ICO gives website owners one year to comply with cookies law

[PiqueABoo]

So this law only covers cookies?

Would you really expect that to be the case?

It isn't. They [computer law making folk] had figured that one out before the end of the last century i.e. have long endeavoured to make law that either covers or can be easily extended (without pesky votes etc.) to encompass tech evolution. This is an update of the existing law from 2003 which already refers to storage and retrieval of "information" on our kit - the changed/new bit is that our consent must be obtained.

[morganw]

The site set an ASP.NET session cookie which given that there were no others must be the one they say has already been set.
If you accept their cookies it sets a cookie to record you have done so.
They do not set a cookie to record that you don't want their cookies.

IOW there's nothing to criticise re. their example.

It's MY session data. They are storing information about MY session. As an innocent visotor to their site I'm outraged that they have done so without my permission and demand that the internet be changed.

[AngryTechnician]

Personally I'm not convinced the enforcement of this will come to much. Given the still rather 'slap on the wrist' nature of most DP prosecutions, and the almost non-existent prosecutions for DDA non-compliance, why would this be any different?

[ZeroHour]

A rather witty example of how things could go: EU “Cookies” Directive. Interactive guide to 25th May and what it means for you

[rush_tech]

Dragging this one back up...

So how are schools complying with this?
I use Joomla which I believe doesn't leave a cookie unless you login to the site(i think). but what about third party cookies things like google analytics

[GrumbleDook]

Why not ask Becta what you should do? Oh ... erm ... why doesn't everyone email the Department for Education for instructions about what to do?

[pete]

Why not ask Becta what you should do? Oh ... erm ... why doesn't everyone email the Department for Education for instructions about what to do?

Ph'nglui mglw'nafh Cthulhu DFE wgah'nagl fhtagn.

You don't ask them, because you might wake them up. Then they'll write poorly-thought-out policy documents and we'll hunt you down with a pack of rabid biology teachers.

[3s-gtech]

How are you all getting on with this job? It totally slipped my mind, then I had a major panic when I was forwarded a reminder from County.

So far I have installed "Cookie Control" onto my php main website, and also the Joomla, Moodle and Wordpress offshoots. Not having much luck with the control, but it now blocks Google Analytics cookies by default at least. Also drafted a privacy policy which links to the Data Protection Policy.

Joomla sets session cookies by default. Joomfish module sets a cookie too.
Moodle sets session cookies, even when not logged in.
Worpress sets a session cookie.

As far as I can tell, I need to stop all of these without consent (though the consent can be "if you continue, you agree to allow cookies").

On my Joomla site outside of work, I've just hacked the php to turn off session cookies = no front-end login, but meh. Should keep it within the law very simply.

[localzuk]

This article has some good insight into it - The Cookie law: clarity at last (but not from the ICO) | PC Pro blog

[3s-gtech]

Perfect. Looks like with a bit of amendment to the policy I've written and some extra clarity on the site, I can comply happily. Cheers!

[localzuk]

Perfect. Looks like with a bit of amendment to the policy I've written and some extra clarity on the site, I can comply happily. Cheers!

Glad to hear it. The ICO have been less than helpful on the matter I think! They really need to get their act together and provide detailed but concise info asap. Lots of businesses are confused about it at the moment, especially as the media have been portraying it as a 'all cookies must prompt you' rather than the reality which is more complex.