The European Privacy and Electronic Communications directive

AdrianH

Active member
http://www.pcadvisor.co.uk/news/index.cfm?newsId=3264103

Changes to EU law intended to protect privacy


From May 25 2011, websites will have to gain consent from web users to store or access information on their computers, under changes to European law.

The changes to the EU Privacy and Electronic Communications Directive are an attempt to protect privacy and will require firms to explain to web users the information that is being stored and what behavioural advertising or ads tailored to the web users based on their browsing activities are. As a result, web users are expected to see more pop-ups containing this information when surfing websites.


While cookies that allow web users to store goods in an online shopping basket are exempt from the changes in the directive, those cookies that allow users to store log-in details for site such as social networks or webmail are affected............ (more)


So, for all those here within the EU, are you aware of this, is your forum/site compliant?
 
So, for all those here within the EU, are you aware of this, is your forum/site compliant?

Hmmm ... no I wasn't.

I'm not sure there are any privacy issues with a simple login cookie though. There's no personal information stored, just username.

I wonder what it is us web site owners will be required to do?
 
Is this not just relating to information stored for advertising purposes?

NO, not if you read this.....

While cookies that allow web users to store good in an online shopping basket are exempt from the changes in the directive, those cookies that allow users to store log-in details for sites such as social networks or webmail are affected
 
Adding a stipulation in the registration process would about cover this surely, maybe Mike and Co will consider this for the future releases.
 
On the 25th of May 2011 an amendment to the EU’s Privacy and Electronic Communications Directive will require website owners to obtain consent in order to store or access information on consumers' computers. This is specifically aimed at cookies or as The Register reports...

UK-based businesses and other organisations running websites that track their users' cookies will be required by law to obtain "explicit consent" from visitors to their sites.
http://www.theregister.co.uk/2011/04/15/cookies_uk_government_implementation_of_eu_regulation/

If you are in the UK and already aware of this you'll probably already know that the Information Commissioners Office has yet to publish guidance on this issue.

The question this raises is what exactly is the definition of a website (or forum) that track a users' cookies and assuming your site has an obligation to fulfil, how do you go about it to satisfy those obligations? As I'm sure there are quite a number of website and forum owners here, I was wondering what your opinion is and whether or not you think it will affect you?
 
Chaps I have been researching this. I have it on excellent authority that a login cookie is considered essential, but the 'remember me' cookie is not. So right there we have a requirement to request permission.
The solution at www.AVForums.com (a note next to the tick box) is sufficient for this cookie, but of course, the other none essential ones do require permission.
 
Besides Stuart, has anyone else actually bothered to do anything about this? A quick check on eBay.co.uk, shows that other that saying clear the 'keep me signed in' box if you're on a shared computer, there's nothing about permissions for cookies.

I know eBay.co.uk isn't a UK company, but it is registered in the EU and this is an EU directive.
Eitherway, the BBC doesn't prompt you when it saves your location in a cookie if you want local weather and that's definitely UK based ;)
 
Basically,

This only effects you if you pass cookies onto a 3rd party. Eg, an advertising network or tracking code.

IF the cookies are required for the functionality of your site, eg login or session cookies, you dont need to do anything.
 
Basically,

This only effects you if you pass cookies onto a 3rd party. Eg, an advertising network or tracking code.

IF the cookies are required for the functionality of your site, eg login or session cookies, you dont need to do anything.
I'm afraid this is completely wrong.
If you set any non essential cookies, then you need to get permission. And it's misconceptions like yours that will be part of the problem for us as cookie setting website managers, and the ICO, whose responsibility it is to make sure our sites are legal.
We have to get permission for Adsense/Ad Exchange and all 3rd party ad cookies, Analytics, Skimlinks, and in our case (running vB 3.8.2), vbseo login cookie, vB last visit cookie and those cookies set by the modifications we have installed over the years.
Note that if your visitors refuse to have Analytics cookies, then they will not be included in your Analytics stats.
I have heard that since the ICO site put their cookie question on their site, their traffic as reported by Analytics has dropped by 90%.
You can be sure that there will be little point in quoting Analytics for visitor stats going forward.
 
Chaps I have been researching this. I have it on excellent authority that a login cookie is considered essential, but the 'remember me' cookie is not. So right there we have a requirement to request permission.
The solution at www.AVForums.com (a note next to the tick box) is sufficient for this cookie, but of course, the other none essential ones do require permission.

Stuart, may I ask the source of your information on this? I've contacted the Information Commissioner's Office on a number of occasions and they have led me to believe that login cookies for forums are not considered essential. That said, I have had some doubts about their technical competency in this area so I'm still trying to obtain accurate information.

PS: Great job on the new AVForums style, it's never looked better (y)
 
I'm interested in how they are going to police/prosecute this? Is it going to be lead by direct complaints from the public? Will you be given the opportunity to make adjustments? How the hell do you manage "permission" from guests without identifying them?

It doesn't appear very well thought out and I'm not sure - technically anyway - how to resolve the "getting permission" bit on my forums!
 
I'm interested in how they are going to police/prosecute this? Is it going to be lead by direct complaints from the public? Will you be given the opportunity to make adjustments? How the hell do you manage "permission" from guests without identifying them?
Funnily enough, it appears you will have to set an extra cookie for those allowing you to store cookies.

http://www.ico.gov.uk/Global/privacy_statement.aspx
http://www.ico.gov.uk/for_organisations/privacy_and_electronic_communications/the_guide/cookies.aspx

As far as I can see, those guidelines are valid for UK, not sure if there will be local interpretations.
 
Top Bottom