New cookie law in UK?

Discussion in 'Discussion' started by simmons1, Feb 25, 2012.

Thread Status:
Not open for further replies.
  1. StatCounterJen

    StatCounterJen StatCounter Team

    Joined:
    Jun 10, 2007
    Messages:
    1,899
    Likes Received:
    0
    We have actually commented on this extensively via our blog. The post was made last year but our view of the situation remains unchanged.
     
  2. DavyAndDavy

    DavyAndDavy New Member

    Joined:
    Dec 19, 2011
    Messages:
    46
    Likes Received:
    0
    It's true you commented on the EU Directive although being a year old it is quite out of date and precedes any actual legislation passed by the member states. Some of your points are therefore now incorrect and you comment on what you "hope" member states "will do" not what they've actually done.

    Your cookie opt-out feature is excellent and thanks for that. It allows all EU websites to comply without getting cookie consent.

    But I was hoping that you'd comment on the more recent UK position where the ICO is "allowing" 1st party analytics cookies.
     
  3. webado

    webado Moderator

    Joined:
    Apr 29, 2004
    Messages:
    28,168
    Likes Received:
    1
    I have serious doubts that Google Analytics plants real first party cookies.
     
  4. Arne

    Arne New Member

    Joined:
    Sep 25, 2004
    Messages:
    5,464
    Likes Received:
    0
  5. webado

    webado Moderator

    Joined:
    Apr 29, 2004
    Messages:
    28,168
    Likes Received:
    1
    The cookies are set and read by google.com - from a script you include on YOUR site. Thus they are third party cookies.

    They only reason they might not set bells ringing is that we already collect a ton of cookies set by google.com through everything we do.
     
  6. DavyAndDavy

    DavyAndDavy New Member

    Joined:
    Dec 19, 2011
    Messages:
    46
    Likes Received:
    0
    I can see where you are coming from but you misunderstand the official definition of first party and third party cookies. (You can't make up your own definition!) It's down to the domain that the cookie is tagged with.

    GA cookies are tagged with the domain of YOUR site not a Google domain, that makes them first party cookies. That means the cookies can only be read by YOUR site - albeit via a script on your site whereby GA is actually doing the reading. (But if you wanted to, your site could read the cookie directly.) Google cannot read the analytics cookies associated with your site unless the user's browser visits your site.

    When a visitor visits your site the StatCounter cookie is tagged with the StatCounter domain, not your domain. That makes it a third party cookie. That cookie can only be read by StatCounter, via any site that uses the StatCounter code. In fact the same StatCounter cookie is used by StatCounter for all sites that use the code. (And your site cannot read the StatCounter cookie directly.)
     
  7. Arne

    Arne New Member

    Joined:
    Sep 25, 2004
    Messages:
    5,464
    Likes Received:
    0
    Then, what is this line in the GA script?
    To me it is definitely read by GA.

    From the link I posted above:
     
  8. DavyAndDavy

    DavyAndDavy New Member

    Joined:
    Dec 19, 2011
    Messages:
    46
    Likes Received:
    0
    Yes, of course it's read by GA, but indirectly, via your website, only because you incorporate some GA javascript into your website. If you took it out then the cookies would no longer be readable by GA.

    On the other hand, if you removed your StatCounter code, the cookie could/would still be read by StatCounter if the user happened to visit another website that used StatCounter.

    Your comparison of the domain tag and StatCounter "security" code are indeed an explanation of what makes the 2 tool work, but we're not talking about that, we're talking about cookies.

    A browser can only read a cookie if the domain is the same as the fully qualified domain of the website being viewed in the browser.

    This statement is simply wrong. You are getting confused between who ultimately reads and writes the cookie (GA/StatCounter) and who owns the cookie (You/StatCounter). Again, just look at the definitions of 1st Party and 3rd Party and, if you have the tools, look at who owns the cookies.
     
  9. ejwjohn

    ejwjohn New Member

    Joined:
    May 3, 2012
    Messages:
    18
    Likes Received:
    0
    I am an amateur web site designer and have no professional training in Code writing etc.

    I am now a little confuse, as i have used a site call Sitebeam to test a couple of my web sites that have Google Analytics and Statcounter cose imbedded in them. Sure enough when i test a site it comes up with the expected warning that the site is technically breaking the new EU directive, but only because it has detected the Google code, it seems to think that the Stat Counter code is not against the EU Directive .......

    The people behind the test are the same as those who have written an ebook on the new Directive , take a look at:-

    http://silktide.com/cookielaw
     
  10. rotarysteve

    rotarysteve New Member

    Joined:
    Aug 27, 2005
    Messages:
    1,885
    Likes Received:
    0
    ejwjohn

    If your concern is with the sitebeam report not flagging both services, I wouldn't worry about it as IMO that problem is with the sitebeam programming itself. Sitebeam and Nibbler does now recognize SC for analytics, but probably doesn't throw a flag because they don't seem to give SC the same weight as they do GA for an analytical service.
     
  11. ejwjohn

    ejwjohn New Member

    Joined:
    May 3, 2012
    Messages:
    18
    Likes Received:
    0

    I would be interesetsd in Statcounters view on the fact that the UK official position has since been updated.

    Thx

    John
     
  12. ejwjohn

    ejwjohn New Member

    Joined:
    May 3, 2012
    Messages:
    18
    Likes Received:
    0
  13. tom paine

    tom paine New Member

    Joined:
    Feb 5, 2009
    Messages:
    310
    Likes Received:
    0
    So Statcounter would be a category 2 cookie and we should obtain consent? Does that mean some small print at the bottom of the page would be adequate?
     
  14. ejwjohn

    ejwjohn New Member

    Joined:
    May 3, 2012
    Messages:
    18
    Likes Received:
    0
    Yes, The way i read this document from the ICC, the recommendations for Category 2 are fairly clear, you need to create some text with the suggested text for the category out of sections 2 & 4.

    I just created a Terms of Use link which generated a pop up page with the text included.

    Take a look at www.tudorhousecuisine.com and use the link at the bottom of the page.

    John
     
  15. DavyAndDavy

    DavyAndDavy New Member

    Joined:
    Dec 19, 2011
    Messages:
    46
    Likes Received:
    0
    Mmm. You've categorised your cookies and put some words together based on the ICC guidance for that category but you haven't actually asked for or obtained user consent, so I can't see that it's an adequate solution.

    Also, in response to Tom, the UK ICO (the actual regulator not the Chamber of Commerce) advises that small print at the bottom of the page is not adequate when explaining cookie use.
     
  16. ejwjohn

    ejwjohn New Member

    Joined:
    May 3, 2012
    Messages:
    18
    Likes Received:
    0
    Page 12 of the Guide, clearly states that for category 2 Cookies you can use the suggested wording....."By using our wedsite you agree that we can place these types of Cookies on your Device"..

    Ie if you don't want the cookies do not use the site, well that's the way i have interpreted the guide.

    John
     
  17. DavyAndDavy

    DavyAndDavy New Member

    Joined:
    Dec 19, 2011
    Messages:
    46
    Likes Received:
    0
    The wording is fine but the Regulations say you have to get user consent to use the cookie(e) and you are not getting consent because you have already placed the cookie by the time the user scrolls to the bottom of the website and reads the terms. (By the way, your link seems to be truncated and just says "Terms of".)

    Unless I've missed it, and I've not read every line, the ICC guidance does not suggest where/how consent is obtained and does not suggest that it can be obtained after the event. ( Point me to the place in the ICC guidance if I've missed it.)
     
  18. ejwjohn

    ejwjohn New Member

    Joined:
    May 3, 2012
    Messages:
    18
    Likes Received:
    0
    Hello,

    What browser are you using that Truncated the "Terms of Use " please?

    My interpretation of the directive is my best attempt, the logic is that for these Category 2 Cookies if you do not like what could be happening do not use the site any further. As i understand and interpret the document, Category 2 consent is granted by functional use of the site.

    Nobody is trying to set a trap here, i am providing a means for the visitor to get the information about the cookies then make an informed decision.

    Thanks

    John
     
  19. DavyAndDavy

    DavyAndDavy New Member

    Joined:
    Dec 19, 2011
    Messages:
    46
    Likes Received:
    0
    I understand, but the damage has already been done - I know you are not trying to set any traps and I know there is no real damage but the original Directive is of that opinion and you are not getting the consent that Directive and Regulation demand.

    That said, in the UK the ICO says for 1st Party cookies you'll "get away with it" by not asking for consent if you provide the type of information you are doing, but with a more prominent link. But your StatCounter cookie is 3rd party so you need (prior) consent whichever way you look at it. You could turn it off now that facility is there.

    My regular browser is IE9 on Win7. Firefox, Opera, Safari and Chrome on the same platform all show the same truncated link. The same is true for IE6, IE7 and IE8 on WinXP.
     
  20. ejwjohn

    ejwjohn New Member

    Joined:
    May 3, 2012
    Messages:
    18
    Likes Received:
    0
    Are we not trying to overcomplicate the guidance from the ICC? they do not mention the issue of 1st or 3rd parties within the discussion on Category 2 Cookies, (Well i haven't seen it). so why are we trying to make it a condition of Cat 2 Cookies?

    I have however added an additional couple of lines to my Terms of Use that the visitor may or may not follow.

    On the issue of turning the Cookie off, as a part time and amateur Web site designer i am not sure i have the technical knowledge on how to implement that.

    Thx

    John
     
Thread Status:
Not open for further replies.

Share This Page