Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

EU Cookie Law - ?!

  • 16-03-2012 4:27pm
    #1
    Registered Users, Registered Users 2 Posts: 3,061 ✭✭✭


    Hi,

    This was recently brought to my attention -
    http://www.youtube.com/watch?v=arWJA0jVPAc

    Anyone and opinions or professional input on this issue from a developer standpoint?


Comments

  • Registered Users, Registered Users 2 Posts: 11,989 ✭✭✭✭Giblet


    It's all in limbo over here at the moment, but it boils down to SSL connections wherever a secure cookie is sent over the wire, permissions setting cookies for tracking and such. If you need a cookie to operate you can use them (setting some localisation, or maintaining some state which is needed to allow the site to function). It's all a bit hand wavey at the moment, a bit like PCI Compliance with their "You may or may not be in scope if you are 1 hop away" bs.


  • Registered Users, Registered Users 2 Posts: 3,061 ✭✭✭sticker


    Giblet wrote: »
    It's all in limbo over here at the moment, but it boils down to SSL connections wherever the cookie is sent over the wire, permissions setting cookies for tracking and such. If you need a cookie to operate you can use them (setting some localisation, or maintaining some state which is needed to allow the site to function). It's all a bit hand wavey at the moment, a bit like PCI Compliance with their "You may or may not be in scope if you are 1 hop away" bs.

    Cheers for the feedback. I develop standard html/css/js websites - no ecommerce or database backends. I do not intentionally include any cookie application in development.... Forgive the possibly silly question, but would a 'standard brochure website' generate a cookie automatically or would you need to "tell the code" to generate a cookie with each new site visit?


  • Registered Users, Registered Users 2 Posts: 11,989 ✭✭✭✭Giblet


    Do you use a CMS like WordPress?


  • Registered Users, Registered Users 2 Posts: 3,061 ✭✭✭sticker


    Giblet wrote: »
    Do you use a CMS like WordPress?

    Nope - I edit html/css/js frameworks - no CMS


  • Registered Users, Registered Users 2 Posts: 11,989 ✭✭✭✭Giblet


    You're probably ok then!


  • Advertisement
  • Closed Accounts Posts: 18,268 ✭✭✭✭uck51js9zml2yt


    Giblet wrote: »
    Do you use a CMS like WordPress?
    does wp use them?
    I assumed thats how Google analytics works with a wp plugin


  • Registered Users, Registered Users 2 Posts: 11,989 ✭✭✭✭Giblet


    Logins and stuff, people leaving comments and what not. A simple "I agree to allowing a cookie" beside a login button should be ok.


  • Closed Accounts Posts: 619 ✭✭✭Boards.ie: Paddy


    The advice we were given in boards.ie was that to be in full compliance you have to provide a description of all cookies, including the data stored in them, their purpose and the retention period. This should form part of your Privacy Policy. You can see an example of the type of information we provided as part of boardsdeals.ie's Privacy Policy.

    This is probably the only way to be sure you are 100% in compliance. Obviously for a large website like ourselves the effort involved in providing this information massively outweighs the problems that could arise from not being in compliance. For a brochure website for your local GAA club it may not be entirely necessary but there is a risk there.

    If you aren't sure if your site is setting cookies you can use the inspector in google chrome to find out. When viewing your website hit F12 and select resources->cookies to see what cookies have been set by your site.


  • Registered Users, Registered Users 2 Posts: 3,061 ✭✭✭sticker


    The advice we were given in boards.ie was that to be in full compliance you have to provide a description of all cookies, including the data stored in them, their purpose and the retention period. This should form part of your Privacy Policy. You can see an example of the type of information we provided as part of boardsdeals.ie's Privacy Policy.

    This is probably the only way to be sure you are 100% in compliance. Obviously for a large website like ourselves the effort involved in providing this information massively outweighs the problems that could arise from not being in compliance. For a brochure website for your local GAA club it may not be entirely necessary but there is a risk there.

    If you aren't sure if your site is setting cookies you can use the inspector in google chrome to find out. When viewing your website hit F12 and select resources->cookies to see what cookies have been set by your site.

    Very informative and much appreciated.


  • Registered Users, Registered Users 2 Posts: 3,061 ✭✭✭sticker


    After a look at your Privacy Policy here on boards, I see you have described each cookie and what it does, Chrome gives my own website some cookie activity, but I'm unsure how to write this up for a Privacy Policy - not to mention the other websites I have developed.

    Am I right in saying each website need a custom Privacy Policy to be compliant?

    I'll have a serious headache retro fitting my portfolio with tailor-made Privacy Policies. Is this what other Irish developers are doing also? Or is this a bit of an uninforcable law?


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 3,061 ✭✭✭sticker


    sticker wrote: »
    After a look at your Privacy Policy here on boards, I see you have described each cookie and what it does, Chrome gives my own website some cookie activity, but I'm unsure how to write this up for a Privacy Policy - not to mention the other websites I have developed.

    Am I right in saying each website need a custom Privacy Policy to be compliant?

    I'll have a serious headache retro fitting my portfolio with tailor-made Privacy Policies. Is this what other Irish developers are doing also? Or is this a bit of an uninforcable law?

    Anyone any followup opinions on this issue? -

    Seems quite big to me when an EU law break is quite possible for many innocent websites...


  • Registered Users, Registered Users 2 Posts: 1,462 ✭✭✭Peanut


    I'm a bit surprised that the advice Boards got was simply to list all cookies used.

    The main point of contention around the new EU directive was not so much about giving information about what cookies are used, but in obtaining consent from the user.

    This was clearly going to be a problem since the consent needed to happen at the beginning of a user's interaction with a site, and as such, any popups etc. used to confirm consent could drive visitors away or give a sales advantage to non-EU sites.

    I know there were exemptions for not requiring consent for cookies essential to site functionality (such as login sessions), but I'm pretty sure Google analytics was not covered under this.

    The whole thing seems very badly thought out and will be virtually impossible to enforce, although I suspect the reality is that only very large sites will come under any scrutiny, and they may be able to find workarounds that may stretch the interpretation of what was required - it was reported today that bt.com have implemented an opt-out question when you first visit their site, instead of asking for an opt-in to tracking cookies.


    @sticker - re: privacy policy - Although I don't think it's a legal requirement (yet), it's probably a good idea to at least have a generic privacy policy for any site as it may give people more confidence when using the site and/or business and is now also a requirement for any sites monetising using Adsense.

    There's more details on what they recommend here.


  • Registered Users, Registered Users 2 Posts: 255 ✭✭boblong


    1. We must do something
    2. This is something
    3. Therefore, we must do this.


  • Registered Users, Registered Users 2 Posts: 6,465 ✭✭✭MOH


    boblong wrote: »
    1. We must do something
    2. This is something
    3. Therefore, we must do this.

    Is that yourself, deputy Sherlock?


  • Registered Users, Registered Users 2 Posts: 1,082 ✭✭✭Feathers


    sticker wrote: »
    Anyone any followup opinions on this issue? -

    Seems quite big to me when an EU law break is quite possible for many innocent websites...

    Nothing will likely come of this, as it will make the web unusable. Does anyone know what the Irish legislation around this has/will be? In London at the minute & seems to be fines for non-compliance, but most major companies are dragging their heels over this.

    'Non-essential' is the real sticking point. The CSO over here are arguing that Analytics are essential as they allow them to provide the best possible service to users in a cost-effective way, which is part of their remit :rolleyes:

    & is storing a cookie to say you don't want other cookies essential?

    The reality is, until a test-case goes through the courts (or someone gets a complaint brought against them through an official watchdog), nothing will come of this.

    sticker What type of sites are you talking about — gov/SME/community? & do you have a support contract against them?


  • Registered Users, Registered Users 2 Posts: 697 ✭✭✭mambo


    Has there been any prosecution in Ireland because of a website not obtaining consent to use cookies?

    I notice the DPP website www.dppireland.ie uses cookies and doesn't seem to have a cookie statement, so I'm guess no-one is taking the EU directive too seriously? :confused:


  • Registered Users, Registered Users 2 Posts: 1,082 ✭✭✭Feathers


    mambo wrote: »
    Has there been any prosecution in Ireland because of a website not obtaining consent to use cookies?

    I haven't heard of any prosecutions at all tbh!


Advertisement