coder-monkey

Ipstenu – thanks for your help. I would, however like to clarify that UK laws specifically cover all cookies, not just those from third parties. In fact the ICO Cookie Regulation guidelines mentions how to deal with third-party cookies almost as a footnote (See page 9).

Hmmm, I don’t know whether that would work because you are actually deleting cookies from the users computer that you had previously put on their without their express permission. What would happen if you set a cookie on one page, but then the user closed their browser or clicked away from your site. They would not hit the “delete cookies” command again, and so would have a cookie on their machine. I know it is a little pedantic, but unfortunately lawyers tend to look at the minutia!

Sorry Esmi – I was speaking specifically about the UK law, as this is what is affecting me, however the EU directive was almost as specific – but it is open to interpretation by each nation state.

A clear warning will probably not be enough for UK law for the response cookies – even though users are warned of the cookies being used, non-essential cookies will still require the consent before being set.

The UK law is quite specific – all cookies will require explicit consent from the user unless the cookie is specifically required for the website to work (i.e. a shopping basket). The cookies that WP set that relate to the administration of the site can quite clearly be placed in the latter (specifically required), and the session cookie could be defined as strictly necessary if it is also required for the administration aspect, but the cookies that are set when you respond to a post are not strictly necessary, and one of the elements that the law is trying to avoid, as it stores personal information (i.e. name and email address) in plain text files on your computer.

I believe that this can be fixed by having the response cookies not set unless the user checks a box in the reply field, saying something like “Remember my details”. If they do not check it (and it should not be checked as default), then the cookies are not set.

I would do this change myself on my site, but the change would disappear when I run an update, and would also not be applied to the millions of WP users in the EU/UK!