Profile: Dejan Košak

20

Does not meet the EU Cookie Directive requirements


Posted on 19 June 2013
This plugin looks fine but, as mentioned in description, does not block cookies from being set before user agrees.



For that this plugin does not satisfy need that EU Cookie Directive enforce!



It is not a solution, it is "visual" workaround (for site visitor a deception). If caught by authority this kind of misleading act could even be punished harder.
Owner's reply: It is important to review the documentation from the ICO who are responsible for implementing the cookie regulations in the UK, or the body responsible for implementing it in your own EU member country.
Here is some of the ICO documentation:

http://www.ico.org.uk/for_organisations/privacy_and_electronic_communications/the_guide/cookies
and
http://www.ico.org.uk/for_organisations/privacy_and_electronic_communications/the_guide/~/media/documents/library/Privacy_and_electronic/Practical_application/cookies_guidance_v3.ashx

There are a number of provisions that show that our approach to the cookie plug-in is correct, and offers a sensible approach to Cookie compliance.

Firstly note the ICO's (Information Commissioner) advice that "The watchdog stressed that sites that have taken some steps to reach compliance were unlikely to face any action." So you would be far worse off doing nothing, than making a sensible effort like implementing a cookie plug-in.

Next look at the ICO's own web site. Their own cookie banner text reads: "We have placed cookies on your computer to help make this website better. You can change your cookie settings at any time. Otherwise, we'll assume you're OK to continue." If the ICO sees fit to set a cookie prior to gaining consent, you can believe that it will be OK for you to take the same approach.

Next look at the FOI (Freedom of Information) request (linked from our page on the plug-in); where the ICO explicitly says on 12th October 2012 "as yet no formal action has been taken against any website at this time". Yet they received 485 referrals, and say that "We wrote to 71 separate websites in May 2012 to ask about the steps they had taken in order to ensure their websites were compliant with the cookie rules". Again you can be fairly safe to assume that if you have not had a letter from the ICO, you are not at risk of prosecution.

Look at a few other major web sites that have implemented cookie banners:
John Lewis - on a tiny banner right at the foot of the page:
"Our website uses cookies so that you can place orders and we can provide a better service. Continue to use the site as normal if you're happy with this, or find out how to manage cookies."

The UK Government (Has already set 18 cookies when you visit its home page: https://www.gov.uk/). Their cookie banner reads: "GOV.UK uses cookies to make the site simpler. Find out more about cookies"
The football association: http://www.thefa.com/ Says: "A functional cookie (which expires when you close your browser) has already been placed on your machine. More details"
The Law Society: http://www.lawsociety.org.uk/ (11 cookies set, no warning, but a very small "Cookies" link to a separate page, meaning they are relying on "Implied Consent"

In all cases the only way that cookies are actually blocked, is that you are advised to either leave the web site, or use your browser settings to block the setting of cookies.
None of these sites have actually blocked the cookies prior to gaining consent.

Note all these also that all these web sites have given NO warning whatsoever about cookies being set:
German Government: http://www.bund.de/ (2 cookies, no warning)
French Government: http://www.gouvernement.fr/ (8 cookies, no warning)
Polish Government official tourist site: http://en.poland.gov.pl/ (11 cookies, no warning)
Italian Government: http://www.governo.it/ (2 cookies, no warning)
Dutch Government: http://www.government.nl/ (1 session cookies, no warning)
Official EU site: http://europa.eu/ (1 session cookie, no warning) If you browse 3 pages, 8 cookies have been set, but there is still no warning.


We have always taken the view that the pragmatic approach is best for web site owners, and that it is better not to ruin either the functionality of your web site, the user experience, or the ability to gather your important analytics data.

There have been since the very start of the cookie law a small group of developers that doggedly believed that all cookies had to be blocked up until consent had been explicitly given. I think that the sites and quotes above amply demonstrate that these developers are wrong, and that it is quite acceptable to set a cookie in the normal way, inform your users properly, and advise them of measures that they can take if they do want to block cookies.
We are with the ICO, the UK Government, the Italian, German, French, Dutch, Polish and EU governments, and apparently the lawyers too.

If we ever hear from a credible source that it is necessary to block all cookies before explicit consent is given then we will re-engineer our cookie plug-in in order to make that happen.
In the mean time if you have any concern about how the EU cookie legislation will be applied in your own EU country then you should consult a locally qualified IP lawyer: there is no need to rely on misinformation and hearsay.
If your legal people confirm that a special solution is required for your country, we will be happy to work with you to develop a new cookie solution which meets your specific local legal requirements.
No extensions found
No extensions found