A new law has been passed through the EU parliament which tightens the restrictions on how cookies can be used within website based in Europe.
The new law will have far-reaching implications for all publishers of online content in Europe, as it essentially means that unless you agree to specific terms no website will be able to remember who users are – something which will be a threat to the online advertising industry and the sites that survive on this revenue.
According to Out-Law.com, the law is set to come into force over the next 18 months and will mean that cookies will no longer be stored on user's computers unless the user "has given his or her consent, having been provided with clear and comprehensive information."
Cookie cutter
While the law is meant to shield users from unwanted targeted advertising – we are looking at you here Phorm – the requirement will be that all 'tracking cookies' will be subject for approval.
This means that the entire way websites work in Europe will have to be reassessed. Currently, when you log on to a website, cookies will be stored on your computer to remember your preferences, account details and things that most of us take for granted.
Like taking a sledgehammer to a walnut, if the law is passed in the UK – and across the rest of the 27 member states – then all of this usually harmless but necessary behind-the-scenes action will be queried every time you visit a new European-based site.
Clear and precise information
Out-Law.com, who uncovered the legislation within an 18-page press release which also discussed 'fishing quotas, train driving licences and a maritime treaty with China', has republished the text which states that cookies "should be allowed on condition that users are provided with clear and precise information in accordance with Directive 95/46/EC about the purposes of cookies or similar devices so as to ensure that users are made aware of information being placed on the terminal equipment they are using." Yes, it's that confusing.
This isn't the first time the EU has tried to pass such a directive. In 2003 another 'cookie law' was passed with regards to unsolicited material, which meant that an opt-out option had to be given on all material that was not requested by the user. This was meant to curb the flow of pop-ups and spam on websites and through email.
Your comments (7) Click to add a new comment
davidmeridian
November 11th
7. Stupid, stupid, stupid for the EU. But good for us who'll profit from EU businesses deciding to no longer host their sites in their own country. Thanks for being stupid, EU!
Alert a moderator
mikedevenney
November 11th
6. Rock on EU. Someone from over there get on the phone to the US and get them moving on something like this, would ya? I completely agree that websites should require consent to store cookies on your machine and that the consent should given only after the user is told exactly what is being stored and why. Granted... *EVERY* user can just turn cookies off in their browser but why muddy the waters. Again, go EU, brilliant move to put the onus on the websites. BTW - I'm a web developer so I'm not just some random user who has no idea how integral cookies are to the operation of websites, I just think this is the way to go. Full disclosure.
Alert a moderator
mrbbq
November 11th
5. If you had read the post on out-law.com entirely, you would have come across the following statement:
An exception exists where the cookie is "strictly necessary" for the provision of a service "explicitly requested" by the user – so cookies can take a user from a product page to a checkout without the need for consent. Other cookies will require prior consent, though."
So just visiting a web site will not entitle the web site to put a cookie on the user's computer; sending a cookie in response to particular actions (logging in, activating the "Remember Me" check box, using a web site's shopping cart etc.) committed by the user however will. Sadly the author of this post failed to mention this.
In my opinion, asking for confirmation to place a cookie is the same as facebook asking you if you want to grant an external application access to your profile -- People will just quickly click "Allow" in order to get straight to the content they were looking for.
Alert a moderator
john.norcott
November 11th
4. passwords are just the beginning with this... Most web applications use cookies to deal with state management, i.e. I've logged into this site and clicked on a link for another article within the same site. It's a cookie that tells the web server I've requested that page, not another user... OR every webmail application... It's a cookie that lets the server know which mail item you've decided to open. This law has absolutely horrible implications for the web and web developers.
Alert a moderator
cardinal4
November 11th
3. PS: Flash Player does not create a cookie when installed. It only creates one when <b>requested for</b> by the website you're visiting, which maybe login information.
Alert a moderator
cardinal4
November 11th
2. ofnoconsequence: I take it you don't know cookies at all? Every website which features a login system uses a Cookie. Not just Adobe Flash, your beloved Javascript, open-source PHP, Facebook, Twitter, uses Cookies. It's akin to your browser's memory.
I'm interested to find out what does "similar devices" mean. I don't want to end up like Window's UAC system, and have to click through popup prompts everytime a website wants to store information on my browser. Is the "Remember my password" checkbox consent enough?
Alert a moderator
Tell us what you think
You need to Log in or register to post comments