European Union cookie law. Yes another topic!

[Michel_72]

Sorry, I am forced by IPS to start a new topic, since they closed all other topics regarding the new EU cookie law.

This is a feedback forum, So I am giving you my feedback.

Facts:

1. There is a law in the entire European Union that requires to inform your visitor about cookies, before ANY tracking cookie is being written to the visitor. You can turn this left, right upside down, but this is the law. No discussion about that. There are no other interpretations of this law.

2. There is a Dutch law, that takes this even a step further and requires you to specifically ask for PERMISSION before writing any tracking cookie to the visitor.

The European Union is not just some small random country where laws change by the minute. We are talking about an entire continent and a large portion of your customers that are confronted with this new cookie law problem.

Whe need IPS to be a little bit more proactive about this. Most customers don't know how to modify their website to comply to this new law. Huge fines can be the result. Simply stating 'we create software and software can not break any law' just doesn't cut it. A large portion of your customers have a problem. Help them to solve it!

IPS, start a new topic or blog post where you explain (with some examples) how customers can modify their website to comply to this law.

Currently I see only one solution and that would be replacing the index page by a 'cookie page' that give you two options 'accept' of 'leave' since the current version of IPS has facebook, twitter, gravatar and several login options almost embedded in IP.Community so whoever visits a IPS site, gets loads of cookies, if he wants to or not.

IPS, take your head out of the sand and start to inform us about how to solve this problem please!

Kind regards,

Michel

[You may erase after reading]
Ps. If you close this topic as well, I'll cancel my IPS license and find another community software. I was very disappointed by you for closing all the other topics and practically showing your customers the finger.
[/You may erase after reading]

[Cyrem]

The European Union is not just some small random country

No, but they do make terrible laws... take this one for example.

It is not IPS's responsibility to make sure your forum is following laws that apply to you, it's yours! If they start catering to one law, they might as well open a law branch to cater to all laws. This of course adds more tape and paperwork further slowing down development of the software... not to mention making them open to be sued for any minor mistakes.

It takes but 5 minutes to add a banner. If customers don't know how to modify their website, they shouldn't be running a forum in the first place. It's like owning a car and pretending to know how to drive it.

If IPS does anything to help you in this regard you should send them cake...a lot of cake... because they are going above and beyond what they need to do.

showing your customers the finger.

If this is your view and this is all it takes to make you switch software... you won't be missed. Cya!

More than likely, this topic will be locked because it brings in much hate of the EU law... like the others did.

[Matt]

The biggest issue for us is that if we start adding in specific code to appease a specific law, then we're responsible for it and some may even consider us liable. We don't have the knowledge or scope to ensure we fully comply. We've done a lot of research and the biggest barrier is that no one really knows what the best solution is to the letter of the law. Most sites just put up a banner that says "Click ok if you accept we use cookies" with a page that lists the cookies used, but has this been tested from a legal stand point?

We have great sympathy and we're not putting our head in the sand. As a US vendor it troubles us to be liable for code that has legal repercussions.

I'm sure you can appreciate that. :smile:

For what it's worth, we did add the "privacy policy" feature which is linked on the registration and log in forms. You can edit this to list the cookies and add any other legal text you wish. All you need then is a little banner in your template. This replicates what most sites do (regardless if it fully satisfies the ruling).

[Michel_72]

1. Nobody holds anybody responsible.

You can assist by suggesting a few good options (examples) to comply to this law.

Just put a disclaimer in your blog post waiving any responsibility it if you are concerned for claims.

2. It's not 'just' a matter of putting a banner in place, you need something that stops cookies from being written before the visitor has made it's choice. Also when the visitor approves, your need to store this choice so the visitor does not get the banner every time.

This is a 'nice' implementation:

www.tweakers.net

You can see the website (blurred), but You do have to approve cookies before you can use it.

As I said before. I expected a little more proactive behavior from IPS.

If 100 customers of mine can't use their phone do to a network error, I'll still try to help them, ever though I can't help the network is down.

That's all just a matter of being helpful towords your customers. So far IPS has done nothing to be helpful.

I know this law sucks. I would also rather drive 120MPH on the freeway, but that just isn't going to happen. ;)

Kind regards,

Michel

[Inkubus]

Have you tried these?

[Michel_72]

Yes, they don't comply to this law. They allow writing cookies before the choice has been made.

[Cyrem]

Matt is right, from what I've seen also there is a lack of 'standards' regarding how you are supposed to display and ask this.

And really, how many people goto a website and go: "OMG! They use cookies like the other billion sites I visit every day! My cookie jar is full, even though this page had information I needed... I will click deny and search out a site not using cookies..."

[Michel_72]

That is all completely irrelevant. There is a law and usually people comply to the law. There is only 1 law and only one way to comply.

If you don't comply you risk huge fines.

[Charles]

This has come up before and until there is unanimous consent on what, specifically, has to be done to comply with the law we will not act. For example: the two files linked to you. Some say they do comply, others say they do not. Until the EU can sort itself out we are not going to take time writing in a feature that may or may not comply with a law. What if we take one approach and then someone says it's not right? The whole thing is quite murky.

[GreenLinks]

I can see where IPB stands on this. Right now there is no definitive method that can be used. Even lawyers have different opinions on what can be the best implementation.

[Michael]

In addition to being something that is unclear on how it needs to be implemented, it's an EU law only. If IPS was forced to write their software which complied with EU laws, then they'd need to comply with every other set of laws as well. I would not be surprised if some countries had laws that said that every page must contain the text "All hail our benevolent leader" on it somewhere, would IPS need to comply with that as well?

The EU is a major source of the customer base of IPS, obviously, but at the end of the day I think it is more up to individual site owners who operate in the EU to comply with EU law than it is IPS's responsibility.

[Michel_72]

I think know the EU directive is 100% clear on what you have to do to comply.

That 100 people have 100 onions doesn't not change the law. There is also still people that think they can drive 100MPH on the freeway. That doesn't make it right.

But alright, I know where IPS stands now. I guess I will just have to give up. I know for the future I should not expect much from IPS.

Kind regards,

Michel

[Charles]

I am sure we will add some sort of compliance for this law once it's universally clear what to do. Right now it's very much not as this topic shows :)

If you are 100% clear can you clarify specifically what we would need to do?

[Lewis P]

2. It's not 'just' a matter of putting a banner in place, you need something that stops cookies from being written before the visitor has made it's choice. Also when the visitor approves, your need to store this choice so the visitor does not get the banner every time.

"Implied Consent" to required cookies was added to the law last minute, and therefore covers that. If the site loads with them (or any plugins etc) then there is no definitive way to deal with the entire thing because of the above. Hell, even if you block cookies on your site, then Google are still going to serve them on your adsense or analytics Javascript.

To me, common sense would state that if I'm going to go onto a forum community, then I'm going to have to login or have cookies stored. This is where the EU have been stupid (as usual).

Just put something in your privacy policy, chuck a banner on your main page with "This site uses cookies. By continuing you agree. Click Here" and you're fine. Well.... says the lawyer that we consulted and obviously most of the large UK company's lawyers judging as that's exactly what they do.

[Michel_72]

That's the same as my 'special' freeway.

500 meters up the freeway there is a tollbooth. It says 'by entering this freeway you consent to paying 100 dollars.

What you are saying is the same. You say 'By entering this site you consent to cookies being stored. Press agree to continue...' but in fact several tracking cookies have already been stored before you could even read the banner. ;)

Don't you think that this might just be a little stupid?

I think you will just pay the fine...

[Weppa333]

i'm in europe and I honnestly don't give a f$ for this stupid law.

And I run a boatload of websites.

[Ryan H.]

What you are saying is the same. You say 'By entering this site you consent to cookies being stored. Press agree to continue...' but in fact several tracking cookies have already been stored before you could even read the banner. ;)

Don't you think that this might just be a little stupid?

As far as I know, IP.Board does not create any cookies until you change your theme or log in. You saying 'tracking cookies' makes it sound like those are coming from ads or analytics. Guess what--IPS has absolutely no control over those! They can't stop the page from executing javascript code that you add to it. The same thing is true for third-party hooks and applications.

If that is the problem you are having, then you need to create a landing page that warns people and allows them to enter or leave the site. No ads or analytics or anything else for that matter. That is not a general solution that will be acceptable for all websites, so it's not something IPS can do for you.

[NewRockRabbit]

In the UK no-one knows what this law means because it is badly worded and written by lawyers with limited (any?) knowledge of how the www functions.

Major web sites (like google.co.uk) don't comply. Nor do UK major central government web sites like the inland revenue. The new government information hub makes a minimal effort to comply by having a notice on the website the first time you visit, no click to consent required (http://www.gov.uk).

[bfarber]

I have read opinions that state the wording of the law excludes the cookies that IP.Board sets, because IP.Board does not set any personally-identifiable tracking cookies and the law has some exclusion regarding cookies required for basic web functionality.

As has been stated, there are differing (legal, not user) opinions on what does and does not comply with the law. There is no general consensus yet, and if you visit 100 different random EU-based websites that are attempting to comply with the law, you will probably find at least 20 different implementations. We are not lawyers - we cannot write blog entries explaining how you can comply with the law, I'm afraid. That would be risky, because it would be easy for us to tell our clients something that isn't accurate (with good intentions of course), and that's not the sort of thing we'd want to do to our clients.

[Jinkler]

I would not be surprised if some countries had laws that said that every page must contain the text "All hail our benevolent leader" on it somewhere, would IPS need to comply with that as well?

So you've been to North Korea then? :D

[NenaDice]

[You may erase after reading]
Ps. If you close this topic as well, I'll cancel my IPS license and find another community software. I was very disappointed by you for closing all the other topics and practically showing your customers the finger.
[/You may erase after reading]

If there is one thing about Ips is that they really listen to their customers.

And the way you are addressing them, is not the way to bring your point across imho.

That being said, I do not really see what Ips is doing wrong in this case.

[Chillyware]

Maak je geen zorgen als je het in je registratie voorwaarde staat moet men dit bevestigen en is ook bindend volgens de nl wetgeving

kijk een op mijn site ander via PB

Do not worry if you do it in your registration condition is that one must confirm, is binding according to the NL law

http://community.inv...6-cookie-popup/

http://community.inv...765-cookie-bar/

Deze kan je ook gebruiken

You can use this

[Charles]

I hope that Michel_72 can, after reading this topic, understand why we have not yet acted.

[GreenLinks]

I hope that Michel_72 can, after reading this topic, understand why we have not yet acted.

If you'll implement this within 4.0 , can we also expect GeoIP implementation also so that rules will be displayed to correct countries only :)

[Aiwa]

I've gotten the same feeling as Brandon...

The underlying purpose of the law, regardless of how you interpret the wording, is to give EU users some kind of indication that PERSONALLY IDENTIFIABLE information about them will be stored by the site.

How you go about doing that, 'by continuing you agree', 'click here to agree', etc. is still worded very poorly and (from what I can tell) never tested in a court of law to determine what's is truly REQUIRED to comply...

Websites these days have to have a BASIC set of cookies when you go to them, but if no personally identifiable information is stored in them until you 'agree' or 'continue' are those cookies 'ok'? From what I've read, yes they are... But i'm not a lawyer...

Until everyone can agree on what cookies are acceptable, if any, prior to consent and what the requirements are that constitute 'consent' then no one can legally act on this law... Everyone can 'guess' at how it needs to be handled, but no one really knows..

You say 'no one will hold IPS responsible', you can't make that statement. You are not everyone... There may be someone that comes along in a week and see 'IPS tells me how to comply with this law, great', 'oh wait i'm being charged for violating the law, IPS it's your fault! you told me what to do!'

IPS isn't in the business of misleading their customers. Even the best intentions of 'helping' their customers would not change the fact that any 'help' they provide, at this stage, would be an educated 'guess' on how the law has been interpreted for them by a lawyer. That lawyer could be wrong, and in turn the information IPS gives you or builds in their software would be wrong and they 'could' be held liable.