

Dutch cookie law may lead to online exodus - tamersalama
http://www.ft.com/intl/cms/s/2/7ee1f778-9c1f-11e0-acbc-00144feabdc0,dwp_uuid=9a36c1aa-3016-11da-ba9f-00000e2511c8,print=yes.html

======
joelhaasnoot
This is one of those legislative measures that some politicians thought up and
are going to cause mass hysteria, confusion and annoyances for a wide spectrum
of web-related businesses.

On a side note, not in the article, the same Telecomunications Law also
includes articles on net neutrality and by law prevents providers from
blocking services. Should make the Netherlands second after Chili to make such
a law.

~~~
quanticle
It might not actually be that intrusive. As long as you have acceptance of
cookies as a condition in your Terms of Service, you can say that the specific
permission to store cookies is granted whenever the user signs into their
account.

Heck, you could even write that as a separate provision (e.g. "In order to
sign you in, we'll need to store a cookie in your browser") and it wouldn't be
all that intrusive.

~~~
roundsquare
I'm not so confident in that. I don't know anything about Dutch/European law,
but in the U.S. there are a lot of times that obscure clauses in long
contracts/ToS's are disregarded by courts.

------
blauwbilgorgel
This law is ultimately for malicious tracking cookies, but likely affects
analytics (for example: first touch attribution) and targeted, but relevant,
advertisements.

The biggest fear claimed by some writers of the legislation, and perhaps a
justified one, is that cookies can (are?) be used to discriminate. If I
remember correctly they cite a case where a large publisher could sell the
cross-domain surfing behavior of people to insurance companies, recruiters,
marketing bureaus or that it can be seized by the police, or leaked to
hackers. It is akin to the reason why security cameras, if facing the public,
must have a disclaimer sign with: "I am recording you". The cookie must inform
the user: "I am tracking you". Right now, most users are unaware cookies even
exist.

I agree my surfing behavior should be private, but I don't agree with the
strictness and ambiguity of this law. The intentions may be right, so I don't
expect them to even enforce it. As long as you don't violate the WBP ( Dutch
Data Protection Act from 2001) you are ok IANAL.

That does mean if you build a recommendation engine in Holland you must comply
with the WBP (secure architecture, handing over specific user data on request
to a user, etc.).

One way to combat this is by using a hash. A salted hash that is untraceable
to a user, but build from its IP, allows you to track the user, without the
police or hackers stumbling upon personal data. Advertising and user tracking
could apply this same principle.

As for the exodus, I believe it doesn't matter where your company or server is
based, it is about doing business in Holland that matters for this law.

~~~
pavel_lishin
Didn't AOL search release a lot of "untraceable" data that, in reality, proved
to contain _a lot_ of personally identifiable information? ("Yes, you, Mrs.
Brenda Watkins, of 433 Apple Ln., Omaha, Nebraska - I'm glad you have an
interest in romantic novels, and I'm sure that rash will clear right up!")

------
pavel_lishin
Cookies are a trivial problem that can be solved by educating users and
installing extensions.

~~~
calebmpeterson
what wuld those extenions be?

~~~
pavel_lishin
Well, Edit This Cookie gives you a lot of options (
[https://chrome.google.com/webstore/detail/fngmhnnpilhplaeedi...](https://chrome.google.com/webstore/detail/fngmhnnpilhplaeedifhccceomclgfbg)
). There's one that blocks all permanent cookies. I imagine there's probably
one that blocks cookies altogether, unless explicitly allowed, like NoScript
or Flashblock.

------
aashay
I was kinda hoping that this was a law about Dutch cookies. Oh well, a boy can
dream.

~~~
aashay
No love for bad jokes on HN :(

