewed by someone who has been dealing with this issue a lot.

Unless you are processing cookies with the intend to extract personal information about your visitors, a banner like mine is more then good enough.

Most people fail to understand what this law is really about, because it makes them a victim of something what is being done to protect another law (or extend, to word it better) which has little to do with them. This law isn't exactly bad (although I agree it's annoying).

It's about protecting sensitive data (i.e. personal information). So unless you are extracting data from cookies, with the intend of using this data for purposes other then maintaining a general website (read my words carefully), a simple banner like mine will be suficient. (At least in terms of that there won't be taken any action against, in case it doesn't 100% comply with the law).

To put it into an even more simple perspective, unless you're doing something that u shouldn't be doing with cookies generated by visitors, a banner like my website will be enough.

U can download the banner here.

I know this law is very poorly worded, and that u might or might not be right about it, it's not something that has to be act upon in every possible way known to mankind. If you run a legit website, and inform your users of cookies, you will be covered (even better when u make them press a button to remove the message).

As far as the support from IPS goes, u have had a bunch of different people from IPS respond to your thread, and they make a fair point and explained why it is their point into reasonable detail. That's all they can do really.

Link to comment
Share on other sites

It boggles my mind that this issue keeps popping up. I'll attempt to explain it, as best I can and with sources on this. Please note that this is not intended as legal advice and that you should contact a lawyer about the EU Cookie Law if you have any further issues.

The EU Cookie Law applies to all websites, personal and business related, where the individual/owner resides in the EU. Even if you have a website that is hosted in anjother country, if you physically reside in the EU, your website needs to be compliant with the EU law. From how I understand this, if your website is not targeted for EU-residents and you live in a non-EU country and your website/business is not located in the EU, you don't have to worry about complying with said-laws.

Personally, I think the law is rather ridiculous because it only penalizes websites/businesses who have a physical presence inside the EU yet grants an exception to websites/businesses that do not have a physical presence in the EU but where EU-residents can access said websites.

http://www.cookielaw.org/faq.aspx

http://www.heartinternet.co.uk/blog/2012/04/what-to-do-about-the-new-eu-cookie-law/

Link to comment
Share on other sites

  • 3 weeks later...

<snip>

A major issue is that EU countries need to start giving out hefty fines starting this month. In the Netherlands the Watchdog has announced that they will be giving out fines of up to €450.000 EURO.

The Watchdog has created a crawler that checks if websites comply with the law.

</snip>

A simple robots.txt should sort that crawler out :)

Link to comment
Share on other sites

  • 2 months later...

Hey Guys,

i've been creating websites within Germany for nearly 10 years now and this new law is a HUGE problem. We recently did a new website based on ip.content for a small town here in bavaria. we had to take it down due to cookies.

While i totally understand that this new law is beyond anything remotely understandable we HAVE to obey it. Competitors are sending cease and desist letters on a daily basis.

The law is also rather clear: NO cookies can be set that save personal data until the user has agreed to this. and in the EU even an IP address is being considered personal data.

As a long time customer i fully expect Invisionpower, a company that operates internationally to offer a useable version of their product.

Link to comment
Share on other sites

Maybe host it outside Germany if German laws are too strict, unless the local laws prevent that.

The problem is IPS can't really produce software for laws in every country.

I doubt that the cookie setup will alter for any future version, unless the US decides to go down that line, which is highly unlikely this side of the next millenium.

Remember you are at the end of the day purchasing a US product. Invisionpower may well sell internationally, but it is up to the purchaser to ensure that the product is suitable for them, both now and in the future.

Sorry to be harsh - but that is the reality of the situation.

I am in the UK, so certain UK / EU laws apply to us - if I felt that IPS did not cater for me, then I would have to look elsewhere. At this time, I feel that the product does cater for UK laws, as perhaps the UK realises that certain EU laws are crazy. Maybe Angela Merkel does not think the same way.

That is my take on it - maybe I am wrong, maybe I am right - but that is for each individual to decide.

Just in closing, if I go to Amazon.de, I do not see any cookie messages - maybe follow Amazon's way of handling the cookie law?

Link to comment
Share on other sites

Maybe host it outside Germany if German laws are too strict, unless the local laws prevent that.

Uhm no, it does not work that way ;)

The problem is IPS can't really produce software for laws in every country.

I am totally with you on that. Problem is: The European Union is bigger than the United States..

For me it comes down to this: Does Invision Power want to have European Customers? If yes they have to adjust to our needs (as any company has to if they want to statisfy customers) if not, we cannot buy from IP anymore.

In terms of Amazon - they have already been officially warned bei ICO: http://news.idg.no/cw/art.cfm?id=69077256-BA18-C6B1-34318350CE24AB97

That's basically a time bomb...

Link to comment
Share on other sites

The EU may well be bigger than the US, but that means little.

English is the third most widely spoken language after Mandarin and Spanish, yet the software is in English only.

In other words any software package can only cater for a certain market, otherwise they will spend all their time tweaking it daily for changing global communities - if those outside of that market wish to use the product then they will need to adjust the product to their particular needs.

I doubt that outside of your own country you will find many, if any, software products that comply fully with German / EU law.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.

×
×
  • Create New...