Written: November 9th 2009
I've been reading a fair few posts recently about the EUs planned changes to the law relating to storing cookies on user's computers. Most of these posts suggest that the rule is moronic, prohibitive, and illustrates a complete lack of understanding on the part of the law makers. I'm not so sure though.
Now, I'm neither a lawyer, nor an expert in this field, so I can tell you only what it appears to mean to me (I have quoted the relevent part of the proposed amendment below).
As I understand it you will not be alowed to store information, or access information that has been stored, on a user's computer without their explicit consent, with the exception of cases where access to that information is strictly necessary for the provision of services that the user has explicitly requested.
So what are the instances where a web-site owner will want or need to store cookies?
Firstly there are cookies to used to identify the user during their session. If they have registered and logged on, or are using a service such as a shopping cart then I think you could argue that these are needed to perform the service they have requested.
Secondly, there are cookies used to track the user for analytics purposes. I think these are debateable. You could argue that analytical data is needed for the operation of the site that, by visiting, they have requested access to, but I don't think this holds much water really. It may be that the analytics software would have to do what it can using referrer data and IP address information instead.
Finally, you have cookies used to track which advertising a user has previously seen across one, or multiple sites. I don't think it is possible to argue that this is a service that has been requested, so consent would be required.
Are there any I've missed?
It could be that I am missing something here but, actually, I like the idea that I have to consent to being complicit in creating information about my habits and movements for the benefit of third parties. It is, perhaps, a tad hyprocritical of the EU given that the trend among government's is to try and make ISPs track our activities for their own uses, but anything that reduces the flow of information about us is a good thing isn't it? It is the reason why so many virus checkers consider advertising based cookies to be bad and so remove them isn't it?
I will be looking out for more information to find out why this is such a bad idea, but in the meantime I remain unconvinced that it is as incompetent, or ignorantly produced, as some suggest.
There is of course an irony in this post in that I am tracking your movements right now, and using cookies to do it.
The following has been quoted from: Out-Law.com: Proposed changes to cookie laws
Article 5(3) shall be replaced by the following:
Member States shall ensure that the storing of information, or the gaining of access to information already stored, in the terminal equipment of a subscriber or user is only allowed on condition that the subscriber or user concerned has given his or her consent, having been provided with clear and comprehensive information, in accordance with Directive 95/46/EC, inter alia about the purposes of the processing. This shall not prevent any technical storage or access for the sole purpose of carrying out the transmission of a communication over an electronic communications network, or as strictly necessary in order for the provider of an information society service explicitly requested by the subscriber or user to provide the service.The Proposed Recital
(66)Third parties may wish to store information on the equipment of a user, or gain access to information already stored, for a number of purposes, ranging from the legitimate (such as certain types of cookies) to those involving unwarranted intrusion into the private sphere (such as spyware or viruses). It is therefore of paramount importance that users be provided with clear and comprehensive information when engaging in any activity which could result in such storage or gaining of access. The methods of providing information and offering the right to refuse should be as user-friendly as possible. Exceptions to the obligation to provide information and offer the right to refuse should be limited to those situations where the technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user. Where it is technically possible and effective, in accordance with the relevant provisions of Directive 95/46/EC, the user's consent to processing may be expressed by using the appropriate settings of a browser or other application. The enforcement of these requirements should be made more effective by way of enhanced powers granted to the relevant national authorities.
On November 30th 2009 03:28:33 Charles (http://www.lvrealty.net) said:
Glad to see it isn't just our government that is woefully ignorant of how the web works. Cookies can be very useful for a websurfer as well as a way for someone to track your browsing (among other things). Personally I think that any site that wants a repeat visitor needs to make sure that they are strictly optional.
You can follow these comments using twitter, follow @ar_comments (or hastag #arickmann_comments_1027)