How can we control cookies with new EU legislation?

Sorry Esmi – I was speaking specifically about the UK law, as this is what is affecting me, however the EU directive was almost as specific – but it is open to interpretation by each nation state.

A clear warning will probably not be enough for UK law for the response cookies – even though users are warned of the cookies being used, non-essential cookies will still require the consent before being set.

So do what I suggested and tell WP to flush cookies on every page load if not logged in. No more cookies. The WP_flush call will do it.

Hmmm, I don’t know whether that would work because you are actually deleting cookies from the users computer that you had previously put on their without their express permission. What would happen if you set a cookie on one page, but then the user closed their browser or clicked away from your site. They would not hit the “delete cookies” command again, and so would have a cookie on their machine. I know it is a little pedantic, but unfortunately lawyers tend to look at the minutia!

Yeah, well given that the EU (AND UK) laws say ‘third party cookies’ over and over…. Anyway. Put the call in the footer, and it’ll do it at the end of the page load. SHOULD take care of it. You’ll have to test.

Ipstenu – thanks for your help. I would, however like to clarify that UK laws specifically cover all cookies, not just those from third parties. In fact the ICO Cookie Regulation guidelines mentions how to deal with third-party cookies almost as a footnote (See page 9).

I actually read the long form doc, which that one is commenting from (and not in full). Their advice in that PDF is no more or less complete than Esmi’s or mine. As I’ve mentioned many times in this thread, get yer butt to a solicitor (lawyer) if you live in an affected country.

The full and complete directive.

66. Third parties may wish to store information on the equip-
ment of a user, or gain access to information already
stored, for a number of purposes, ranging from the legiti-
mate (such as certain types of cookies) to those involving
unwarranted intrusion into the private sphere (such as spy-
ware or? viruses). It is therefore of paramount importance
that users be provided with clear and comprehensive infor-
mation when engaging in any activity which could result
in such storage or gaining of access. The methods of pro-
viding information and offering the right to refuse should
be as user-friendly as possible. Exceptions to the obligation
to provide information and offer the right to refuse should
be limited to those situations where the technical storage
or access is strictly necessary for the legitimate purpose of
enabling the use of a specific service explicitly requested by
the subscriber or user. Where it is technically possible and
effective, in accordance with the relevant provisions of
Directive 95/46/EC, the user’s consent to processing may
be expressed by using the appropriate settings of a browser
or other application. The enforcement of these require-
ments should be made more effective by way of enhanced
powers granted to the relevant national authorities

Seems to me that once a website has this option enabled: https://www.cookielaw.org/the-cookie-collector.aspx displayed it on the screen, would that be enough?

It has to be something easy to implement, perhaps google can do something about it and include it as part of the adsense program to help their publishers and website owners.

Will USA use similar law in the near future?

Are there clear information about it? and easy to apply in 3 simple steps? Perhaps this is what legislators and society need to do first, then inform, then apply the law. Do you want to share it here?

What is the official organization to verify that a website is playing by the rules?

Will USA use similar law in the near future?

Gosh, I hope not. It’s idiotic.

Are there clear information about it?

And that, my friend, is 100% of the problem with the law ?? No, there isn’t. This is ‘get a lawyer’ territory.

What is the official organization to verify that a website is playing by the rules?

There isn’t one, as far as I am aware – which is often the case with new EU legislation. The member countries often have no framework in place to deal with it.

I see esmi just beat me to it. Just to confirm – while it’s EU legislation, which should therefore be the same across the whole EU it is up to the individual member countries to implement and there will likely therefore be differences in both implementation and governance in each country.

In the UK the Information Commissioner’s Office is the official organisation and they have some information – whether it’s clear for your purposes, I could not tell you.

If it helps at all, I’ve finally gotten around to creating a small plugin – eCookie Warning – that adds a warning about cookies to the native WP registration page. Hopefully this will help sites comply with the new regs. At worst, it shows a willingness to comply which can go a long way in these situations.

https://quirm.net/2011/08/09/ecookie-warning/

Here in the UK there’s been a lot of discussion about the law, but not much movement on solutions – presumably because it’s up there with asking car manufacturers to start making cars with only square wheels.

There appears to be quite a bit of misunderstanding and legalese in this thread, which demonstrates just how awful this bureaucratic EU Directive is.

We’re still no closer to something that will work out for all users of cookies.

I’m looking for a plugin that will allow me to block users based on whether or not they accept cookies for my site, as detailed here: https://wordpress.stackexchange.com/questions/36665/how-can-users-who-do-not-opt-to-have-cookies-set-be-blocked-from-using-a-site

It might appear to be a bit extreme, but what are the alternatives? I don’t have the technical resources or knowledge to implement a sophisticated solution, which puts me in the same category as 95% of all other businesses and website owners (whether they’re businesses, charities or individuals). It’s no great loss to me if I block traffic that would otherwise have opted not to set cookies.

On 13 December 2011, the UK’s Information Commissioner’s Office (ICO) published updated guidance, which will probably be the last guidance update before the UK deadline for complying with the EU Cookie Law.

It seems very clear to me that UK-based web publishers who are using WordPress will have to obtain prior consent for any and all cookies that are associated with a typical WordPress installation.

I have very limited coding skills, so am desperately hoping that WordPress will grasp this bull by the horns and incorporate functionality within the core product to enable publishers to gather the required consents and manage / limit cookie placement accordingly.

Otherwise, I honestly have no idea how I can possibly comply with this law.

https://www.ico.gov.uk/~/media/documents/library/Privacy_and_electronic/Practical_application/guidance_on_the_new_cookies_regulations.ashx

https://www.ico.gov.uk/news/blog/2011/half-term-report-on-cookies-compliance.aspx

I have added a feature request / idea here:

https://www.ads-software.com/extend/ideas/topic/add-core-functions-to-comply-with-eu-cookie-law

Any supporting votes would be greatly appreciated.

Answered there – 3.4 will have the ability to make comment_* cookies pluggable, putting the responsibility on your shoulders to handle it how YOU interpret it.

As always, talk to a lawyer before making a snap decision.