EU's Cookie Law Should Crumble

from the not-a-good-situation dept

A bunch of folks have been sending in versions of this story about new EU cookie rules that will require anyone placing cookies on your computer to first get consent. This is the sort of law that is passed by people who don’t understand the technology at all, and misinterpret “cookies” as automatically being malicious. This is the sort of thing that people who were first understanding the web got concerned about a decade ago, until they realized it was nothing to worry about. Except… it appears some people haven’t quite figured that out yet, and tragically, they make laws in the EU.

Filed Under: ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “EU's Cookie Law Should Crumble”

Subscribe: RSS Leave a comment
Dark Helmet (profile) says:

Re: Re: Question...

“I stop them from being placed in the first place, and regularly delete them all. There’s software for that, no need to do it manually.”

I’m sure there is. If it isn’t strictly about network security, I’m kind of a technotard. I know a little about everything, and a lot about nothing.

Hell, I’m right now trying to figure out how to turn my amatuerish PDF eBook into a torrent file and get you fuckers reading it πŸ˜‰

See? If I was one of those viscious raporist pirates, I’m sure I’d already know how to do that!

techdirtReader says:

I don’t like the idea of a persistent cookie unless it is a service that has a logon. Washington Post makes everybody login. People can reasonably deduce that the Post can track what they do at the Post.

Multisite tracking cookies do bother me. They don’t announce themselves. They just track. I don’t know what the proper remedy is. I am not claiming the regulation is the answer. Just saying I am bothered by them. I would estimate more would be bothered if they understood, but they don’t.

Yes, there are tools to remedy the problem, but only the tech savvy know about them. I can’t imagine the time it would take me to get my mom up to speed. It would be impossible.

I recommend TACO and BetterPrivacy firefox extensions. TACO will automatically setup opt-out cookie values for the famous tracking companies. BetterPrivacy will delete flash cookies (or cookie equivalents) upon browser close. Up until two months ago, I didn’t even know about the existence of flash cookies.

Ralph-J (profile) says:

Automatic Cookie Acceptance Mode

What if browser makers decided to add automatic cookie acceptance as the default in the newer versions of their browsers? Since the new law only applies to third parties actually carrying out the “storing of information on the equipment of a user” (in other words the websites that want to track their users), it doesn’t seem to apply to the makers of user software.

Anonymous Coward says:

There are cookies and there are “cookies”.

There is the normal cookie that nobody cares about and that can be easily deleted or viewed by anyone and there is the super-cookies like flash cookies that few know about it or the new standard DOM storage.

DOM Storage can be used to store large amounts of information that can then be upload to somewhere like the Halfnote app does.

It is starting to get a bit scary indeed.
The Flash cookies can store information too and can be controlled by a flash application that can record and store things. Is that not a bit scary?

bugmenot (profile) says:

so Your to rely on the ignorance and apathy of the general population to ignore security: "out of sight out of mind as it were!"

clearly your not thinking this through, its a good thing.

and re-enforces all the old law we already had availanle to protect our personal data streams and our personal copyrights….

theres a twist, using copyright for the protection of the people…. Not the Corporations.

think about it.
Personally I don’t see this as a bad thing because people need to be more aware of what data they are giving away and what it is being used for – so I am all for a little bit of inconvenience or annoyance to educate the general public on privacy. But many people will be annoyed about it.

However, on the positive side – this also means that tracking cookies (which are used by a countless number of advertising networks and behavioural profiling companies) and Local Stored Objects (LSO or Flash Cookies) – will now also have to present users with a clear explanation as to what they are, what they collect and what they will be used for.

As we saw in a recent research paper over 60% of consumers in the US do not want Behavioural Advertising so it is reasonable to assume the same would most probably apply with EU countries as well – in fact we may well see even more people opposed to it in EU states given the last couple of years of campaigning on the subject by privacy advocates (such as the members of this web site) meaning it is very much an issue which is in the public focus.

This is exactly what companies like Phorm and Audience Science did not want to happen – Opt-Out meant they could rely on the ignorance and apathy of the general population not to bother with opting out meaning they would capture a large percentage of the market without the consumers even knowing what was going on.

Now however, not only must they get permission from people (opt-in) but they also must give truthful and accurate information to consumers as to what they are doing – which is far more likely to illicit a reaction of NOT opting in as people do not want to be tracked.

This is going to hit the bottom lines of these companies very hard indeed and it is likely (in my opinion) that their revenues are in for a dramatic decline. I would be suprised if they can capture even 30% of the market with the new regulations – a long way from the current 90+% they probably have under Opt-Out models.

The changes would also make it illegal for companies to reset traditional cookies or gather behavioural information with Flash Cookies (LSO) without consent – which has become a new trend as advertisers realised they could bypass countermeasures which led to the deletion of their tracking cookies from users machines (such as deleting cookies when a browser is closed or only allowing session cookies – which are popular features of modern browsers and plugins).

Of course, as always – the devil is in the details. We need to keep pushing parliamentarians to make sure that this is added to UK law in an appropriate way.


bassmadrigal (profile) says:

Re: so Your to rely on the ignorance and apathy of the general population to ignore security: "out of sight out of mind as it were!"

The one issue I see with your arguement is that so many people will just end up clicking to agree to them. Sure at first they might read through them, but how many people actually read through EULA’s? Most of the time people will just look for that box that is near the sentence that starts with “I Accept”.

The fundamental problem with this, is the majority of people don’t want to be constantly bombarded with messages to allow or deny. This is one reason why so many people hated Vista’s UAC.

Now, one way I could see that they could implement this, is only if it covers cookies not placed by the original domain. So if you go to that site can place any cookies, but if an ad on that site from it would request permission for it.

I still think this is a bad idea. The more security popups we get the less time we will take to read them until you just blindly click yes. Then we are no better than we were before except getting ticked off anytime the stupid popup comes up.

If you are worried about this, learn enough to be able properly use your browser. Whether you are making use of the features of the browser itself, or adding additional features with addons/plugins.

Alexander Hanff (user link) says:

You all seem to have not understood the issue

First I find it shocking that the author of this article has failed to do any due dilligence and has instead merely taken what Out-Law published as fact – when in reality it is far from it.

Pinsent Masons (who are Out-Law.Com) represent some of the largest organisations in the UK from this industry so naturally their viewpoint is going to attempt to shroud the public from the real interpretation of the ammendments in order to make noise for their clients.

As was discussed last week at the BEUC 2009 Forums – the Telecoms Reform Package makes it very clear that the use of cookies which are needed to make the site function (such as login cookies, session cookies, shopping carts cookies etc.) will not require consent. Therefore the only cookies which will be effected by the regulations are 3rd party tracking cookies, marketing cookies etc. and is it a good thing that they should require Opt-In? Damn right it is.

Furthermore, there is no reason for these to acquire consent every single time as a single control setting could be provided to the user for persistent consent.

But more importantly, the ammendments are not just about cookies. They also protect the consumer from LSOs (Local Stored Objects aka Flash or Silverlight Cookies) which are being used more frequently to track consumers and even to respawn traditional cookies which users have deleted (which is so unethical it goes beyonds words). Also this new law will make drive-by adware/nagware/malware which are installed via active x controls and browser technologies – illegal without consent. It also expands even further in that it would outlaw the use of javascript to access a consumers browsing history.

It is interesting to see that Out-Law claim this ammendment was slipped in through the back door and no-one knew about it…utter rubbish. I was speaking to someone from the EU Parliament on Friday and they assured me that the 5(3) Ammendments were very strongly lobbied against by industry.

Message of the day? Actually do some research instead o just believing what you read on Out-Law.Com and you might develop a better understanding of the issues being debated.

Alexander Hanff

Cookie Pooper says:

Deleting cookies and Killing Flash speeds up my PC

Deleting cookies and Killing Flashplayer speeds up my PC.

But I have to reinstall Linux to Kill Flashplayer.
But Linux reinstalls faster than Windows boots!

And I only have to do that when it slows down or
if I misspell my favorite websites
(and end up on everyone else’s favorite websites).

But right now I’m pissed because Flashplayer installs
without permission even when its blocked, on any popular browser,
so I have to use open source ones with the Flash hacked out.

Flash LSO cookies have ROOTKITS in them,
and that means they let other people hack in and remote control
your computer!!! — And STEAL stuff using your passwords too!
And spam your friends using your email.

Maybe I should move to Europe? πŸ™‚
Where everyone knows more about computers than
the people who invented them forgot!

Web cookies are as yummy as a poop sandwich!

Social Network websites have more poop cookies than a dairy barn!!!

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop Β»

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...