Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
EU Government Advertising Businesses Communications Network Networking The Internet News Your Rights Online Hardware

Changes Are Coming To the EU's Cookie Directive, But It's Not Going Away (softpedia.com) 120

An anonymous reader writes: The European Commission is listening to suggestions regarding EU laws on privacy and electronic communications (e-Privacy), among which is also the EU Cookie Directive that has made the lives of EU Internet users a living hell. The EU Commission has started an open consultation on this topic and is inviting users and businesses to provide their opinion. From the consultation's text, which is nothing more than a survey, one could argue that the EU isn't intent on removing the directive at all, but only making small adjustments. In its current implementation, most companies ask users if they're OK with storing cookies on their PCs and then collecting their data. One of the questions the Commission asked and is currently looking for an answer is whether companies should be allowed to deny users access to a website if they don't want to accept using cookies. The EU wants Internet companies to build alternative (usable) websites for people that don't want to use cookies at all, and so respect their decision for privacy.
This discussion has been archived. No new comments can be posted.

Changes Are Coming To the EU's Cookie Directive, But It's Not Going Away

Comments Filter:
  • is the sole reason why I'm voting for the UK to leave the EU!

    (Just joking, probably...)

    One of the questions the Commission asked and is currently looking for an answer is whether companies should be allowed to deny users access to a website if they don't want to accept using cookies. The EU wants Internet companies to build alternative (usable) websites for people that don't want to use cookies at all, and so respect their decision for privacy.

    So the EU want to force companies to serve customers regardless?

    • No kidding, they do realize that building, maintaining, hosting, and running a website is NOT free?

      • by Anonymous Coward

        If your business model depends on user agents accepting cookies, you are already screwed.

        • Re: (Score:2, Funny)

          by Anonymous Coward

          If your business model depends on user agents accepting cookies, you are already screwed.

          The girl scouts will be horrified to hear that...

      • This is the central disconnect with most politicians. They simply don't realize that doing things in business costs money, and you can't just get more of it from somewhere.

      • by Anonymous Coward

        I run a pretty good sized European news website an we manage to maintain a staff of about 100 without tracking our Users at all. Not Sure what you're doing wrong.

        • by Anonymous Coward

          I run a pretty good sized European news website an we manage to maintain a staff of about 100 without tracking our Users at all. Not Sure what you're doing wrong.

          You are running a good sized website without any analytics, or any login-functionality, or any Google ads or even the most basic ad targeting/frequency control that most ad buyers require today? It would be very interesting to know which site this is.

    • by N1AK ( 864906 )

      So the EU want to force companies to serve customers regardless? Fuck that. Fuck that big time. If a customer doesn't want to meet the criteria for using the website, then the website should be perfectly within its rights to refuse service.

      Governments already require a number of things of companies that wish to operate in their jurisdiction. I'm inclined to think this is a bad idea, but it really isn't any more restrictive than any number of other restrictions; to make such a comparatively minor point a dec

    • by MartinG ( 52587 )

      If the UK leaves the EU, that doesn't automatically mean the UK won't have to comply. Various non EU countries already have to abide by all kinds of EU rules as part of trade agreements with them.

      The major difference in leaving would be that the UK no longer has any power in influencing these kinds of rules.

      • Re: (Score:2, Insightful)

        They already have little or no power to influence these decisions. The EU does whatever it wants without considering if the people will like it or not. And frankly, who can blame them? They are the smartest, best educated people in Europe and they are best-suited to lead. People aren't educated and can't lead themselves out of a paper bag.

        I can't even imagine why the EU is soliciting advice on this cookie issue, what can the Great Unwashed tell them that their experts don't know already? My guess is,

        • They already have little or no power to influence these decisions. The EU does whatever it wants without considering if the people will like it or not.

          Voters in the EU member countries elect both their national governments and European Parliament directly. So I have to ask: who wields the power of the tyrant within the EU, and how do they bypass democratic control?

        • by dave420 ( 699308 )

          Your ignorance never ceases to amaze me. Thank you once again for a wonderful insight into what it must be like living in your head. Truly terrifying.

          • If Brexit happens, which there is a good chance of, the entire European Union is in peril. And a lot of the reason that is is because people just like you look down on others who disagree with their political opinions, and consider them beyond stupid.

            Many of us are insulted by the ruling class's dismissal of opposition as mere "anger and frustration" -- an imputation of stupidity -- while other of us just scoff at the claim that the ruling class's bureaucratic language demonstrates superior intelligence.

        • by AmiMoJo ( 196126 )

          Nonsense. The EU parliament is elected directly, and the other two bodies (the Commission and the Council) are appointed by elected officials of each member state. If the electorates of Europe don't old them to account that's their own fault.

          The EU tends to act in the interests of its citizens far more than the governments of many member states. To an extent that's because they are somewhat above national politics. For example, employment laws that favour workers, or ratings on vacuum cleaners so consumers

    • by AmiMoJo ( 196126 ) <mojoNO@SPAMworld3.net> on Thursday April 21, 2016 @08:36AM (#51955133) Homepage Journal

      There is a really easy, simple way developers can handle this. Don't use cookies by default. When the user logs in or adds something to their basket have the "you accept we use cookies, here's the privacy policy" text, but when the user simply visits the site don't set any cookies.

      That would eliminate 90% of the annoyance and not place an undue burden on developers. It might annoy site operators who were hoping to create profiles of visitors, but fuck those guys.

      • Re: (Score:2, Insightful)

        I hate 'webmasters' and how they think their job is to pull a fast one over the users.

        ever look at yahoo's javascript, for example? its done on purpose to stop you from making meaningful global filters for adblock, etc.

        the term 'webmaster' has devolved into something not worthy of respect (not sure it ever was, but now that web means 'content management engines' and not just content) and tricky ways to fuck you, the visitor, over, I am all for anything that makes THEIR lives harder and more painful.

        see, th

        • by dave420 ( 699308 )

          'Webmaster'? Really? Is it 1996 again? You seem woefully out of touch with reality, ascribing all sorts of nefarious motives to people you've never met, without any evidence to support your rash judgements.

      • by LWATCDR ( 28044 ) on Thursday April 21, 2016 @09:32AM (#51955559) Homepage Journal

        I used cookies to keep track of the last message that users read and what files for download had been updated. It was a long time ago but you can use cookies for things other than tracking users for ads.
        Frankly I thought I was respecting the user's privacy by storing that info on their system vs keeping it in a database.

        • by AmiMoJo ( 196126 ) <mojoNO@SPAMworld3.net> on Thursday April 21, 2016 @10:15AM (#51955875) Homepage Journal

          You are respecting the user's privacy, and the EU specifically exempts the kind of cookies you are using: http://ec.europa.eu/ipg/basics... [europa.eu]

          So you don't need a statement on your site, your use is exempt from the rules.

          • by LWATCDR ( 28044 )

            That system has been replaced by Drupal long ago but it didn't matter to me what the EU said. It was a US company and the website was hosted in the US. We respected our users privacy for the simple reason that they were our customers. They bought things from us and the website had 4 functions that justified it's cost.
            1. Advertising our product.
            2. Customer support and communications.
            3. Updates.
            4. An online store for customers to buy our products.
            Most sales came from our sales force back then so the store wa

        • But browsers make this difficult. Either you accept ALL cookies (even the 99% that are evil) or you accept almost none. To accept cookies from just your own site most browsers do not give you an easy way to do this. Sometimes "don't accept third party cookies" will work but sometimes it won't because the cookie is coming from something that appears to be a third party site ("bringyourownbeer.com" uses cookies from "xyz.byob.com"). And the cookies have bizarre names with even odder contents, so if you're

    • by Zocalo ( 252965 )
      I'm not sure that this is even a problem in practice (I've seen sites attempt to deny service when AdBlockers are used, but never when cookies are blocked), but since the EU would do a lot better to just fix the broken wording of the cookie directive to allow more flexibility in achieving compliance this might actually just be a flawed attempt to fix the problems the directive created in the first place. The only reason this is even an issue is because of the cookie directive's requirement that a site asks
    • by pr0nbot ( 313417 )

      Now they want me to put seatbelts in my car?? Fuck that. Fuck that big time. If a customer doesn't like it, they can fuck off and buy some other car.

      The cookie directive is about making users aware of surveillance. The EU (that is, the representatives of the member nations of the EU, collectively) have decided that surveillance by websites is potentially not in the consumer's interest, and the consumer should at least be aware of it.

      As I understand it, now they're going a step further and saying, if you wan

    • If a customer doesn't want to meet the criteria for using the website, then the website should be perfectly within its rights to refuse service.

      If a company doesn't want to meet the criteria for doing business in the EU, then the EU should be perfectly within its rights to stop it from operating within the EU. Companies, business and economy exist to serve human needs, not the other way around.

      If the EU do move in this direction, then I will be voting to leave.

      Enjoy your corporate overlords, then.

    • If a customer doesn't want to meet the criteria for using the website, then the website should be perfectly within its rights to refuse service.
      N/quote>

      It is perfectly reasonable to tell visitors that they are about to be spied on, if they enter a site, just like the law requires CCTV cameras to be accompanied by a warning message on a sign. It is part of being open, transparent and honest - something that is good for consumers and others; in fact, it is one of the many arguments in favour of remaining in EU. And anyway, using a thing like Privacy Badger in Firefox, you can selectively block cookies on any site very easily.

    • by Gonoff ( 88518 )

      is the sole reason why I'm voting for the UK to leave the EU!

      (Just joking, probably...)

      And its another reason why I'm voting to stay....
      A governmental organisation that it not, by default, automatically on the side of the seller instead of the consumer? Great! This, of course is why the most right wing, big money, parasites are keen to get us out so that we can head downhill to what people in the US have to put up with.

  • by headkase ( 533448 ) on Thursday April 21, 2016 @08:13AM (#51954987)

    Waiting for my cheque to implement an entire alternate back-end in 3.. 2.. 1..

    • by AmiMoJo ( 196126 )

      The summary is misleading. You can use certain cookies for things like sessions or user input, but not for tracking or advertising IDs etc. So you could just design your primary back-end not to need the evil cookies, and then selectively enable them for tracking if the user agrees.

  • What? (Score:2, Informative)

    by MitchDev ( 2526834 )

    No, if you don't want to accept the terms of using the website (cookies in this case) you DON'T GET TO USE IT.

    WTF is wrong with these people?

    • No, if you don't want to accept the terms of using the website (cookies in this case) you DON'T GET TO USE IT.

      Are you sure? My Self-Destructing Cookies add-on doesn't believe you.

  • by jfdavis668 ( 1414919 ) on Thursday April 21, 2016 @08:23AM (#51955035)
    Without cookies being sent back to the server, the server doesn't know what you were doing a moment ago. The design does not maintain the state of the system between transactions. There are other ways of doing this, but this is how http was designed. Yes, cookies are being used to track things that are not involved in the state of the transaction. But, it is hard to eliminate something that is key to the way that http works.
    • Forgot to include the relevant xkcd reference: https://xkcd.com/869/ [xkcd.com]
    • by AmiMoJo ( 196126 )

      It seems like they are differentiating between session cookies and permanent cookies. So you can have some basic state info for the site, but as soon as the user goes away it is lost and privacy is maintained.

    • by tlhIngan ( 30335 )

      Without cookies being sent back to the server, the server doesn't know what you were doing a moment ago. The design does not maintain the state of the system between transactions. There are other ways of doing this, but this is how http was designed. Yes, cookies are being used to track things that are not involved in the state of the transaction. But, it is hard to eliminate something that is key to the way that http works.

      A large amount of activity over HTTP doesn't require the server to know what you wer

      • When I browse slashdot, I like it to remember what level I choose last. It isn't strictly necessary for the site to work but it works better with the cookie to retain that information.

  • by Anonymous Coward

    None of this is going to make sense as long as the laws continue to be so completely disconnected from the reality. If a user wants or doesn't want to use cookies, then they have already instructed their browser to take the appropriate action, and it will be perfect in a way that the laws cannot even begin to approach.

    Anything the governments do related to this, is irrelevant and wasted. The absolute best case that anyone can hope for, is that they'll do no harm. And that, realistically, will never be achi

    • by Gonoff ( 88518 )

      If a user wants or doesn't want to use cookies, then they have already instructed their browser to take the appropriate action

      That is true for people here but you should talk to some users sometimes...

  • I have not noticed anything more than "mildly annoying". Hyperbole much?

    • by Anonymous Coward

      Quite. The most annoying outcome of this is when it's necessary to click on the "No, it's okay, serve me cookies" button every time I visit a website, which only shows that their cookies aren't working.

    • by fintux ( 798480 )
      I agree that "living hell" is a far fetch. However, it is more than mildly annoying especially when viewing the desktop version on a mobile device. The banner takes a significant portion of screen real estate and sometimes also the dismiss button is difficult to hit. I think the savvy users already know cookies are used for tracking all over the internet and the less savvy ones probably will just ignore this. Essentially, after the first few times you see this, it is just additional noise on the web sites.
  • Here's mine (Score:2, Informative)

    by Anonymous Coward

    Your browser uses cookies. You have the power to disable cookies in your browser settings. This website may only request that a cookie be stored, it can not force your browser to store the cookie or return the cookie at a later time. This website can not stop your browser from sending it cookies. Only your web browser can disable or delete cookies. You are even sending this website global session cookies that you or some other website asked to be stored, and there is no possible way for the operators o

  • Laws should request the result, not the method of getting there.

    Cookies have many important uses; most of them perfectly legitimate with no privacy ramifications. It is only abuse of cookies that pose a risk, and what might be regulated should be the potential result of motivations for abuse, not the means.

    They should repeal the cookie directive and replace it with a "Privacy Directive", regarding retaining and linking personally identifiable information to web history gathered from 3rd party website

    • by Anonymous Coward

      If you actually read the law, you would notice it's much more abstract as they do not even mention cookies. It is exactly as you described.

      Furthermore storing data for functional purposes is totally fine on the condition that it's removed at the end of the session. If you go for permanent storage or you want to track your user then you need to ask permission. It doesn't matter if you want to achieve that through cookies, images, flash, localstorage.

    • Cookies have many important uses; most of them perfectly legitimate with no privacy ramifications.

      care to offer any proof for this asertion?

      my experience - and likely that of EVERYONE ELSE - is that most cookes ARE there for tracking. did you ever look at them? ever see the 3rd party sites that store shit on your browser?

      webmasters are out of control. they essentially report to the marketing dept, these days (unofficially, but the marketing guys run the show, which is why the web is in the ruined state

      • by mysidia ( 191772 )

        care to offer any proof for this asertion?

        For starters..... Cookies are why I can navigate to http://slashdot.org/ [slashdot.org] every evening and post a comment without having to go through the repetitive task of typing in Yet another username and password every day.

        Cookies are why I can go to Youtube and watch a video..... the first time I see one, there will be an Ad shown..... Then I can go back and visit Youtube.com a few minutes later, find a new video, and they will give me a break because i've just seen a

  • by evanh ( 627108 ) on Thursday April 21, 2016 @08:54AM (#51955279)

    I've never understood the problem with cookies. Websites don't control cookies, the Web-browser does.

    The browser should only maintain cookies associated with the browsing window for as long as that window is open. There's no use in anything else. No timers of any sort, short or long, it gets ignored.

    Now scripting, that's another kettle of fish altogether.

    • Having used the excellent self-destructing cookies plugin for Firefox for a while now, yes, this should be the default way it works. With trivial white listing for the sites you do want to remember you, which in practice turns out to be quite rare.

  • I think the intent of the EU was to make users aware that their activities were being tracked, unfortunately they focused on an implementation detail of how that could occur. Really they should be telling users precisely how they are being tracked, data retention and why.
  • It didn't inform me that the site uses cookies, but I checked, and there are 2.

    Standard JSESSIONID and one that stores the value of whether the user has JS or not.

    As an aside, the consultation is the least accessible piece of lawyer speak I have seen in a long time.

  • I finally moved to the EU. I used to laugh at this back when it was first proposed but wholly crap is this annoying. There's almost no website I can visit which doesn't produce some boilerplate warning saying that for the site to work you need cookies. Worst part is it typically loads after the content, so if your computer if slow enough then you're already trying to click a hyperlink when the popup appears and the entire page moves and you click on the wrong link.

  • So, rather than denying access for those who don't wish to be tracked, can a company simply make its content pay-walled by default, but rather than paying $2 per month or something allow the users to accept tracking instead?

Do you suffer painful illumination? -- Isaac Newton, "Optics"

Working...