tag:blogger.com,1999:blog-2072226399526991149.post3079767324881283531..comments2023-06-29T12:07:43.973+01:00Comments on Program Your Own Mind 2: Cookie law implementation watchAnonymoushttp://www.blogger.com/profile/03109951687667398737noreply@blogger.comBlogger6125tag:blogger.com,1999:blog-2072226399526991149.post-49295587465220659552012-06-11T12:12:55.748+01:002012-06-11T12:12:55.748+01:00You've quoted the law:
"consent may be s...You've quoted the law:<br /><br />"consent may be signified by a subscriber who amends or sets controls on the internet browser which the subscriber uses"<br /><br />Amends, or sets. Using the browser in it's default mode, therefore, is not consent.<br /><br />Given that browsers (and portals to access content that do not even have cookie control) do not yet provide enough information to websites to show that consent has been given in this way, it falls on the websites themselves to get consent.Anonymoushttps://www.blogger.com/profile/03109951687667398737noreply@blogger.comtag:blogger.com,1999:blog-2072226399526991149.post-4008838347268510122012-06-11T12:03:00.733+01:002012-06-11T12:03:00.733+01:00They certainly are responsible for enforcing the l...They certainly are responsible for enforcing the law, but they can't read into it what isn't said in it, and that's what they're doing by asserting that relying on a privacy policy and a user's browser settings would be non-compliant.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-2072226399526991149.post-4204055141188167402012-06-11T10:54:27.899+01:002012-06-11T10:54:27.899+01:00Since it is ICO who will be essentially administer...Since it is ICO who will be essentially administering the law, the ICO advice is both here and there.Anonymoushttps://www.blogger.com/profile/03109951687667398737noreply@blogger.comtag:blogger.com,1999:blog-2072226399526991149.post-78462981173520133972012-06-11T10:23:25.813+01:002012-06-11T10:23:25.813+01:00The ICO's advice isn't what people should ...The ICO's advice isn't what people should be following here; they should be following the law itself, which says:<br /><br />"A person shall not store or gain information, or to gain access to information stored, in the terminal equipment of a subscriber or user unless ... the subscriber or user ... is provided with clear and comprehensive information about the purposes of the storage of, or access to, that information; and ... has given his or her consent".<br /><br />And also:<br /><br />"For the purposes of [the paragraph above], consent may be signified by a subscriber who amends or sets controls on the internet browser which the subscriber uses or by using another application or programme to signify consent."<br /><br />So, reading the law and the law alone, to achieve compliance you must only provide users with "clear and comprehensive" information about the purposes of the cookies your site uses by way of a privacy policy or dedicated cookies policy. Most sites already do this. The law does not say this information has to be thrust in the user's face at the top of the page or in a pop-up message; it only says the information has to be "provided".<br /><br />Furthermore, your site does not have to seek users' consent to set cookies as users will already have "signified" consent by changing their "internet browser controls" (sic), or opting not to change the default settings, to accept all cookies from all sites. The law does not even say that consent must be given on a per-site or per-cookie basis, only that it must be "given" and that changing browser settings count as giving it.<br /><br />The ICO advice is neither here nor there. Follow the law.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-2072226399526991149.post-45703923462491288102012-05-30T17:05:46.331+01:002012-05-30T17:05:46.331+01:00Absolutely disagree. I think you need to be carefu...Absolutely disagree. I think you need to be careful about what the ICO advice actually says, I reproduce it here for clarity...<br /><br />"It has been suggested that the fact that a visitor has arrived at a webpage should be sufficient evidence that they consent to cookies being set or information being accessed on their device. The key here is that the visitor should understand that this is the case. <strong>It is important to note that it would be extremely difficult to demonstrate compliance simply by showing that a user visited a particular site or was served a particular advertisement unless it could also be demonstrated that they were aware this would result in cookies being set</strong>."<br /><br />and<br /><br />"This remains the case if information is provided to the user but only as part of a privacy notice that is <strong>hard to find</strong>, difficult to understand or rarely read. This is why the “do nothing” approach is not enough. The understanding is all on the website operator’s side and the user “giving” consent is unaware that their actions are being interpreted in this way. The user is not informed so in the context of the Regulations, this is not valid consent."<br /><br />I would argue the very least you need to do is to have a link about cookies on your site *at the very top* with options therein to disable cookies on the site.Anonymoushttps://www.blogger.com/profile/03109951687667398737noreply@blogger.comtag:blogger.com,1999:blog-2072226399526991149.post-31636360156317841072012-05-30T16:35:57.884+01:002012-05-30T16:35:57.884+01:00as the ICO changed the ruling to implied consent 4...as the ICO changed the ruling to implied consent 48 hours before the deadline, I think the best implementation is a link to a cookies policy in the footer. Anyone agree?Anonymoushttps://www.blogger.com/profile/00825396796757266830noreply@blogger.com