Changes Are Coming To the EU's Cookie Directive, But It's Not Going Away (softpedia.com) 120
An anonymous reader writes: The European Commission is listening to suggestions regarding EU laws on privacy and electronic communications (e-Privacy), among which is also the EU Cookie Directive that has made the lives of EU Internet users a living hell. The EU Commission has started an open consultation on this topic and is inviting users and businesses to provide their opinion. From the consultation's text, which is nothing more than a survey, one could argue that the EU isn't intent on removing the directive at all, but only making small adjustments. In its current implementation, most companies ask users if they're OK with storing cookies on their PCs and then collecting their data. One of the questions the Commission asked and is currently looking for an answer is whether companies should be allowed to deny users access to a website if they don't want to accept using cookies. The EU wants Internet companies to build alternative (usable) websites for people that don't want to use cookies at all, and so respect their decision for privacy.
Re: (Score:3)
Re: (Score:2)
The EU wants privacy to be the default. So when you visit a random web site it initially respects your privacy instead of setting over 9000 random cookies, evercookies, advertising ping-backs, web bugs, browser profiling scripts and other nasties, with a little "btw we just shoved a cactus up your arse, click here to read our anti-privacy policy" notice at the top.
While clearly a lot of sites won't work fully without cookies, as many people who block them will tell you a lot of functionality doesn't need t
Re: (Score:2)
The problem is that this directive does not achieve that. The only thing you get (also here on Slashdot if you are in EU) is an interstitial asking you to accept the privacy policy/TOS/cookies. And then it is business as usual, with those 9000 random cookies, evercookies, adverts and pingbacks.
This law is addressing the symptom (cookies) and not the cause - companies wanting to hoard, mine and sell their visitors' data.
Re: (Score:3)
Re: (Score:2)
Actually lawmakers seem to understand the technical issues extremely well. Take a look at the EU site on the subject. [europa.eu]
They clearly differentiate between different types of cookie (session/persistent, first/third party) and list exemptions for things where cookies are necessary and don't interfere too much with privacy.
The real issue here is that sites haven't bothered to read the rules and just stuck a blanket "we use cookies" banner on everything, even if they don't need one. Reading the rules carefully, mo
Re: How about a choice... (Score:2)
Thanks, that link was really useful
Re: (Score:2)
There's a simple solution: exempt session cookies, make the law harsher on persistent cookies.
All legitimate navigation needs are served well enough by session cookies. Legitimate uses of persistent cookies, such as "remember me" login or saving preferences require an explicit action of the user, and that can have a short cookie warning included.
By "make the law harsher", I propose requiring disclosing the actual purpose of gathering data, rather than saying just "to enhance your browsing experience".
Re: (Score:2)
I've seen that interstitial when connecting from France, but not from the UK. I think maybe it's down to individual state's implementations.
Re: (Score:1)
Users already had and have that choice, regardless of whatever laws EU enacts. They were working from a premise where the user is already 100% control of the situation. And that's why the laws look so hilarious (and pointless) to everyone who knows how the web works. Browsers store (or don't store) cookies at user direction, but I guess some lawmakers wanted to look like they exist for a reason, so they made up silly laws.
Re: (Score:1)
Well currently the sites give the choice to accept or reject third party cookies in an annoying popup (this has already been forced by law), and if you say no, then as third party advertising is how they make money, the site will typically have to either present a limited experience, or no experience.
Now they want to force the sites to give an experience even if you reject the cookies. Maybe that would change the relationship between advertisers and sites (who would click yes in that situation!) so it is vi
This right here... (Score:1)
is the sole reason why I'm voting for the UK to leave the EU!
(Just joking, probably...)
So the EU want to force companies to serve customers regardless?
Re: (Score:2)
No kidding, they do realize that building, maintaining, hosting, and running a website is NOT free?
Re: (Score:1)
If your business model depends on user agents accepting cookies, you are already screwed.
Re: (Score:2, Funny)
If your business model depends on user agents accepting cookies, you are already screwed.
The girl scouts will be horrified to hear that...
Disconnect (Score:2)
This is the central disconnect with most politicians. They simply don't realize that doing things in business costs money, and you can't just get more of it from somewhere.
Re: (Score:1)
I run a pretty good sized European news website an we manage to maintain a staff of about 100 without tracking our Users at all. Not Sure what you're doing wrong.
Re: (Score:1)
I run a pretty good sized European news website an we manage to maintain a staff of about 100 without tracking our Users at all. Not Sure what you're doing wrong.
You are running a good sized website without any analytics, or any login-functionality, or any Google ads or even the most basic ad targeting/frequency control that most ad buyers require today? It would be very interesting to know which site this is.
Re: (Score:2)
Governments already require a number of things of companies that wish to operate in their jurisdiction. I'm inclined to think this is a bad idea, but it really isn't any more restrictive than any number of other restrictions; to make such a comparatively minor point a dec
Re: (Score:2)
Seriously, do i have to comply when i operate in the u.s?
Only if you want our money. If you have enough traffic, you are at liberty to geofence to your hearts content.
Re: (Score:2)
If the UK leaves the EU, that doesn't automatically mean the UK won't have to comply. Various non EU countries already have to abide by all kinds of EU rules as part of trade agreements with them.
The major difference in leaving would be that the UK no longer has any power in influencing these kinds of rules.
Re: (Score:2, Insightful)
They already have little or no power to influence these decisions. The EU does whatever it wants without considering if the people will like it or not. And frankly, who can blame them? They are the smartest, best educated people in Europe and they are best-suited to lead. People aren't educated and can't lead themselves out of a paper bag.
I can't even imagine why the EU is soliciting advice on this cookie issue, what can the Great Unwashed tell them that their experts don't know already? My guess is,
Re: (Score:2)
Voters in the EU member countries elect both their national governments and European Parliament directly. So I have to ask: who wields the power of the tyrant within the EU, and how do they bypass democratic control?
Re: (Score:2)
Your ignorance never ceases to amaze me. Thank you once again for a wonderful insight into what it must be like living in your head. Truly terrifying.
Re: (Score:1)
If Brexit happens, which there is a good chance of, the entire European Union is in peril. And a lot of the reason that is is because people just like you look down on others who disagree with their political opinions, and consider them beyond stupid.
Many of us are insulted by the ruling class's dismissal of opposition as mere "anger and frustration" -- an imputation of stupidity -- while other of us just scoff at the claim that the ruling class's bureaucratic language demonstrates superior intelligence.
Re: (Score:2)
Nonsense. The EU parliament is elected directly, and the other two bodies (the Commission and the Council) are appointed by elected officials of each member state. If the electorates of Europe don't old them to account that's their own fault.
The EU tends to act in the interests of its citizens far more than the governments of many member states. To an extent that's because they are somewhat above national politics. For example, employment laws that favour workers, or ratings on vacuum cleaners so consumers
Re:This right here... (Score:5, Insightful)
There is a really easy, simple way developers can handle this. Don't use cookies by default. When the user logs in or adds something to their basket have the "you accept we use cookies, here's the privacy policy" text, but when the user simply visits the site don't set any cookies.
That would eliminate 90% of the annoyance and not place an undue burden on developers. It might annoy site operators who were hoping to create profiles of visitors, but fuck those guys.
Re: (Score:2, Insightful)
I hate 'webmasters' and how they think their job is to pull a fast one over the users.
ever look at yahoo's javascript, for example? its done on purpose to stop you from making meaningful global filters for adblock, etc.
the term 'webmaster' has devolved into something not worthy of respect (not sure it ever was, but now that web means 'content management engines' and not just content) and tricky ways to fuck you, the visitor, over, I am all for anything that makes THEIR lives harder and more painful.
see, th
Re: (Score:3)
'Webmaster'? Really? Is it 1996 again? You seem woefully out of touch with reality, ascribing all sorts of nefarious motives to people you've never met, without any evidence to support your rash judgements.
Re:This right here... (Score:4, Informative)
I used cookies to keep track of the last message that users read and what files for download had been updated. It was a long time ago but you can use cookies for things other than tracking users for ads.
Frankly I thought I was respecting the user's privacy by storing that info on their system vs keeping it in a database.
Re:This right here... (Score:4, Interesting)
You are respecting the user's privacy, and the EU specifically exempts the kind of cookies you are using: http://ec.europa.eu/ipg/basics... [europa.eu]
So you don't need a statement on your site, your use is exempt from the rules.
Re: (Score:2)
That system has been replaced by Drupal long ago but it didn't matter to me what the EU said. It was a US company and the website was hosted in the US. We respected our users privacy for the simple reason that they were our customers. They bought things from us and the website had 4 functions that justified it's cost.
1. Advertising our product.
2. Customer support and communications.
3. Updates.
4. An online store for customers to buy our products.
Most sales came from our sales force back then so the store wa
Re: (Score:2)
But browsers make this difficult. Either you accept ALL cookies (even the 99% that are evil) or you accept almost none. To accept cookies from just your own site most browsers do not give you an easy way to do this. Sometimes "don't accept third party cookies" will work but sometimes it won't because the cookie is coming from something that appears to be a third party site ("bringyourownbeer.com" uses cookies from "xyz.byob.com"). And the cookies have bizarre names with even odder contents, so if you're
Re: (Score:2)
Re: (Score:2)
Now they want me to put seatbelts in my car?? Fuck that. Fuck that big time. If a customer doesn't like it, they can fuck off and buy some other car.
The cookie directive is about making users aware of surveillance. The EU (that is, the representatives of the member nations of the EU, collectively) have decided that surveillance by websites is potentially not in the consumer's interest, and the consumer should at least be aware of it.
As I understand it, now they're going a step further and saying, if you wan
Re: (Score:2)
If a company doesn't want to meet the criteria for doing business in the EU, then the EU should be perfectly within its rights to stop it from operating within the EU. Companies, business and economy exist to serve human needs, not the other way around.
Enjoy your corporate overlords, then.
Re: (Score:2)
If a customer doesn't want to meet the criteria for using the website, then the website should be perfectly within its rights to refuse service.
N/quote>
It is perfectly reasonable to tell visitors that they are about to be spied on, if they enter a site, just like the law requires CCTV cameras to be accompanied by a warning message on a sign. It is part of being open, transparent and honest - something that is good for consumers and others; in fact, it is one of the many arguments in favour of remaining in EU. And anyway, using a thing like Privacy Badger in Firefox, you can selectively block cookies on any site very easily.
Re: (Score:2)
is the sole reason why I'm voting for the UK to leave the EU!
(Just joking, probably...)
And its another reason why I'm voting to stay....
A governmental organisation that it not, by default, automatically on the side of the seller instead of the consumer? Great! This, of course is why the most right wing, big money, parasites are keen to get us out so that we can head downhill to what people in the US have to put up with.
Re: (Score:2)
Enjoy your surveillance state and complete lack of privacy in the UK.
I take it you have disbanded the NSA, FBI abd every other criminal TLA in your country?
People in most of the EU, even in the US/corporate friendly UK, have more privacy than you. They all would appear to have better internet privacy than you.
There is a difference between whining and boasting...
"Tax" on developers. (Score:3)
Waiting for my cheque to implement an entire alternate back-end in 3.. 2.. 1..
Re: (Score:2)
The summary is misleading. You can use certain cookies for things like sessions or user input, but not for tracking or advertising IDs etc. So you could just design your primary back-end not to need the evil cookies, and then selectively enable them for tracking if the user agrees.
What? (Score:2, Informative)
No, if you don't want to accept the terms of using the website (cookies in this case) you DON'T GET TO USE IT.
WTF is wrong with these people?
Re: (Score:3)
Re: (Score:2)
Then the web sites should stop being so creepy. "Hey, you bought Depends Adult Undergarments last time you were here, let me show you a lot of ads for incontinence while your co-workers look over your shoulders."
Web sites can work wonderfully without the cookies. They just need to remember that they exist to provide information first and foremost and that they are not supposed to show advertisements. Webs are supposed to be stateless, so act more like an encyclopedia than the weekly advertising flyers sh
Re: (Score:2)
" They just need to remember that they exist to provide information first and foremost and that they are not supposed to show advertisements"
BZZZTTTTT! WRONG!
They exist, especially business owned sites, to MAKE MONEY.
They don't owe you free information "first and foremost". That is just such backwards entitlement nonsense.
Re: (Score:2)
Then you are too young to remember the real internet.
Re: (Score:1)
No, if you don't want to accept the terms of using the website (cookies in this case) you DON'T GET TO USE IT.
Are you sure? My Self-Destructing Cookies add-on doesn't believe you.
Re: (Score:2)
At least you admit to being a thief...
Re: (Score:1)
You stole a cookie and then you destroyed it!
Re: (Score:2)
The cookie from the website you are using is the "cost" of using that website...
The problem is http is stateless (Score:3)
Re: (Score:3)
Re: (Score:2)
Everybody tracks though.... essentially.... every major company has reasons to; it's not a privacy issue; it's to the users' benefit, and should not be impeded by the government.
Tracking users moving between pages on your own website is vital for administration of your website for various reasons; at the very least, all responsible webmasters want to know if you got a 504 or 503 error, which page it came from, and the stream of clicks you made within their website will provide debugging clues.
Then yo
Re: (Score:1)
Everybody tracks though.... essentially.... every major company has reasons to; it's not a privacy issue; it's to the users' benefit, and should not be impeded by the government.
here's some advice for you: DIE IN A FIRE, ASSHOLE
can't tell if you are serious or trolling, or maybe even a paid shill.
but to come here and support spying - get the fuck out! just leave. your bootlicking views are not wanted here.
Re: (Score:2)
Re: (Score:2)
It seems like they are differentiating between session cookies and permanent cookies. So you can have some basic state info for the site, but as soon as the user goes away it is lost and privacy is maintained.
Re: (Score:2)
A large amount of activity over HTTP doesn't require the server to know what you wer
Re: (Score:2)
When I browse slashdot, I like it to remember what level I choose last. It isn't strictly necessary for the site to work but it works better with the cookie to retain that information.
Websites don't store cookies; web BROWSERS do that (Score:2, Informative)
None of this is going to make sense as long as the laws continue to be so completely disconnected from the reality. If a user wants or doesn't want to use cookies, then they have already instructed their browser to take the appropriate action, and it will be perfect in a way that the laws cannot even begin to approach.
Anything the governments do related to this, is irrelevant and wasted. The absolute best case that anyone can hope for, is that they'll do no harm. And that, realistically, will never be achi
Re: (Score:2)
If a user wants or doesn't want to use cookies, then they have already instructed their browser to take the appropriate action
That is true for people here but you should talk to some users sometimes...
What "living hell"??? (Score:2)
I have not noticed anything more than "mildly annoying". Hyperbole much?
Re: (Score:1)
Quite. The most annoying outcome of this is when it's necessary to click on the "No, it's okay, serve me cookies" button every time I visit a website, which only shows that their cookies aren't working.
Re: (Score:1)
Re: (Score:2)
Shoot self directly in foot
Here's mine (Score:2, Informative)
Your browser uses cookies. You have the power to disable cookies in your browser settings. This website may only request that a cookie be stored, it can not force your browser to store the cookie or return the cookie at a later time. This website can not stop your browser from sending it cookies. Only your web browser can disable or delete cookies. You are even sending this website global session cookies that you or some other website asked to be stored, and there is no possible way for the operators o
Gov needs stop trying to decide technology choices (Score:2)
Laws should request the result, not the method of getting there.
Cookies have many important uses; most of them perfectly legitimate with no privacy ramifications. It is only abuse of cookies that pose a risk, and what might be regulated should be the potential result of motivations for abuse, not the means.
They should repeal the cookie directive and replace it with a "Privacy Directive", regarding retaining and linking personally identifiable information to web history gathered from 3rd party website
Re: (Score:1)
If you actually read the law, you would notice it's much more abstract as they do not even mention cookies. It is exactly as you described.
Furthermore storing data for functional purposes is totally fine on the condition that it's removed at the end of the session. If you go for permanent storage or you want to track your user then you need to ask permission. It doesn't matter if you want to achieve that through cookies, images, flash, localstorage.
Re: (Score:2)
Cookies have many important uses; most of them perfectly legitimate with no privacy ramifications.
care to offer any proof for this asertion?
my experience - and likely that of EVERYONE ELSE - is that most cookes ARE there for tracking. did you ever look at them? ever see the 3rd party sites that store shit on your browser?
webmasters are out of control. they essentially report to the marketing dept, these days (unofficially, but the marketing guys run the show, which is why the web is in the ruined state
Re: (Score:2)
care to offer any proof for this asertion?
For starters..... Cookies are why I can navigate to http://slashdot.org/ [slashdot.org] every evening and post a comment without having to go through the repetitive task of typing in Yet another username and password every day.
Cookies are why I can go to Youtube and watch a video..... the first time I see one, there will be an Ad shown..... Then I can go back and visit Youtube.com a few minutes later, find a new video, and they will give me a break because i've just seen a
It's the Web-browser's job! (Score:4, Insightful)
I've never understood the problem with cookies. Websites don't control cookies, the Web-browser does.
The browser should only maintain cookies associated with the browsing window for as long as that window is open. There's no use in anything else. No timers of any sort, short or long, it gets ignored.
Now scripting, that's another kettle of fish altogether.
Re: (Score:2)
Add an exception for Wikipedia, and cross your fingers that they don't abuse it by shwoing you "it's been 451 days since you last donated to us" notices.
Re: (Score:1)
Having used the excellent self-destructing cookies plugin for Firefox for a while now, yes, this should be the default way it works. With trivial white listing for the sites you do want to remember you, which in practice turns out to be quite rare.
Cookies are an Implementation Detail (Score:2)
I went to the consultation ... (Score:1)
It didn't inform me that the site uses cookies, but I checked, and there are 2.
Standard JSESSIONID and one that stores the value of whether the user has JS or not.
As an aside, the consultation is the least accessible piece of lawyer speak I have seen in a long time.
I used to laugh at this (Score:2)
I finally moved to the EU. I used to laugh at this back when it was first proposed but wholly crap is this annoying. There's almost no website I can visit which doesn't produce some boilerplate warning saying that for the site to work you need cookies. Worst part is it typically loads after the content, so if your computer if slow enough then you're already trying to click a hyperlink when the popup appears and the entire page moves and you click on the wrong link.
Can accepting tracking be considered a payment? (Score:1)
So, rather than denying access for those who don't wish to be tracked, can a company simply make its content pay-walled by default, but rather than paying $2 per month or something allow the users to accept tracking instead?