

ICO: no fines for breaking cookie rules (EU) - paulsilver
http://www.pcpro.co.uk/news/374734/ico-no-fines-for-breaking-cookie-rules

======
5h
This legislation makes me die a little inside each time it comes up, utterly
futile crap that will be ignored or worked around via more nefarious means by
those that abuse tracking methods anyway.

Why they didnt legislate that it be baked into the browser, where the problem
should be solved, I will never know.

~~~
lotu
The UK can't legislate that anything be baked into browser because, because
they would have a lot of trouble enforcing it. If Firefox decides they won't
put the feature in what can the UK do? Also, in all likelihoods this feature
would have an off button that most site would require to work anyways so it
would be very pointless.

------
gouranga
That'll be because the UK government aren't compliant yet as a whole.

ICO are useless. They bend over and take it every time.

~~~
TazeTSchnitzel
Sort of related, have you seen the UK government's attempt at making a usable
government website?

<http://www.gov.uk/> will eventually replace all the UK government websites.
(Thank God...)

~~~
DanBC
EDIT: Yes, it's nice.

Also, the design principles are pretty good.

(<https://www.gov.uk/designprinciples>)

(EDIT was this before, <strike> What's wrong with it? It's a lot better than
the fucking god-awful mess that is DirectGov.</strike>)

~~~
TazeTSchnitzel
There's nothing wrong with it, sorry if the way I phrased that suggested as
much.

I was implying it is better than the messes that are the other UK government
websites.

------
rubynerd
Excellent, a grey-area with no way to tell if you're over it

Are session cookies OK are under this law?

~~~
almsgiver
Yes, session cookies are excepted under Reg 6(4)(b). Most other cookies are
capable of implicit consent.

------
Doches
IIRC ICO had rather strongly indicated that this would be the case. I'm not
surprised, but let's face it -- even if they _did_ enforce a fine it would
almost certainly be so laughably small as to make it useless as a deterrent.

------
craig552uk
This law was half-baked from the start. I'd sooner see legislation requiring
adherence to the Do Not Track standard. <http://donottrack.us/>

~~~
vog
"Do Not Track" looks totally insane to me. First, why is it desinged to be an
opt-out system?! Second, why does its correct implementation depend on the
mercy of the respective website?

Well, the latter might be working if enforced by every legislation in the
world. But the former ensures it will never solve the problem: "Oh, this user
explicitly asked us not to track her, so it might be especially interesting to
track that one."

In other words: More work for white hats, less work for black hats.

I'd rather see this issue solved on client side. For instance, by improving
the "incognito" mode of Chromium, combined with a law that protects operators
of Tor end nodes.

~~~
craig552uk
I too would like to see the issue addressed on the client. A user should be
able to configure their tracking settings in the browser, which should be
respected by sites. Legislation would require sites to adhere to these
settings. DNT is one such standard to achieve this.

Also, global legislation is not necessary to effect change. Laws affecting one
region can effect changes in all. For example; EU based companies are required
to comply with EU law. They in-turn require their product suppliers to comply,
wherever they are based, or risk losing their business.

If nothing else, the 'cookie law' has demonstrated this. Google, Yahoo &
Disqus (among others) have changed their products in response to the law.

~~~
vog
_> I too would like to see the issue addressed on the client. A user should be
able to configure their tracking settings in the browser, which should be
respected by sites._

No, that would be addressing the problem at the server side, which is _not
quite_ what I had in mind.

Solving this on the client side means: The browser should make it as hard as
possible for websites to track the user. Unless, of course, the user
explicitly opts in to be recognized and tracked by this site (e.g. by
registering and logging in).

~~~
craig552uk
The technologies used to track users across sites are the same as those used
for 'regular' browsing. Are you suggesting crippling web browsers as a
solution?

------
rickmb
Once again, this is non-news, only made into news because of the ongoing anti-
EU FUD.

The basis of the EU directive is sound. Actually turning it into (enforceable)
legislation is the hard part. Most regulatory bodies in the EU consider it an
iterative process to be figured out in cooperation with the industry, and
nobody is planning to start doling out fines in the near future.

However, the industry's arrogant attitude of doing fuck-all until the law
comes down on them is not going to help. Lack of self-regulation and blatantly
ignoring the principles of existing privacy laws is what triggered EU
intervention in the first place.

Basically this whole scare mongering about bureaucratic "anti-cookie" laws is
just a self-fulfilling prophecy.

