ICO gives website owners one year to comply with cookies law

[beeswax]

May 25th 2011
"Organisations and businesses that run websites aimed at UK consumers are being given up to 12 months to ‘get their house in order’ before enforcement of the new EU cookies law begins, Information Commissioner, Christopher Graham said today."
[The Information Commissioner's Office]

It appears from a preliminary reading that "[Regulations] which come into force in the UK on 26 May, to address new EU requirements. The Regulations make clear that UK businesses and organisations running websites in the UK need to get consent from visitors to their websites in order to store cookies on users’ computers." Will apply to schools.
In preparation for this, does anyone know how to disable cookies in joomla 1.5/1.6?

[LosOjos]

Seems a bit of a ridiculous expectation to me, expect everybody to recode their websites to let users decide whether cookies can be stored when that functionality already exists in most browsers.

Maybe I'm just being cynical, but is it a case of rather than government spending money to educate the masses, they're forcing companies to spend money altering their websites so they can bring in some tax money?

[localzuk]

Its not a UK law - its an EU rule brought in due to the problems with privacy that we have on the net at the moment.

Consumers will never understand terms like 'cookie' and what the implications of it are. The law is not about getting people to accept cookies, its about informing the end users what is being tracked and stored on their computer and why.

[ZeroHour]

I thought it made sense with adverts etc but every website, they have no idea of the huge amount of things this will break and things which cant easily be fixed.
Madness tbh and never needed to be so wide in scope.
The nice thing is that sites can only apply the consent setting to EU visitors only, at least the rest wont be annoyed by a "I Agree" popup when you first browse to the site.

[morganw]

This law is bizarre and obviously put into place with a bare minimum of technical consultation. You can already block/accept cookies for sites with your existing web browser settings, you already have privacy modes so that you know no cookies are stored with existing web browsers.

How about just defaulting browser settings to something that doesn't store cookies and then letting the user opt into accepting them. Unless I'm mistaken this would result in the same thing but without having to re-code half of the Internet.

[localzuk]

You're missing the point. Ask people on the street 'what does a cookie do on a website?' and 'what do yahoo use cookies for?' and you will get an answer of 'errr...' for both.

The point of the law is to inform users what sites are tracking etc... Do most people know that when you visit a site with a google advert on it, it checks for a cookie, and links prior browsing to new browsing, and targets adverts at you accordingly?

[ZeroHour]

You're missing the point. Ask people on the street 'what does a cookie do on a website?' and 'what do yahoo use cookies for?' and you will get an answer of 'errr...' for both.

The point of the law is to inform users what sites are tracking etc... Do most people know that when you visit a site with a google advert on it, it checks for a cookie, and links prior browsing to new browsing, and targets adverts at you accordingly?

Not arguing about tracking cookies for adverts involving privacy like that, they should be opt-in not opt out, but every website? can you imagine browsing google results with huge amounts of I Agree popups. I dont think there is anything saying you must allow the person to use the site without cookies, a ton of sites will simply block you if you dont agree.

[morganw]

Why not let the browser handle it though? They might not understand the term cookie but if a dialogue box on the browser doesn't use this term and instead talks about storing data and privacy then what's the problem?

[beeswax]

This is what the ICO have as their front page - Data Protection and Freedom of Information Advice - ICO I don't think it's very elegant, but I suppose it will only appear once for every new visitor.

[ZeroHour]

This is what the ICO have as their front page - Data Protection and Freedom of Information Advice - ICO I don't think it's very elegant, but I suppose it will only appear once for every new visitor.

Now without ticking I agree I wonder if google is still using its cookie for analytics.

[morganw]

The ICO website uses cookies to detect whether I've opted into using cookies or not.
How did this get past the common sense department?

[maniac]

The ICO website uses cookies to detect whether I've opted into using cookies or not.
How did this get past the common sense department?

Now that's a fail - might e-mail the register with that one.

[morganw]

This is what you get if you don't accept cookies on their site:

On 26 May 2011, the rules about cookies on websites changed. This site uses cookies. One of the cookies we use is essential for parts of the site to operate and has already been set. You may delete and block all cookies from this site, but parts of the site will not work. To find out more about cookies on this website and how to delete cookies, see our privacy notice.

So basically the site gets broken and they've already stored a cookie because their site cannot operate without cookies. Quite the example they are setting there...

[PiqueABoo]

The site set an ASP.NET session cookie which given that there were no others must be the one they say has already been set.
If you accept their cookies it sets a cookie to record you have done so.
They do not set a cookie to record that you don't want their cookies.

IOW there's nothing to criticise re. their example.

[CAM]

So this law only covers cookies? Looks like a potential boost for HTML5 Web Storage support then.