EU Cookie Law -- Compliance?

First of all, I'm not sure if this is the correct forum; but I couldn't find one dedicated to legal issues. Mods, feel free to move this thread elsewhere.

From a different forum, I was told that forums must give the users the ability to opt out of cookies. Last I heard, XF won't run without them.

Are XF planning to make cookies optional?

Below my initials is a cut-and-paste of what I read.



As some of you may know, there has been an update in The UK and Europe regarding internet privacy laws, specifically in regards to cookies and trackers.
All sites that use cookies for any purposes must now display that they do so and provide an option for informed consent and the ability to opt out of cookies.
More information can be seen here The Cookie Law Explained
What this means for all of us is that we will be deploying a function that will appear to UK and EU IP addresses and provides them with the relevant information and the chance to opt out.

If you have any further inquiries, you can contact the moderators and admins in the community and they will provide you with more information.

Thank you.

The Cookie Law Explained

The Cookie Law is a piece of privacy legislation that requires websites to get consent from visitors to store or retrieve any information on a computer, smartphone or tablet.

It was designed to protect online privacy, by making consumers aware of how information about them is collected and used online, and give them a choice to allow it or not.

Site Owners Start Complying

It started as an EU Directive that was adopted by all EU countries in May 2011. The Directive gave individuals rights to refuse the use of cookies that reduce their online privacy. Each country then updated its own laws to comply. In the UK this meant an update to the Privacy and Electronic Communications Regulations.

Why Cookie Law?

Almost all websites use cookies - little data files - to store information in peoples' web browsers. Some websites contain hundreds of them.

There are other technologies, like Flash and HTML5 Local Storage that do similar things, and these are also covered by the legislation, but as cookies are the most common technology in use, it has become known as the Cookie Law.

All websites owned in the EU or targeted towards EU citizens, are now expected to comply with the law.

What it Means For Business

If you own a website, you will need to make sure it complies with the law, and this usually means making some changes.

If you don't comply you risk enforcement action from regulators, which in the UK means The Information Commissioners' Office (ICO). In exceptional cases this can mean a fine.

However, non-compliance could also have other, perhaps more serious consequences than enforcement. There is plenty of evidence that consumers avoid engaging with websites where they believe their privacy is at risk, and there is a general low level of trust about web tracking by the use of cookies.

Free Cookie Consent Trial

What You Should Do

Compliance with the cookie law comes down to three basic steps:

Work out what cookies your site sets, and what they are used for, with a cookie audit
Tell your visitors how you use cookies.
Obtain their consent, such as by using Optanon, and give them some control.

What are Cookies Anyway?

Cookies are a kind of short term memory for the web. They are stored in your browser and enable a site to 'remember' little bits of information between pages or visits.

They are widely used to make the web experience more personal, which is generally seen as a positive thing. However some cookies collect data across many websites, creating 'behavioural profiles' of people. These profiles can then be used to decide what content or adverts to show you. This use of cookies for targeting in particular is what the law was designed to highlight. By requiring websites to inform and obtain consent from visitors it aims to give web users more control over their online privacy.

To find out lots more about cookies in general and the different types, take a look at Cookiepedia - the leading information resource all about cookies.


Well-known member
Below my initials is a cut-and-paste of what I read.
After reading through the thread that Amaury linked to, if you are UK based and need to worry about it, then also turn on the XF option to display the cookie message...

ACP => {Home} Options => Basic Board Information => Show Cookie Notice on First Visit


Well-known member
I was told that forums must give the users the ability to opt out of cookies.
They can opt out of cookies. Enable the notice as mentioned above, which says:

This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Learn More links to this on XenForo and a similar page on your own site:

If users don't want cookies from your site ie they want to opt out, they can just walk away and not visit again.
So the solution is to present a notice that cookies are used (which I do) and then give the user a choice between accepting cookies or "opting out" by not visiting the website any more? That's not a real choice, and I'm not convinced that would be legal under the cookie law. I had thought opting out meant continuing to use the site WITHOUT cookies.

Just why are cookies so necessary to XF anyway? Couldn't user options be in the database instead?


Liam W

Well-known member
As for a bit more info, cookies are used to store the user session keys. If they aren't stored in/passed by the browser, how will the site know the user is logged in?



Well-known member
? That's not a real choice, and I'm not convinced that would be legal under the cookie law.
This is in fact a choice. The visitor can choose to leave your site, if he doesn't like cookies.

If you like to serve your site without cookies to the visitor you can provide an option or that. But you don't need to. XenForo however does not work without cookies.

The whole cookie law is a joke. Those notices at all sites are more annoying than blinking ads.