

EU approves new law requiring users approve all cookies. - varikin
http://blogs.wsj.com/digits/2009/11/11/europe-approves-new-cookie-law/

======
jmhgtfrwfgv
Blame BT (British Telecom)

They introduced an ad service called phorm (without asking anyones permission)
it tracked all your online activity and then removed the regular ads from
pages its ISP served and replaced them with ads that would be interesting to
you based on your browsing history. It got into trouble when it removed ads
for charities and placed porn ads in childrens sites.

Because it worked at the ISP level, clearing your history or cookies had no
effect. They then introduced a cookie to allow you to opt out and claimed that
by deleting this cookie you had volunteered to opt in!

The Eu investigation ruled that it broke wiretap laws but the UK refused to
prosecute (BT is privatized but is almost a monopoly and has strong links to
government)

------
coderdude
"Cookies, small programs that can be used to track Web movements, ..."

And the masses stay ignorant.

~~~
RiderOfGiraffes
Indeed, and part of the job of an exceptionally good developer is to avoid
having the masses have to know about things they shouldn't need to know about.
Don't laugh at people's ignorance when the whole point of User
Interface/Experience Design is to ensure that people _don't_ have to know how
things work.

EDIT: coverdude in his/her reply to my comment makes an important point that I
missed - it's not the masses being laughed at, it's the "journalist." Yes,
point taken, the author really, really ought to know better.

~~~
coderdude
I laugh at this author's ignorance because cookies have been small innocuous
pieces of text for the last decade and a half. No one could have clued this
guy in? He writes for the Wall Street Journal for Pete's sake.

------
fun2have
The article is wrong. The actual new law states :-

Where it is technically possible and effective, in accordance with the
relevant provisions of Directive 95/46/EC, the user's consent to processing
may be expressed by using the appropriate settings of a browser or other
application.

------
jonknee
Browsers already approve all cookies based on the user's wishes. A website can
only send you a cookie and hope you send it back--it's completely up to the
user if they want to return the cookie. Not to mention you'll have to set a
cookie when someone says they don't want any cookies. What a mess.

~~~
kd5bjo
"Where it is technically possible and effective, in accordance with the
relevant provisions of Directive 95/46/EC, the user's consent to processing
may be expressed by using the appropriate settings of a browser or other
application."

Looks like there won't be much of a change for HTTP cookies, as browsers
already do this.

~~~
gloob
Why do we need a law to tell us that browsers are allowed to do what they
already do, out of curiosity? Or is this just politicians doing their thing?

------
pierrefar
When a user opts out, how do you remember they did opt-out? Using a cookie?

~~~
roc
_The new legislation does offer an exception for when a cookie is "strictly
necessary"_

Apparently.

------
pg
This is only one step removed from the story of the Tennessee legislature
passing a law declaring that pi = 3. On the other hand, that never happened.

~~~
akeefer
No such law was ever passed, but Indiana did come close back in 1897,
apparently:

[http://www.straightdope.com/columns/read/805/did-a-state-
leg...](http://www.straightdope.com/columns/read/805/did-a-state-legislature-
once-pass-a-law-saying-pi-equals-3)

Apparently the trend of legislators voting for things that sounded good but
that they didn't understand in the least has remained in changed for at least
the past 112 years.

------
jrockway
Wow, people here seem really upset about this. I personally think it's great.
Disabling cookies in my browser is like throwing the baby out with the
bathwater. In addition to not being tracked by ads, I can't manage my bank
account online or log into Hacker News. Not fair. This law makes it a
requirement for me to be able to opt out of ad tracking, but still be able to
log into websites ("essential purposes").

This should not impact ad revenue either; the content site simply says "by
proceeding past this page, you consent to being tracked across the entire
Internet by our advertisers and anyone they feel like selling your browsing
habits to". Then the user can choose between privacy and your content. Most
will choose the content, judging from grocery store "preferred customer"
programs, and so on.

It's important that regular users be able to easily opt out of cross-site
tracking like Google Analytics; as many people would be outraged by the data
it collects, if only they knew such a thing was possible. Now they know,
because you have to tell them what you're doing. I think that's a good thing.

------
jncraton
So they want web developers to create an opt-out option on each web site?
That's completely redundant. The people who don't care are going to ignore the
option (or click ok on the popups if it comes to that), and the people who do
care probably already have their browsers asking them whether or not to store
cookies from a given site.

~~~
jacquesm
Why would you let common sense get in the way of a perfectly useless piece of
legislation...

They're so hopelessly behind with this stuff it is amazing.

------
bumblebird
This is why unelected officials shouldn't try to make laws about things they
have absolutely no idea about.

~~~
oconnor0
That applies to elected officials, for that matter.

------
chacha102
So, in order for Google to get the consent to place cookies on systems, it
just simply displays an ad in place of a banner ad saying:

"Click here to opt-out of cookie tracking"

and in smaller letters

"By visiting another page with ads from Google, you consent to allowing Google
to place cookies on your system"

Yay. That takes like 2 cents out of Google budget. That takes care of that
stupid bill.

PS: The "Technically necessary" can be applied to anything. For Banner Ads to
work, you can argue that it is necessary to use cookies.

------
aarongough
I hate to say it but doesn't this make print advertising all of a sudden far
more relevant again? Is there any possibility that this was helped along by
gentle lobbying from the newspaper industry?

~~~
thwarted
Well, it at least puts on-line advertising on the same footing as print
advertising, analytics wise. No more highly targeted advertising, no more
avoiding showing the same ad to the same user multiple times, no more being
able to tell who looked at your ad or why or where they came from, no more
being able to determine how qualified ad traffic is. So really, it's a
significant step backward.

------
Luc
Don't mistake the journalist's writeup with the actual law, and perhaps think
about restraining your knee-jerk 'EU is awful' and 'bureaucrats are clueless'.
Privacy laws in the EU are much stricter than in the US, and a good thing too.
I've been reading the same kind of comments about the Microsoft anti-trust
decision, and when I looked into it I got a good appreciation for the thinking
behind it. But it took some more effort than just jumping to conclusions about
stupid officials in their ivory towers.

~~~
theoneill
<http://www.out-law.com/page-10510>

------
TimMontague
Another good article, with excerpts from the actual law is here:
<http://www.out-law.com/page-10021>

~~~
fun2have
The article is in fact wrong. See my comment above....

------
RiderOfGiraffes
See also <http://news.ycombinator.com/item?id=931596>

where there is already much discussion

~~~
varikin
Thanks. I looked for a post on this already and didn't find it.

~~~
RiderOfGiraffes
No problem - I remember things like this and knew the search terms. Then
<http://searchyc.com/> is your friend.

------
mcantor
Couldn't this law have been obsoleted simply by telling people about the
"Allow cookies for these specific sites" settings in browsers?

~~~
chacha102
You could argue that. Technically the user consents to cookies simply by
allowing cookies to be placed in the browser.

------
cool-RR
I think the title is misleading, it sounds like users are now required to
accept all cookies.

