Archived Boards and Threads... > SMF Feedback and Discussion

New European Cookie Laws

<< < (4/29) > >>

JohnS:
A little more information is now available and does seem to create issues with Forums including SMF. My comments are based on the UK interpretation of the EU directive, other countries have different interpretations, not this is not legal opinion I am not qualified to give legal opinion and this is based on my personal views.

1. It does not matter where your hosting is located, if you are located in the EU or the user is in the EU then the law applies.

2. SMF uses cookies and attempts to place a cookie on your PC before you log in.

3. Placing this cookie (or even looking for a cookie on a PC) is not allowed under the new law without permission, unless it is 'strictly necessary'.. But there is no definition of this. Who will define 'strictly necessary'. It could be argued that it is not necessary until after you have logged in, but this cookie is before you have logged in. If you bar this cookie you can not log in.

4. The ICO (UK Information Commissioners Office) who will control this law have stated that in the first instance at least they will only take action against complaints and even then will ask the offending party what they are going to do about it. There will be no immediate prosectution, so that gives time for things to settle down and some precedents to be set. They have also said that the first issue will be cookies that contain personal information, they do not seem to be too worried, at least at the moment, about neutral cookies that do not particularly identify people or thier habits.

5. You would be well advised to ensure your sign up agreement covers the new law which covers new subscribers, but it does not cover existing ones. The UK ruling based on the EU directive is that you must seek positive approval, it is not enough just to change your terms and conditions, even if you advise people of the change, you must get their positive approval of the change. Opt Out is no longer a possibility in the EU it is now all Opt In.

6. I have a subscriber base of over 4000 people, obviously postive opt in can only be carried out automatically. I already have utilities which clean the database and remove people, I will be working on these to change them to require everyone to verify their membership of the list on a postive response basis.

7. I am still not convinced that this will meet the letter of the law, though it will probably meet the intent of the law which is to control third party (intrusive cookies. At the end of the day it will probably not matter what the law says, but what the ICO do to police it. It could take years to find that out.

8. It may no longer be possible to allow indefinite log in and log in will have to be restricted to current session only. Together with the removal of any cookie use prior to log in. Whether the SMF team will take this on board I do not know.

9. Users of the forum are perhaps the least worry as they are unlikely to complain about use of cookies on the site, the complaints will come from those who are not members and who do not understand cookies. Warnings may need to be placed, certainly in the joining terms and conditions and the on site privacy statement (also required by EU directives, but not always there).

10. Forget Google Analytics, unless you are willing to pop up an agreement panel every time a person visits your site they contravene the UK law, they do not necessarily contravene other EU country law as some have taken a more relaxed approach than the UK big brother. We may find the big guns going into battle on this Google, Facebook and many others have a lot to lose here.

John

Kindred:
1- BS and unsupportable
2- yup
3- it is required by SMF. There is no other way to deal with user sessions.

in short...  it's all BS and is not defensible or enforceable.

MrMorph:
So I'm thinking change the terms and conditions to say you must accept we use a cookie,  If they don't accept then they can't join.  New members will see the new terms and press the button to accept - that's all you need for new members as it's direct acceptance.

And I was thinking to start a simple thread for active members to voice their acceptance.  Also sending a newsletter to each member that they must accept in the thread.  Anyone who does not accept has their membership deleted.   If they want to come back weeks later then they get the new terms and conditions.

Can anyone tell me what details the SMF Cookie holds ?  Is it just the username and password ?  Or is there anything else ?

choloman05:
I think this is directed at the big boys that provide "free" services like Google's Analytics, Chrome, and Search for example and gather huge amounts of very specific user behavior information. I doubt SMF needs to worry.

SlammedDime:

--- Quote ---Can anyone tell me what details the SMF Cookie holds ?  Is it just the username and password ?  Or is there anything else ?
--- End quote ---
The user id, a hashed password which is then hashed again with a salt, and the time you logged in.

Navigation

[0] Message Index

[#] Next page

[*] Previous page