Advertisement:

Author Topic: New European Cookie Laws  (Read 84329 times)

Offline Kindred

  • The Mean One
  • Support Specialist
  • SMF Legend
  • *
  • Posts: 58,431
  • Gender: Male
    • Kindred-999 on GitHub
Re: New European Cookie Laws
« Reply #140 on: May 04, 2012, 12:30:37 PM »
Plus there is the issue of a UK citizen traveling outside of the EU, can you serve them a cookie without violating the law?

this... regardless of how accurate the geo service might be...

If you are going to knuckle under for them, then why do it half-way?
Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

Offline CircleDock

  • Semi-Newbie
  • *
  • Posts: 96
Re: New European Cookie Laws
« Reply #141 on: May 04, 2012, 01:23:49 PM »
It is my impression that if your server or your data controller is in the EU then you need to observe the rules even if the visitor is outside the EU, if you and your server are totally outside the EU then you do not need to observe the rules even if the visitor is from the EU. The law is applied to the person providing the service not to the end user. If you or your data controller is in the UK and your server is outside the UK then you need to seek permission to keep your data outside the UK under the data protection act.
That is just my impression from reading the various laws and guidelines, but I can not offer a legal opinion. It would therefore seem that using an IP locator is irrelevant and just slowing things down.
A Forum need only register under the Data Protection Act if it is storing personal information about an individual or information that could directly identify him. The only information routinely stored by Forums about members is:

[A] Their user name
Their email address
[C] Their IP Address

None of those are protected and even if a member were to register with their real name as their user name, that data would still not be covered by the Data Protection Act. Unless Forum Admins choose to store other information about their members - such as PayPal account numbers, their postal address etc. - then they are not required to register under the Data Protection Act and nominate a Data Controller. I too am not a lawyer but the foregoing has been given to me by a lawyer who checked with the Information Commissioner.

As for Geo-Location "just slowing things down", it's a very simple database query that returns one row and performed in less than 2 milliseconds on my server and it's only done at most once per user session. If it were using an external service, then there could be a slight delay I agree.