

Setting Google Analytics to not use cookies - robin_reala
http://stackoverflow.com/questions/10668292/is-there-a-setting-on-google-analytics-to-suppress-use-of-cookies-for-users-who

======
grn
Note that EU directives don't apply to website owners. They bind the member
states to implement them in some form. The laws of individual member states
contain guidelines that you should adhere to.

~~~
orblivion
I was going to ask this. What exactly would happen if I (as a US citizen)
ignored this? Would the EU block my website?

~~~
rmc
The EU doesn't make (much) real law per se. Unlike the USA, the EU doesn't
really have a criminal system, or federal laws etc. The EU makes member states
(which are countries _and_ states) implement a law. This law would only apply
to owners of websites. They don't block websites.

~~~
fromhet
This gives member states a bit of extra freedom - some implement the laws in
stricter or looser manner than the european parlament may have intended.

Some countries even refuse to implement them, as the Swedish goverment did
with the Data Retention Directive
(<http://en.wikipedia.org/wiki/Data_Retention_Directive>). See

[http://translate.google.se/translate?sl=auto&tl=en&j...](http://translate.google.se/translate?sl=auto&tl=en&js=n&prev=_t&hl=sv&ie=UTF-8&layout=2&eotf=1&u=http%3A%2F%2Fsv.wikipedia.org%2Fwiki%2FDatalagringsdirektivet%23Sverige)

(scroll down to implementation) for a while. Then they complied.

------
mibbitier
> "So, my only option seems to be that I should not embed Google tag code at
> all if the user has not explicitly given consent."

The other option is to ignore the directive, which is what most websites will
do.

~~~
luriel
As Ian Clarke (original designer of Freenet) put it:

"It is the responsibility of every citizen to ignore dumb laws."

And I would add that the whole world would crawl to a halt and descend into
total chaos if everyone followed every law in the books. Too many laws are
plain incoherent, inconsistent and impossible to follow.

~~~
mibbitier
Also, laws only 'matter' if they're actually enforced. There's no indication
this will actually be enforced at all.

------
Paul_S
I put google-analytics (among thousands of other useless tracking websites) in
my hosts file. Probably the most useful text file you'll ever download:

<http://someonewhocares.org/hosts/>

~~~
twelvechairs
The line for google analytics in this hosts file is commented out, with the
comment "breaks some sites".

If only getting rid of spy cookies/tracking was so easy...

~~~
Paul_S
The list is very conservative this way, but I add a bunch of sites myself and
uncommenting google-analytics and other tracking sties is perfectly safe and
doesn't break anything - even google. And for cookies there's cookie monster.

------
jamiecurle
If left to owners/managers/developers to implement the opt-in we risk having a
variety of ways for doing the same thing. Some good, some not so good and some
just bad.

A less painful solution would be to try and solve this at the browser level
where the experience for end users would at least be consistant. Like a blend
of DNT & private browsing mode that had extremely restrictive criteria for
cookie usage - if any.

Something like [Ghostery][0] would be a nice starting point.

Of course the better solution would be to erase Article 5(3) and start again.
Good intentions, bad directive.

[0]: <http://www.ghostery.com/>

~~~
copypasteweb
[https://addons.mozilla.org/en-US/firefox/addon/cookie-
monste...](https://addons.mozilla.org/en-US/firefox/addon/cookie-monster/)

~~~
jamiecurle
Nice one, that's the kind of `thing` I was referring to.

------
TazeTSchnitzel
It's a bit of a pain for website owners, but I think the EU directive is a
good thing.

Why? It will make people better aware of what cookies they have, and how they
are used. Which is probably a good thing.

~~~
eloisius
Definitely, it is not. Users already "opt-in" by configuring their client to
accept cookies. Users _could_ be more aware of that and use their clients
appropriately if they don't wish to be tracked, but instead there will be this
new layer of complexity by which a users opts in. Users (much like they have
with their browser security settings) will grow accustomed to blindly opting
in like they always have because it makes the thing they're trying to use
work. Only now, we have an extra bit of work to do.

~~~
rmc
_Users already "opt-in" by configuring their client to accept cookies._

I _highly_ doubt that is the interpretation of "opt in" that the various Data
Protection agencies will take.

~~~
eloisius
My point is that cookies are, and always have been, an optional feature of the
web. If you go back a decade or so, you might remember annoying IE dialogs
warning you that "a website is trying to put a cookie on your computer, do you
accept?" While cookies may be used for nefarious purposes, they are essential
to many, many legitimate features of the web like maintaining a user session,
and to an end user, their importance has trained them to automatically click
"Accept."

They are so ubiquitous that browsers typically accept them by default now, but
they are still an optional feature. This EU mandate could have been just as
well fulfilled by required browser vendors to have the accept cookies warning
turned on by default and let users turn it off at their peril. Instead, it has
just added another chunk of _compliance_ for web workers to adhere to. Users
are still going to be the same ol' users who click "Accept" because they want
to get into whatever they were trying to get into. Only now, there's a lot
more room for lawsuits.

~~~
rmc
All of that is true. However I doubt you could claim "opt in" because the
user's browser accepted the cookie. It's not that easy to get around the
letter and spirit of the law.

------
mp3geek
If you're that concerned about Tracking, using Adblock is the best option ..

<https://secure.fanboy.co.nz/filters.html>

------
kingofspain
Does anyone know of a decent and up to date guide on what is/is not allowed?
The official guidance is typically not much help and my searches reveal a lot
of stuff out of date and other sites that are more interested in selling me
cookie analysis - so I'm taking their advice with a grain of salt.

~~~
Angostura
The interpretation of the law is up to the individual countries. I've only
been watching what's been happening in the UK. Until last week the guidance
from the Information Commissions' office has been 'you need explicit opt-in'
if you want to set cookies that aren't vital to your site's work (example,
cookies set when a user is shopping and puttnig items into their cart are
deemed vital, Google Analytics is not).

However last week the ICO issued new guidance saying that implied consent is
OK

News article here:

[http://www.guardian.co.uk/technology/2012/may/26/cookies-
law...](http://www.guardian.co.uk/technology/2012/may/26/cookies-law-changed-
implied-consent)

The UK formal advice here (PDF)

[http://www.ico.gov.uk/for_organisations/privacy_and_electron...](http://www.ico.gov.uk/for_organisations/privacy_and_electronic_communications/the_guide/~/media/documents/library/Privacy_and_electronic/Practical_application/cookies_guidance_v3.ashx)

A rather handy site that has an easily integratable tool for implementing
Directive-compliant opt-out on your site

<http://www.civicuk.com/home>

and the Drupal module: <http://drupal.org/project/cookiecontrol>

~~~
mjwalshe
I would argue that analytics is vital - if you cant work out what your site is
doing then you can not work out how to improve the site which costs money and
indirectly jobs.

I look forward to each individual shop/business making us sign a waiver when
we enter a shop with CCTV ie 95% of UK shops

~~~
Silhouette
_I would argue that analytics is vital_

So would a lot of people, but the official guidance makes it clear that they
are not considered vital as far as these legal rules are concerned.

The "essential cookies are OK" criteria relate to the functionality the user
has explicitly asked for, not to functionality that the site operator needs to
run the site in a commercially viable fashion. Thus things like session
cookies to record that you have logged in or what's in a shopping cart are OK,
but things like analytics aren't allowed to piggy-back on top.

There seems to be some doubt about how seriously anyone in the UK is going to
take these rules, though. Even the ICO can't get its opinion straight, and
it's the government body responsible for enforcement. As I understand it,
we're already taking this whole mess far more seriously than most countries in
the EU, in that some web sites run by large organisations have made some
effort to comply with the rules, while even that might not be true in most
places that are theoretically affected.

~~~
mjwalshe
Well as some one who has been working on www based systems since 1994 and one
online systems for many years before it's a pity they did not ask people
actulay working in the industry.

Ironically Neelie Kroes, the EU's Digital Agenda Commissioner now wants us to
have manditory electronic id cards storing god only knows what information
about us.

This is a far worse infringement of our rights that some aggressive
retargeting as opposed to being asked "papers please" on the euro star.

I think i will change my last name to Pike :-)

