146
26
I have for a long time known that websites give me cookies so that small pieces of information can be remembered about my habits, passwords etc. I accept this, but all of a sudden they are asking for my permission to do so.
Why has this changed? What sparked this?
This question was a Super User Question of the Week.
Read the blog entry for more details or contribute to the blog yourself
Pureferret
Posted 2012-07-28T15:40:06.353
Reputation: 1 745
120
The EU e-Privacy Directive, otherwise known as the EU Cookie Law, originally came into place on the 26th of May 2012 and means you, as the site owner/administrator, have to get your visitors' informed consent before placing a cookie (probably related to social media elements or login/tracking systems) on their machine.
If you are a WordPress admin, there is a notification plugin for you to use which looks like this:
There is also a great overview.
According to the above link, it is not just standard cookies.
The law also affects anything that acts like a cookie, for example: Flash Cookies and HTML5 Local Storage.
There are also 'suggested categories' from the same link above (overview):
AruAkise
Posted 2012-07-28T15:40:06.353
Reputation: 1 412
1@BrtH: This is a normal consequence of international law. Every user is protected by the laws of the country where he lives. This means for websites: All websites, that a user could view, must comply with his countries laws. And this means for webmasters: Either they must build websites that will know in which country they are viewed and act according to the laws of this country, or they must build websites, that obey all laws of all countries. But one thing is clear: A Webmaster has to know all internet-relevant laws of ALL countries on this planet. – Hubert Schölnast – 2015-09-14T09:53:50.577
1
Unless my browser's being hijacked, that link seems to go to a chinese site for budding prostitutes... I believe the overview has moved here: https://www.cookielaw.org/the-cookie-law/
– Angel Joseph Piscola – 2016-08-02T02:48:29.437So are USA websites doing this just being polite to people who are under EU law? Lots of them do it, too. Edit: I see the comments address this, but you might want to add some such to the answer! – Brōtsyorfuzthrāx – 2018-05-22T19:47:15.510
12Worth noting that "implied consent" has been added to the directive at the last minute – Ben Brocka – 2012-07-29T02:04:58.963
3If you're a serious site, check with a national lawyer. The plugin is sufficient for the UK law of May 26th, but not for all EU countries. E.g. the similar Dutch cookie law of June 5th is stricter and links up with the Protection of Private Data law. – MSalters – 2012-07-29T22:23:10.667
2Wait, the cookie laws get even crazier! The Dutch government has decided that all websites in the entire internet in the whole world must obey the Dutch cookie law, which states that sites are only allowed to place cookies if you give them explicit permission. Yes, you are reading this correct, an opt in for cookies for all sites – BrtH – 2012-08-21T21:01:46.223
54
The law has changed.
Functional cookies are still allowed, but other cookies now require explicit permission to set. This is something which is decided EU wide after self regulation failed. Each (EU-) country has its own implementation of the new laws, but all follow the same guidelines.
Here are a few links to relavant articles regarding Cookie Laws:
Hennes
Posted 2012-07-28T15:40:06.353
Reputation: 60 739
You say functional cookies are allowed, so I can store cookies such as SSID and page language information at the visitor without informing him/her? – Martin Braun – 2014-06-29T15:29:50.943
To quote from the second link I posted: "Some cookies can be exempted from informed consent under certain conditions if they are not used for additional purposes. These cookies include cookies used to keep track of a user’s input when filling online forms or as a shopping cart, also known as session-id cookies, multimedia player session cookies and user interface customisation cookies, e.g. language preference cookies to remember the language selected by the user". So yes, remembering the page language and not using for anything else is legal. – Hennes – 2014-06-29T18:30:44.893
I am not sure what you mean with the SSID part though. My guess is session ID, in which case you probably already got the answer. – Hennes – 2014-06-29T18:31:42.607
Doesn't SSID allow just as much tracking as any other cookie? I mean the only difference is that you save the data on server... – Tomáš Zato - Reinstate Monica – 2015-10-14T17:51:22.667
Why are cookies any different than saving anything directly on the server with AJAX? I mean, it only keeps the information on the user's computer instead of the server's. it's like asking for permission to save a few bytes on the user's machine. ridicules. – vsync – 2016-09-13T11:36:19.690
The few bytes are not the problem. What they represent (and how they often are abused) are the problem. – Hennes – 2016-09-13T13:02:51.893
The New EU cookie law link is broken – Michael Tranchida – 2017-08-08T05:31:54.063
6You say the law changed, but you don't cite a specific law or movement. What laws? When did this change? – iglvzx – 2012-07-29T06:24:42.013
I did not add links because I was still searching for relevant links in another language than in my native language (Dutch). When I returned to the question with some of them bookmarked there were already two other answers which such links. – Hennes – 2012-07-29T11:33:53.083
18
It's as a result of the European Union e-Privacy Directive.
You must tell people if you set cookies, and clearly explain what the cookies do and why. You must also get the user’s consent. Consent can be implied, but must be knowingly given.
There is an exception for cookies that are essential to provide an online service at someone’s request (eg to remember what’s in their online basket, or to ensure security in online banking).
The same rules also apply if you use any other type of technology to store or gain access to information on someone’s device.
DaveP
Posted 2012-07-28T15:40:06.353
Reputation: 557
1Legal questions are off-topic here – kinokijuf – 2014-10-12T20:26:39.917
In 2012 already? Interesting. I started noticing this cookie warnings back then at some point. (I saw this Question around three years ago and look it up to check whether there have been any discussions about GDPR). – neverMind9 – 2018-10-25T23:10:35.603
30Remember guys! Use Ghostery and AdBlock Plus addons. Both in Chrome and Firefox. Always. – Apache – 2012-07-28T17:17:15.157
11@Shiki I use add block most of the time, but I don't think everyone should all the time. Thats how websites exist, from advertising revenue. Some websites even have different content if they detect plug in. – NimChimpsky – 2012-07-29T08:22:47.153
@NimChimpsky 1) If you install AdBlock at a friend or at a non-tech-savvy person, always use main filters, and only the most necessary ones. 2) If the person (or you) likes a forum or a site, unblock that. It's possible. Even easy for newbies. 3) But Ghostery should remain ON, for all the time. The only thing it kills (what you may want to use) is the ultra-cheap/worse online tech support chat. But those kind of support sites never help. Most of them are just bots, or unpaid/underpaid people who just redirects you to sites and whatnot. – Apache – 2012-07-29T09:20:35.283