EU Cookie Law

[ProblemHelpPlease]

A new law regarding the use of cookies on websites in the EU is coming into effect, more info at http://www.bbc.co.uk/news/technology-13541250.The basic rule is that if a website wants to use cookies then it must first ask the user if they agree for it to place a cookie on their device.This obviously raises many issues as to how best go about asking every user to the site if they wish to allow cookies.What are peoples opinions on the way that this is likely to go and how would you comply with this law?

[Ingolme]

Nobody's going to comply with that law even if it gets passed.It's up to the browser vendors to implement a feature that asks users if they want cookies.

[justsomeguy]

What are peoples opinions on the way that this is likely to go and how would you comply with this law?

How is it likely to go? It's going to irritate developers and confuse users. Most people don't know or care what a cookie is, it's just one more "security" prompt that they'll agree to without understanding.In terms of implementation, since starting a session sends a cookie then you would technically need to look for the presence of the session cookie before you start the session, and if it's not there redirect to an acknowledgement/disclaimer page which shows the legal text before you can even start the session. Sort of a pain for everyone involved.

[Sl0G]

Here in the EU we have a saying (well most say it beside people from Greece and similar country's).

The EU never brought forward anything good it only costs the tax payer a lot of money!

[Sl0G]

Just a thought I had today.What are they planning on doing with CSS then? Style sheets get cached by the browser the first time you visit a site what reduces a lot of the loading time for bigger websites that use lots of styling.Will browser manufacturers be forced to ask a user every time he or she visits a site if they want the browser to cache the sheet? Sounds impossible and would be a pain in the ###### for e-commerce websites as well, knowing they already take ages to load often because of all the queries made to the database.

Edited May 30, 2011 by Sl0G

[justsomeguy]

It looks like the law only deals with cookies specifically, not caching in general. Caching doesn't involve cookies.

[[dx]]

In our country, after war there's no law for main things in life, politician criminals etc.So who care of some cookie law, we are wild south-east of Eu

[ProblemHelpPlease]

The main reason behind the law was to data security, in that cookies contain login details that you are retrieving from the clients PC without permission.This makes little sense since the cookies was placed there by the website in the first place and any decent cookies dont include any login details in a cookie(like username and password) but use a randon character string that is only any use to the originating website.Its as daft a law as the one about selling bent bananas.

[jeffman]

1. I don't like the law anymore than you do. It will annoy developers and users alike;but2. it was never meant to protect login security. If anything, logins will be slightly less secure, since session techniques usually pass ID values as query strings (visible in the URL bar) wherever cookies are disallowed;Instead3. the law is meant to make users aware that their page-views might be tracked and sold to the highest bidder, who could hypothetically construct pretty deep profiles based on user likes and dislikes;nevertheless4. cookies are not the only way such tracking can be handled. So you are correct in saying that the strategy will fail.

[birbal]

I belive the target of this law is for cross domain cookies other than that it does not make sense to apply this law in general ..why should it be a privacy issue while some domain set the cookie for its own use, where the domain use the cookie which it had set itself.