EU's Cookie Law Should Crumble

from the not-a-good-situation dept

A bunch of folks have been sending in versions of this story about new EU cookie rules that will require anyone placing cookies on your computer to first get consent. This is the sort of law that is passed by people who don't understand the technology at all, and misinterpret "cookies" as automatically being malicious. This is the sort of thing that people who were first understanding the web got concerned about a decade ago, until they realized it was nothing to worry about. Except... it appears some people haven't quite figured that out yet, and tragically, they make laws in the EU.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: cookies, eu


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    A Dan (profile), 13 Nov 2009 @ 1:57pm

    Oddly familiar

    The description on the linked website reminds me immediately of UAC in Windows Vista. It may sound good in theory to ask someone if you want to do something they may not want. But, in practice, that results in an excessive number of messages and clickthroughs any time a user wants to do something, well, useful.

    link to this | view in chronology ]

  • icon
    Dark Helmet (profile), 13 Nov 2009 @ 2:07pm

    Question...

    Am I the ONLY one the manually goes through my cookies folder every now and again and deletes any that aren't super familiar to me?

    Or are you Europeans too busy drinking wine, eating cheese, and trying to figure out how the fuck the EU got to be the Fourth Reich to do that kind of thing?

    ;)

    link to this | view in chronology ]

    • identicon
      duckling, 13 Nov 2009 @ 2:17pm

      Re: Question...

      I stop them from being placed in the first place, and regularly delete them all. There's software for that, no need to do it manually.

      link to this | view in chronology ]

      • identicon
        Chris, 13 Nov 2009 @ 2:23pm

        Re: Re: Question...

        There's no need for a law either. There is already software to allow/disallow cookies. It's called a browser. The settings are already there, usually in privacy mode even.

        link to this | view in chronology ]

      • icon
        Dark Helmet (profile), 13 Nov 2009 @ 2:26pm

        Re: Re: Question...

        "I stop them from being placed in the first place, and regularly delete them all. There's software for that, no need to do it manually."

        I'm sure there is. If it isn't strictly about network security, I'm kind of a technotard. I know a little about everything, and a lot about nothing.

        Hell, I'm right now trying to figure out how to turn my amatuerish PDF eBook into a torrent file and get you fuckers reading it ;)

        See? If I was one of those viscious raporist pirates, I'm sure I'd already know how to do that!

        link to this | view in chronology ]

    • icon
      Azrael (profile), 13 Nov 2009 @ 10:56pm

      Re: Question...

      Nope, me too. And i've set the cookie rule to Ask before accepting. Why? Because it's very easy to get cookies from some sites your employer would find as a reason to fire you, especially when the cookies are from ads placed in totally benign (or even work related) sites.

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 13 Nov 2009 @ 11:38pm

      Re: Question...

      No you are not the only one to go through your cookies ... GRIN .... you red wine drinking, cheese eating, hairy under armed wanna be french man ....

      ... Big Ole Grin

      link to this | view in chronology ]

  • identicon
    Anonymoose, 13 Nov 2009 @ 2:09pm

    ...and another case where people who care about this sort of thing already have tools to control them e.g. any of the dozens of cookie control plug-ins, private browsing options or cookie settings baked into the browsers already..

    Governments... meddle.

    link to this | view in chronology ]

  • identicon
    techdirtReader, 13 Nov 2009 @ 3:56pm

    I don't like the idea of a persistent cookie unless it is a service that has a logon. Washington Post makes everybody login. People can reasonably deduce that the Post can track what they do at the Post.

    Multisite tracking cookies do bother me. They don't announce themselves. They just track. I don't know what the proper remedy is. I am not claiming the regulation is the answer. Just saying I am bothered by them. I would estimate more would be bothered if they understood, but they don't.

    Yes, there are tools to remedy the problem, but only the tech savvy know about them. I can't imagine the time it would take me to get my mom up to speed. It would be impossible.

    I recommend TACO and BetterPrivacy firefox extensions. TACO will automatically setup opt-out cookie values for the famous tracking companies. BetterPrivacy will delete flash cookies (or cookie equivalents) upon browser close. Up until two months ago, I didn't even know about the existence of flash cookies.

    link to this | view in chronology ]

  • icon
    Ralph-J (profile), 14 Nov 2009 @ 1:15am

    Automatic Cookie Acceptance Mode

    What if browser makers decided to add automatic cookie acceptance as the default in the newer versions of their browsers? Since the new law only applies to third parties actually carrying out the "storing of information on the equipment of a user" (in other words the websites that want to track their users), it doesn't seem to apply to the makers of user software.

    link to this | view in chronology ]

    • identicon
      Doh, 14 Nov 2009 @ 9:07am

      Re: Automatic Cookie Acceptance Mode

      I guess it would be time to remove them manually, just like we used to do.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 14 Nov 2009 @ 1:43pm

    There are cookies and there are "cookies".

    There is the normal cookie that nobody cares about and that can be easily deleted or viewed by anyone and there is the super-cookies like flash cookies that few know about it or the new standard DOM storage.

    DOM Storage can be used to store large amounts of information that can then be upload to somewhere like the Halfnote app does.

    https://developer.mozilla.org/en/DOM/Storage

    It is starting to get a bit scary indeed.
    The Flash cookies can store information too and can be controlled by a flash application that can record and store things. Is that not a bit scary?

    link to this | view in chronology ]

  • icon
    bugmenot (profile), 14 Nov 2009 @ 2:57pm

    so Your to rely on the ignorance and apathy of the general population to ignore security: "out of sight out of mind as it were!"

    clearly your not thinking this through, its a good thing.

    and re-enforces all the old law we already had availanle to protect our personal data streams and our personal copyrights....

    theres a twist, using copyright for the protection of the people.... Not the Corporations.

    think about it.

    https://nodpi.org/2009/11/05/eu-telecoms-package-bad-news-for-advertisers/
    "...
    Personally I don’t see this as a bad thing because people need to be more aware of what data they are giving away and what it is being used for – so I am all for a little bit of inconvenience or annoyance to educate the general public on privacy. But many people will be annoyed about it.

    However, on the positive side – this also means that tracking cookies (which are used by a countless number of advertising networks and behavioural profiling companies) and Local Stored Objects (LSO or Flash Cookies) – will now also have to present users with a clear explanation as to what they are, what they collect and what they will be used for.

    As we saw in a recent research paper over 60% of consumers in the US do not want Behavioural Advertising so it is reasonable to assume the same would most probably apply with EU countries as well – in fact we may well see even more people opposed to it in EU states given the last couple of years of campaigning on the subject by privacy advocates (such as the members of this web site) meaning it is very much an issue which is in the public focus.

    This is exactly what companies like Phorm and Audience Science did not want to happen – Opt-Out meant they could rely on the ignorance and apathy of the general population not to bother with opting out meaning they would capture a large percentage of the market without the consumers even knowing what was going on.

    Now however, not only must they get permission from people (opt-in) but they also must give truthful and accurate information to consumers as to what they are doing – which is far more likely to illicit a reaction of NOT opting in as people do not want to be tracked.

    This is going to hit the bottom lines of these companies very hard indeed and it is likely (in my opinion) that their revenues are in for a dramatic decline. I would be suprised if they can capture even 30% of the market with the new regulations – a long way from the current 90+% they probably have under Opt-Out models.

    The changes would also make it illegal for companies to reset traditional cookies or gather behavioural information with Flash Cookies (LSO) without consent – which has become a new trend as advertisers realised they could bypass countermeasures which led to the deletion of their tracking cookies from users machines (such as deleting cookies when a browser is closed or only allowing session cookies – which are popular features of modern browsers and plugins).

    Of course, as always – the devil is in the details. We need to keep pushing parliamentarians to make sure that this is added to UK law in an appropriate way.

    ....
    "

    link to this | view in chronology ]

    • icon
      bassmadrigal (profile), 16 Nov 2009 @ 2:15am

      Re: so Your to rely on the ignorance and apathy of the general population to ignore security: "out of sight out of mind as it were!"

      The one issue I see with your arguement is that so many people will just end up clicking to agree to them. Sure at first they might read through them, but how many people actually read through EULA's? Most of the time people will just look for that box that is near the sentence that starts with "I Accept".

      The fundamental problem with this, is the majority of people don't want to be constantly bombarded with messages to allow or deny. This is one reason why so many people hated Vista's UAC.

      Now, one way I could see that they could implement this, is only if it covers cookies not placed by the original domain. So if you go to example.com that site can place any cookies, but if an ad on that site from advertising.com it would request permission for it.

      I still think this is a bad idea. The more security popups we get the less time we will take to read them until you just blindly click yes. Then we are no better than we were before except getting ticked off anytime the stupid popup comes up.

      If you are worried about this, learn enough to be able properly use your browser. Whether you are making use of the features of the browser itself, or adding additional features with addons/plugins.

      link to this | view in chronology ]

  • identicon
    Alexander Hanff, 16 Nov 2009 @ 7:57am

    You all seem to have not understood the issue

    First I find it shocking that the author of this article has failed to do any due dilligence and has instead merely taken what Out-Law published as fact - when in reality it is far from it.

    Pinsent Masons (who are Out-Law.Com) represent some of the largest organisations in the UK from this industry so naturally their viewpoint is going to attempt to shroud the public from the real interpretation of the ammendments in order to make noise for their clients.

    As was discussed last week at the BEUC 2009 Forums - the Telecoms Reform Package makes it very clear that the use of cookies which are needed to make the site function (such as login cookies, session cookies, shopping carts cookies etc.) will not require consent. Therefore the only cookies which will be effected by the regulations are 3rd party tracking cookies, marketing cookies etc. and is it a good thing that they should require Opt-In? Damn right it is.

    Furthermore, there is no reason for these to acquire consent every single time as a single control setting could be provided to the user for persistent consent.

    But more importantly, the ammendments are not just about cookies. They also protect the consumer from LSOs (Local Stored Objects aka Flash or Silverlight Cookies) which are being used more frequently to track consumers and even to respawn traditional cookies which users have deleted (which is so unethical it goes beyonds words). Also this new law will make drive-by adware/nagware/malware which are installed via active x controls and browser technologies - illegal without consent. It also expands even further in that it would outlaw the use of javascript to access a consumers browsing history.

    It is interesting to see that Out-Law claim this ammendment was slipped in through the back door and no-one knew about it...utter rubbish. I was speaking to someone from the EU Parliament on Friday and they assured me that the 5(3) Ammendments were very strongly lobbied against by industry.

    Message of the day? Actually do some research instead o just believing what you read on Out-Law.Com and you might develop a better understanding of the issues being debated.

    Alexander Hanff

    link to this | view in chronology ]

  • identicon
    known coward, 16 Nov 2009 @ 11:01am

    i miss the point

    anytime anything is installed on a persons personal puter that person should be asked about it.

    Good for the EU.

    link to this | view in chronology ]

  • identicon
    Manfred Rolle, 25 Nov 2009 @ 1:34am

    Cookies

    Find EVERYTHING you should know about cookies here:

    http://www.maxa-tools.com

    link to this | view in chronology ]

  • identicon
    Cookie Pooper, 19 May 2010 @ 4:06pm

    Deleting cookies and Killing Flash speeds up my PC

    Deleting cookies and Killing Flashplayer speeds up my PC.

    But I have to reinstall Linux to Kill Flashplayer.
    But Linux reinstalls faster than Windows boots!

    And I only have to do that when it slows down or
    if I misspell my favorite websites
    (and end up on everyone else's favorite websites).

    But right now I'm pissed because Flashplayer installs
    without permission even when its blocked, on any popular browser,
    so I have to use open source ones with the Flash hacked out.

    Flash LSO cookies have ROOTKITS in them,
    and that means they let other people hack in and remote control
    your computer!!! --- And STEAL stuff using your passwords too!
    And spam your friends using your email.

    Maybe I should move to Europe? :)
    Where everyone knows more about computers than
    the people who invented them forgot!

    Web cookies are as yummy as a poop sandwich!

    Social Network websites have more poop cookies than a dairy barn!!!

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.