

Changes to the rules on using cookies and similar technologies for storing info - Isofarro
http://www.ico.gov.uk/~/media/documents/library/Privacy_and_electronic/Practical_application/advice_on_the_new_cookies_regulations.pdf

======
ZoFreX
This information is so wrong and misleading that I would class it as
dangerous. Here's some choice bits:

> A cookie is a small file of letters and numbers downloaded on to a device
> when the user accesses certain websites. Cookies allow a website to
> recognise a user’s device.

> At present, most browser settings are not sophisticated enough to allow you
> to assume that the user has given their consent to allow your website to set
> a cookie. Also, not everyone who visits your site will do so using a
> browser. They may, for example, have used an application on their mobile
> device.

> One possible solution might be to place some text in the footer or header of
> the web page which is highlighted or which turns into a scrolling piece of
> text when you want to set a cookie on the user’s device. This could prompt
> the user to read further information (perhaps served via the privacy pages
> of the site) and make any appropriate choices that are available to them.

> An analytic cookie might not appear to be as intrusive as others that might
> track a user across multiple sites but you still need consent.

So, anyone in the EU running a website has a choice: Either tank your user
engagement rates, confuse and alienate your customers, stop using Google
Analytics (unless the user opts in - watch your bounce rate fall to 0%), or
willfully disregard EU law. For me, this is an easy choice.

~~~
Isofarro
What's wrong and misleading about each of the four quotes you've picked?

~~~
ZoFreX
"a small file of letters and numbers downloaded on to a device" isn't a very
good summary of what a cookie is, in my opinion.

> Also, not everyone who visits your site will do so using a browser. They
> may, for example, have used an application on their mobile device.

What do they mean by this? A mobile browser should still have an option
regarding cookies. If it's not a browser but some other user-agent... well
what could it be? If it's an app hitting your site over an API cookies are
unlikely to be involved, but shared state could be maintained any way you want
it to be (plus this hardly counts as a "website").

The third quote is just horrible, horrible advice. A lot of the options they
discuss are genuinely dreadful from a user experience point of view, and it
seems that European websites will be forced to have worse experiences than all
other websites. From a competitive view this is not good.

Finally analytics cookies... If you have to opt-in to Google Analytics that
will put a severe selection bias on your data, it'll make many important
metrics (uniques, page views, time on site, bounce rate) completely worthless.

------
JonoW
This seems like such a hugely expensive policy to enforce for what problem
exactly?

~~~
Isofarro
The problem is tracking the sites a user visits and building profiles of user
behaviour based on that information without the knowledge and consent of the
user.

