I made you a cookie, but I eated it..(DPC letter)

MadsL

I posted this on AH, but I'm curious as to boards compliance with this (probably bad) law.
Not looking for an official statement just some general discussion of websites actually implementing a compliant solution. Is it tricky for websites like boards?

http://www.siliconrepublic.com/strategy/item/30806-data-commissioner-tells-80/

Some 80 websites in Ireland – including major Government departments, like the Department of Health and the Department of Finance – have been written to by the Data Protection Commissioner to explain their approach to stringent EU regulations on the use of cookies

Popular internet properties included in the letter included Adverts.ie, Boards.ie, Daft.ie, DoneDeal.ie, Eflow, Entertainment.ie, Irish Jobs, Menupages, Monster.ie, Paddy Power, Ryanair, Ticketmaster and Pigsback.

So, boards. You made us a cookie, did you eated it?

Morag

A link on the bottom of the Home page of the site says cookie policy and it links to all the info you have to know.
http://www.boards.ie/content/privacy#cookie-policy

MadsL

Morag wrote: »

A link on the bottom of the Home page of the site says cookie policy and it links to all the info you have to know.
http://www.boards.ie/content/privacy#cookie-policy

Why would the DPC not think that adequate would you say?

Morag

There's quote from the DPC asking for more information, it doesn't say that what boards has done is inadequate from what is reported in the article.

MadsL

Morag wrote: »

There's quote from the DPC asking for more information, it doesn't say that what boards has done is inadequate from what is reported in the article.

So he's not complaining just asking what has been done in response to the law. Wouldn't that be obvious from looking at the website?

Bit like the Gardai sending me a letter asking if I have been speeding recently.

Ken.

All boards cookies are now mass produced in Colorado and Washington.

Morag

Well all of this is new, so there will be a range of different ways sites will try and work with what has been asked of them and from that I guess a best practice will emerge, so I can understand why they are asking for as much information as to why certain sites have taken certain tacts.

MadsL

Makes sense I guess Silicon republic are reporting it as something it isn't.

Orion

I think there has to be an opt-in or something like that. On a lot of UK sites I've seen messages at the top of the page where I have to accept their cookie policy. It doesn't stop you using the site but you see the warning until you click accept/agree - that's the "capture consent" part. Just having a link to a cookie policy isn't enough. It's a bizarre law.

Here's an example from theregister.co.uk

TouchingVirus

The law is bizarre and so beyond what it was meant to cover.

From a cursory glance around the place and knowing a bit of vBulletin I can tell Boards uses cookies everywhere. Everything from Google-served ads (which was the scope of the cookie directive really, explaining to uses about this data used to track you) to the remember-me feature, multiquoting posts, inline moderation of posts/threads and lots of other things in between. Changing style, depending on how you do it, can set a cookie. When not logged in if you read a thread or forum or mark them as read it sets cookies. Boards.ie without any cookies will at the very least degrade user experience significantly, session data only gets you so far. Without consent for cookies you might as well browse boards in browser privacy mode, it'll forget everything about you on every visit.

To dismiss the notice about the cookie policy so the user doesn't see it more than once, whether permission given or not, the site needs to use a cookie. That irony isn't lost on a lot of web developers. It's just stupid, cookies are an implied part of browsing the internet. I didn't see any requirement for acceptance that the HTTP protocol may be sniffed by nefarious users when I access a wifi access point which is much more detrimental to users than a cookie.

seamus

It's the most ridiculous piece of legislation, completely devoid of any understanding of the nature of the technology.

Once the initial spurt of activity about it has ended, it'll be quietly shelved and forgotten about and nobody will include the notice on their sites anymore and nobody will care.

Dravokivich

Its a real nuisance for users that are aware of cookies, but prompted by notices that popup to tell you cookies are logged, tracked and used.

A lot of us know this. What would be use full to general public is something similar to them magazines "Which?" Do advising of internet usage. The website you browse shouldn't have to. In my opinion.

Morag

It is even more stupid when you consider that ACTA has been stopped dead and yet we still have to deal with 'Sherlocks law'.

January

Is it a bit of a coincidence that I read this thread and when I clicked out of it got a notice about cookies?? *dons foil hat*

Where To

January wrote: »

Is it a bit of a coincidence that I read this thread and when I clicked out of it got a notice about cookies?? *dons foil hat*

I've just got it too.
I've never felt so violated.

Boards.ie: Danny

January wrote: »

Is it a bit of a coincidence that I read this thread and when I clicked out of it got a notice about cookies?? *dons foil hat*

Not a coincidence at all, we pushed live some changes that allow us to explicitly inform users that their usage of Boards implies consent to store cookies on their machine where possible. Changes went live at 1:03pm

Orim

Boards.ie: Danny wrote: »

Not a coincidence at all, we pushed live some changes that allow us to explicitly inform users that their usage of Boards implies consent to store cookies on their machine where possible. Changes went live at 1:03pm

Is that for all users? Just wondering because I didn't see anything. I'm wondering if it's down to the restricted access I have in work.

Which makes me wonder what the policy of this law is if a user can't get the message regarding cookies and can't give consent?

Boards.ie: Danny

It's possible that due to a CSS issue the notice was displayed but didn't show up in your browser. It's something we're going to fix up in the next few minutes

Edit: And fixed.

MadsL

I didn't get a notice, even when I logged out and back in again.

Are you chaps being clever and noting I have a US IP address? If so, very well done.

If not using Win 7, Chrome 23.0.1271.97m.

Boards.ie: Danny

Nothing smart like that, I suspect you opened a boards tab got the notice but never read the tab and closed it Logging out will have no effect, it won't clear the notice cookie.

I've attached a screenshot of the notice for users who have missed it. I expect a vBulletin notice will land in the new year

Overheal

I never had a problem with boards using cookies, but the thing is, I always knew that they were used to track things like whether I'm logged in on my PC, but anytime the subject came up an admin or higher up always told me ya didn't. There was no point in doing that, just be straight. I know what a cookie is, it's legit.

I did however like the way you guys did your notice page, all spiffy and technical

MadsL

Boards.ie: Danny wrote: »

Nothing smart like that, I suspect you opened a boards tab got the notice but never read the tab and closed it Logging out will have no effect, it won't clear the notice cookie.

I've attached a screenshot of the notice for users who have missed it. I expect a vBulletin notice will land in the new year

Hmmm possibly. Does it only display once?

Boards.ie: Danny

MadsL wrote: »

Hmmm possibly. Does it only display once?

Yes, once and requires no interaction to not display again.

MadsL

Boards.ie: Danny wrote: »

Yes, once and requires no interaction to not display again.

Good job! (high-fives awkwardly)

Can I have 3 months free as a 'beta-tester'?

My name is URL

One of the 3rd party cookies doesn't expire for 20 years.. Who the hell even has the same computer for 20 years?!

MadsL

My name is URL wrote: »

One of the 3rd party cookies doesn't expire for 20 years.. Who the hell even has the same computer for 20 years?!

More of a Twinkie than a cookie then so.