New EU Net Rules Set To Make Cookies Crumble

NickstaDB writes "From the BBC article: 'From 25 May, European laws dictate that "explicit consent" must be gathered from web users who are being tracked via text files called "cookies." These files are widely used to help users navigate faster around sites they visit regularly. Businesses are being urged to sort out how they get consent so they can keep on using cookies.'"

They will just bury it

[Anonymous Coward]

They will just bury such "consent" in the EULA, privacy policy, terms and conditions, legal notices, and other such crud that no one reads.

Re:Thanks EU

[plover]

Great - what the internet needs is more regulation.

Thanks EU.

I think that's exactly what America needs: more EU regulation. We'll just host their sites over here, because we don't have to comply with their stupid laws.

Re:Clue stick

[Malc]

I couldn't give a rat's arse how much it costs sites to comply. I'm glad somebody with sufficient authority is looking out for my privacy, because it's hard enough to do it by myself. Cookies have been a fundamental feature of the web for a long time as a way to make the web a better experience for users, but I certainly didn't ask advertisers et al to abuse this functionality for things that aren't in my interest.

Re:Thanks EU

[DarwinSurvivor]

HAHAHA. Says the guy who's country created the patriot act! American VPS companies have been losing lots of money because people don't want to put their data on a server in a country where the government can just go "This server is running on the same hardware as someone who MAY have sent a secret message to someone in IRAQ with a picture of a child, thus we are confiscating everything!"

Re:They will just bury it

[Anonymous Coward]

Data protection legislation in the EU requires that explicit consent is given. That means clear, unambiguous, and upfront consent. You can't hide it in a blizzard of tick boxes or EULAs. Defaulting options to give consent won't work either.

Big business might try tor rely on a "permissive environment" of weak national regulators but the EU commission takes these things seriously. After stunts like data loss and Phorm they're wise to the tricks. Any wiseguy is just going to get their ass handed to them.

Re:Allowing cookies = consent?

[VortexCortex]

Some are arguing that allowing cookies in the browser is basically equivalent to giving your consent.

That sounds to me like implicit consent, while the EU requires explicit consent. Though I suppose asking permission once per site is enough - not every single visit. And after receiving such explicit permission the site may store a cookie on your computer indicating that they have that permission already.

Well, earlier today, I pasted this in my address bar:

javascript:void(document.cookie = "reminder=Don't forget:\n\tCover page for TPS report.");

Just now I pasted this in my address bar:

javascript: alert( document.cookie );

(Not a moment too soon -- I almost sent that report with the old cover sheet.)

That message was sent to every website I visited today. I know damn well they don't have my explicit permission to read the cookie headers that my browser sends them -- Especially not when they contain such important trade secrets. I'll report all the sites in my history post haste! In fact, YOU don't have explicit consent to be reading my notes either! I never gave you explicit consent, so I'm afraid I'll have to report you as well.

Hmm, I'm not sure, but I think that since I'm self employed part-time I might be in violation too! I didn't update the Cookie Consent Clause of my Explicit Permissions Form [europa.eu] to specify that my company has the explicit permission to track my thoughts throughout the day using text files & "magic-cookies".

I sure hope I don't get fined, I can never go back to the yellow sticky squares... not after that time they didn't get my explicit permission to record the doodles I made of my manager, and nearly got me fired by way of an unauthorized 3rd party doodle disclosure!

(When I complained Post-It admitted that paper and pens normally only have implied consent to record and redisplay information to anyone within reading / writing distance, and explicit consent is required in the EU. However the EULA on the shrink wrap that I thew away said that by opening the package I forfeit my right to consider marks made with my hands as information...)

Re:EU = make things harder

[lordholm]

Google requiring log-in = people start using bing (have they renamed it again yet?) / yahoo / altavista.
Really... this is what would happen.

I have seen plenty of people who, when encountering a log-in / register window, they just close the web-page and do something else. Come, to think of it, all sites requiring log-ins, would be a huge boost for productivity.

Re:They will just bury it

[andrea.sartori]

Yeah, sure, because a Yes/No guarantees the user has a) read the message, b) understood what this cookie stuff was, c) consciously clicked the "right" button.
Real world situation: "It asked me something." "What did ask what?" "Dunno, I just clicked OK."
Come on. 80% of the malware in the world is installed exactly after "gathering explicit consent from Web users".