EU law

"EUROPA websites must follow the Commission's guidelines on privacy and data protection and inform users that cookies are not being used to gather information unnecessarily."

I do not think this is true.

regards,
Till

Sorry but it's true.
Here there is the "EU legislation on cookies": http://ec.europa.eu/ipg/basics/legal/cookies/index_en.htm#section_2

Have a nice day.
Diego

Hello Diego,
ok, but there are many exceptions mentioned on this page.
I will check this...
Thank you!

Regards
Till

Hi Diego,
sorry I want to ask again for clarification.
"EUROPA websites must..."
So which websites are meant if we speak about "EUROPA websites"?
European websites, websites of the EU?
And " block cookies until the user accepts them by EU law."
If you read some internet articles (I read some of them from the German point of view), this law/guideline(?) seams to not got ratified by all/my countries.

The first misunderstanding is, the law speaks about "personal" data beeing saved, a cookie itself not MUST be personalized data and personal data not must be stored in a cookie.

"Cookies clearly exempt from consent according to the EU advisory body on data protection- WP29pdf include: user‑input cookies (session-id)..., authentication cookies, user‑centric security cookies, multimedia content player cookies, load‑balancing cookies, user‑interface customisation cookies , third‑party social plug‑in content‑sharing cookies.
As I see, those are most of existing cookies, except affiliate tracking?

After user choice I have to set
"a corporate‑consent cookie to remember the choice of the user across websites"

As I understand, if the user decided to not accept cookies of my site AFTER loading it into the browser, I should set a cookie to save the info that the user do not accept cookies except session cookies and except cookies "strictly necessary in order for the provider of an information society service explicitly required by the user to provide that service" and ...

Hell.

Related issue: I believe the law in my country does not allow to ask for accepting a license AFTER installing/buying the product, the contract has to be made BEFORE the deal.

I randomly picked some of those websites displaying this "We use cookies" banner, amazingly they are setting lots of cookies by default, admittedly no cookie the next visit.

This is asking the user for opt-in but using an opt-out flow for real, foolish act, isn't it?!?

Technically, my suggestion to the legislator would be that website providers could, should or must provide a (further) solution to provide a nice clicky plugin or something to allow the user to set his browser-cookies settings by maybe a click, but WTF? To provide "real opt-in" imho the cookie question as used for instance is misleading!?

Regards,
Till

ec.europa.eu/ipg/basics/legal/cooki ...

Hi Till,
well whe have asked to Italian privacy office some clarification about what that means.
They was not so clear, indeed they told "every site that installs cookies on an Italian (EU) Client"
If you would read several Italian articles of internet influencers about this law/guideline, you can see that nobody likes it, not for its noble purpose to contrast the user rights over internet, but for the way it was written (unclear and vague) however here is mandatory for every italian site (intended as the owner of the website is under EU umbrella).

About the consent cookie is a technical cookie, without a profiling purpose. So it can be installed in the client without ask permission.

However, about your POV in "related issue": I'm totally agree with your toughts, but on the other side I need to ask consent to my users else I'm in the risk to have a amends between 6K and 120K euro.

Hi Diego,
Thank you for clarification!

I have two suggestions for improvements:
- Could you provide the default messages in English?
- Is it possible to load the banner by jQuery document ready instead of the onload event?

And a further question:
As I understand, if a client reject cookies, I am not allowed to show google adsense to it, is this true?

regards,
Till

Hi Till,
thanks again for your reply.

I will provide a default message in english, however it is a simple configurable text message.

I think you can have further details on how to configure from the GitHub repository: https://github.com/diegolamonica/EUCookieLaw

About the loading, in the latest version (1.4.1) I've made some changes to set the banner before the load event occours, but I wouldn't use jQuery, because the script need to work without any dependency.

Hello Diego,
thank you.
I changed my page and privacy policy.
On google I found a page, not explaining the law but with another script example.
My new page policy is a little bit different from your script as it provides an real "opt-in Flow" :
There is no rejection cookie but an opt in cookie, that means, the cookie is set if the user agrees, not if he is rejecting or ignoring.
I also changed the message to be more understandable by end user, so instead of to talk about cookies, I called it:
"Do you want to change to personalized modus?"

If the user clicks OK he is in the personalized modus and a cookie is set.
If the confirming cookie is set, my page shows google adsense and sharing buttons of social networks or third parties.

If the user cancels or ignores the message, no cookie is set and no third party widgets are shown also all cooies are deleted by php instead of some session cookies.

So I expect to get no more income from google adsense in the future as most people will ignore the message and don't see ads at the first vistit.
How I understood, that is what the law is expecting from me now, am I right?

Please give me a little help about that, what is your opinion, how are you acting on your own websites?

Thank you for mentioning the topic and thank you for the script!

regards,
Till

Hi Till,
my script allows both explicit opt-in (through the consent button) or implicit opt-in (scrolling the page) but all them are configurable behavior.

However because the law make differences between technical and profiling cookies (IMHO every cookie could be used to profile an user), all the cookies are blocked at beginning. If you use the server part of the script (eucookielaw-header.php) your cookies will be "trashed" before the page is served to the client and all the iframes, scripts that contains specific domains (all that is freely configurable and heavly described on GitHub page) are temporarily removed from the page. If the user gives his consent then the page reloads (according to its configuration) and then adsense, social widgets will appear on the page.

In this way I'm using the script on my site.

And Yes, (still IMHO) the law expects that all the contents should be blocked before the consent and after the optin of the user that can be done through a click on the button or (as defined by italian legislator) performing any other action on the site means consent to the policy.

Also I've read somewhere that in GB the law is less restrictive and the user have an inverse approach: he should have an action on the site to do an opt-out.

In the last if you have a WordPress web site, you will enjoy that the EUCookieLaw class is also a ready-to-install WordPress plugin. :)

Have a nice day!

Hello Diego,
all about, I think this new privacy conditions of the EU are, or maybe could be a try, to emancipate from the US.
It could result in people working with other affiliates then adsense.

No, Diego, I do not use wordpress for myself.

But thank you!!!

regards,
Till