Archived Boards and Threads... > SMF Feedback and Discussion
New European Cookie Laws
JohnS:
I agree that in the case of the SMF site provided it is hosted outside the EU and you have no presence in the EU then you 'may be' exempt and possibly are. Germany has shown that not to be the case as far as they are concerned.
However if your website has any connection with the EU by way of hosting or by way of any data being controlled from the EU, then it is subject to the laws.
So whilst it may not affect SMF directly, it will affect all users of the SMF software if they are based in the EU.
Your definition on 'strictly necessary' but it has not yet been shown whether this will be the opinion of the UK regulatory body. Whilst a cookie after log in can be shown to be 'strictly necessary' a cookie prior to log in as used by nearly all, if not all forums, shops etc may not be legal. Time will tell.
Note it applies to ALL cookies, it does not matter if they are tracking, intrusive or contain no data at all they require advance opt in permission to be used unless they are 'strictly necessary'.
I don't think this is the place to discuss EU - USA law, suffice it to say that laws are in place that can make a US citizen liable for offences in the EU and liable to extradition, and vice versa, it has already been used against hackers and other offenders. The DCMA is enforceable in the EU even though a US law. Though I doubt a cookie would result in that kind of action.
青山 素子:
--- Quote from: JohnS on May 25, 2011, 08:00:51 AM ---The law applies to all cookies (at least the UK law does other countries have a slightly less rigid interpretation of the directive), it also prohibits interrogating for cookies, not only placing cookies, without the express permission of the user.
--- End quote ---
That's funny wording since there is no "interrogation" as browsers broadcast the cookie contents willingly.
--- Quote from: JohnS on May 25, 2011, 08:00:51 AM ---The only exception is for cookies that are 'strictly necessary' to the operation of the website.
--- End quote ---
The SMF software will not work properly without the cookie it uses. You will not be able to stay logged in while browsing. I would say that it is quite necessary for the operation of the software.
Do you have a link to the UK law? Last I checked on the directive, it was for 3rd-party cookies only, as I noted earlier in the topic. If the UK has gone beyond that and is also enforcing against first-party cookies, that would be quite interesting.
Kindred:
BTW:
http://www.bbc.co.uk/news/technology-13541250
http://allthingsd.com/20110524/eat-your-cookies-eu-privacy-directive-takes-effect-wednesday/
http://www.thedrum.co.uk/news/2011/05/25/21754-advice-for-brands-about-new-eu-cookies-directive/
http://www.ico.gov.uk/~/media/documents/pressreleases/2011/enforcement_cookies_rules_news_release_20110525.pdf
It ONLY covers "intrusive" cookies and is designed to protect personal identifiable information. Username and hashed password would not count...
However, it is fairly clear that US-based websites are free to ignore this...
except for:
http://blogs.wsj.com/digits/2011/05/24/california-privacy-politics-makes-strange-bedfellows-facebook-and-google/
http://info.sen.ca.gov/cgi-bin/postquery?bill_number=sb_761&sess=CUR&house=B&site=sen
but it's not quite the same...
JohnS:
The full law is at http://www.legislation.gov.uk/uksi/2003/2426/contents/made
The relevant part is regulation 6.
Regulation 6 of the Privacy and Electronic Communications Regulations 2003 (PECR):
6 (1) Subject to paragraph (4), a person shall not store or gain
access to information stored, in the terminal equipment of a subscriber
or user unless the requirements of paragraph (2) are met.
(2) The requirements are that the subscriber or user of that terminal
equipment--
(a) is provided with clear and comprehensive information about the
purposes of the storage of, or access to, that information; and
(b) has given his or her consent.
Whilst browsers my broadcast the cookies, the law makes it illegal to look at them without prior permission. As you can see the law applies to much more than cookies and it is very generic it does not differentiate between first and third party cookies. Each country will have its own interpretation, some are much looser than the UK one.
This is what happens when bureaucrats try and implement technical solution.
Edit: Just to make it clear the extract above is the ruling from 26th May, the on line law still contains the old version which is not quite so tight.
CoreISP:
--- Quote ---I agree that in the case of the SMF site provided it is hosted outside the EU and you have no presence in the EU then you 'may be' exempt and possibly are. Germany has shown that not to be the case as far as they are concerned.
--- End quote ---
Not possibly, certainly.
And what Germany is or is not concerned about is not our problem. They cant force their laws upon another country.
--- Quote ---I don't think this is the place to discuss EU - USA law, suffice it to say that laws are in place that can make a US citizen liable for offences in the EU and liable to extradition, and vice versa, it has already been used against hackers and other offenders
--- End quote ---
This is a different situation. For example, in the Netherlands it is allowed to download music for your own use. It is illegal to upload it. But for downloading, it is legal. The US law cannot prosecute a person living in NL for download music, nor can they ask for extradition as the person is simply not doing anything wrong by law. It's not like you are comitting a murder. (Although the music industry wants it to be that way, lol)
A hacker with intent to destroy something is illegal in Europe aswell, hence the possibility to get prosecuted.
--- Quote ---The DCMA is enforceable in the EU even though a US law
--- End quote ---
It is not. We have different types of laws and procedures, the DMCA law does not apply to anyone in Europe. It is a US law, not a EU law. Different country's, different laws. Simple as that.
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version