1

Topic: EU Law for Cookies

Hi,

I'm just wondering what you guys recommend regarding the new EU law for cookies. As far as I'm aware every visit to a wolf site creates a cookie for the session - PHPSESSID.

According to the new law that comes into play properly next month we have to get the user to agree to this, so I guess my question is, where in the code is this cookie created and what is it actually created for? Is it essential?

Cookies that are used when people log in are totally fine since this can be checked with the user at that point.

I'm sure this should be a useful topic for anyone in the EU!

Thanks,
Dan

Thumbs up

2

Re: EU Law for Cookies

No offense against you Dan, but in my personal opinion:

F**K that laws  big_smile

But if you really need to, you can inform end user about the fact of automatic creation of PHPSESSID cookie. If the user doesn't like it, he can leave at the moment of reading the notice.

I think this problem doesn't apply to the CMS itself. It's just user's / site owner's choice.

By the way:

The urge in European administration to regulate EVERYTHING is hard to understand. You may say it's just for privacy/security/etc...blah blah blah...

But in fact - even if Wolf (or any other CMS/script) didn't create session cookie, your hosting provider logs request which you can usually access and usually you cannot turn the logging off. It's really easy to track end user actions without cookies. I simply don't understand such tendencies in law!

How this "cookie law" will be enforced? Will they try to ban US hosted sites?

Ugh... it's Orwell's "1984" coming!

I'm getting angry! mad

peace! lol

EDIT:

just found this video:
http://www.youtube.com/watch?v=arWJA0jVPAc

Last edited by mm (2012-04-12 18:34)

3

Re: EU Law for Cookies

I'm very aware how stupid it is! HOWEVER, some of my sites are for clients and therefore if they don't get it looked at then it'll be them getting the fines. I'm really not bothered about my sites, but when I'm not liable it's out of my control...

Thumbs up

4

Re: EU Law for Cookies

I calmed down a little bit smile

You're right that this could be a problem for clients, but I believe this will become a "dead law" and will be generally ignored smile

In fact I didn't know about this EU directive, so thank you for pointing this out. I think a PHPSESSID plugin could be created providing such functionality, however I'm strongly against integrating such features into core.

5

Re: EU Law for Cookies

I must admit that I haven't read up on the details of that particular law.... does it apply to all cookies or are session cookies allowed? I think users will be fed up pretty quickly if sites start adding "do you want to allow a session cookie?" before they are allowed access to the site.

The European attempts (note I'm European myself) to regulate cookies are an understandable reaction to the heavier and heavier abuse of privacy that's going on. Like most governmental institutions however, the guys that dream up the laws are not familiar enough with the techniques so they come up with stupid stuff like this instead of improving the browsers.

Also, there's usually a fair amount of FUD going around concerning EU laws since people like to bash them.

Managing a session (id) in PHP is usually done in one of two ways as you know: cookies (most often used) or url's.

The session is started in some of the first lines of Framework.php.

My personal tactic will be to add a line in the footer: "By accessing this site, you implicitly agree to the site adding a session cookie to your browser. You can read more here".

Or something along those lines... I'm just not certain this will be enough... (Not a lawyer)

Wolf CMS founder and lead developer
Please always check the Support forums and Wiki before asking. (My Ohloh account.)
Like Wolf CMS? Consider making a financial contribution or see our financial report first.

6

Re: EU Law for Cookies

mm wrote:

...but I believe this will become a "dead law" and will be generally ignored smile...

I'm not sure it will be ignored... its a fairly high profile thing related to privacy of users being violated, something more and more EU member states are starting to take more seriously. (fortunately)

My thought is though that small sites that set a cookie for session management will not be fined or prosecuted. One of the reasons for creating this law was to curb bad behaviour from companies like FB, Twitter or even Google.

Wolf CMS founder and lead developer
Please always check the Support forums and Wiki before asking. (My Ohloh account.)
Like Wolf CMS? Consider making a financial contribution or see our financial report first.

7

Re: EU Law for Cookies

Hey guys,

Just been reading up... If anyone has more details or can confirm this, please do so... I found a site that has a very nice and simple explanation of the cookie law problem:

http://www.cookielaw.org/cookie-compliance.aspx wrote:

Although most cookies are covered by the new law, there are some important exceptions to the requirement for cookie consent to be aware of.

Any cookies that are 'strictly necessary' for providing services being requested by the visitor, do not require consent.

This will include some things like cookies that enable shopping baskets to function properly, or for people to login to private areas of a site.  Many types of temporary, or session cookies  are also included in this definition.

However, even with these types of cookies, it is good practice to tell your visitors about them as part of your cookie law compliance strategy.

So if this is correct, things like session cookies are exempt, which would mean no special actions would have to be taken in a default Wolf CMS setup.

If you use something like Google Analytics its a different story though.

Wolf CMS founder and lead developer
Please always check the Support forums and Wiki before asking. (My Ohloh account.)
Like Wolf CMS? Consider making a financial contribution or see our financial report first.

8

Re: EU Law for Cookies

Thanks for the extra info. I hadn't spotted that session cookies would be included in ones that are ok, so that is good news, but yes I'm already on implementing something for google analytics.

Dan

Thumbs up

9

Re: EU Law for Cookies

Please note that I'm not a cookie expert...

But wouldn't this be more about the 'evil third party cookies' from certain sites like FB and Google, wich are included in many other sites, allowing them to track visitors from site to site? I can understand how that could affect privacy.

For instance the fb like-button that's included on almost every site nowadays, but many people don't know that this allows fb to track all visitors on those sites, even those who don't click the button or those that are not even on facebook...

I do agree however that it's really annoying that the EU is now trying to block ALL cookies....

Thumbs up

10

Re: EU Law for Cookies

I use the Firefox plugin Ghostery, it protects me against most common trackers.

11

Re: EU Law for Cookies

NicNLD wrote:

But wouldn't this be more about the 'evil third party cookies' from certain sites like FB and Google, wich are included in many other sites, allowing them to track visitors from site to site? I can understand how that could affect privacy.

Yes, its intended against "evil third party cookies" smile Their (EU) "solution" was an overly simplistic one in which they disallow all cookies by default and only make exceptions for "Any cookies that are 'strictly necessary' for providing services being requested by the visitor"... not ideal, especially if many of the tracking technologies used to breach your privacy no longer depend solely on cookies.

Wolf CMS founder and lead developer
Please always check the Support forums and Wiki before asking. (My Ohloh account.)
Like Wolf CMS? Consider making a financial contribution or see our financial report first.

12

Re: EU Law for Cookies

Yep, that is right.

If you REALLY need cookies so your service will work, you are fine.

To be on the safe side, include it in the Terms of Service "We use cookies to do X,Y,Z".

::zielperson::

Thumbs up

13

Re: EU Law for Cookies

So, with the GDPR regulation just around the corner, I renew this discussion! smile

The regulation turns the opt-out to opt-in for cookies. Which, of course, means, no cookies can be created, until the user agrees to it, or unless there is a legitimate interest for me and I can prove it. Yet in all cases, I'll have to inform the users about the content and purpose of each individual cookie on the website.

I already removed most of the cookies/services I really didn't need, except for those from Google Analytics (where I turned on the IP address anonymization and which belongs under the legitimate interest).

What's left is the PHPSESSID WolfCMS cookie. My questions are...

What is it good for?
What info does it contain?
Does it contain anything classified as personal information?
How is it used?
How long does it store?
Is there a way to turn off its automatic creation?

Thank you in advance wink How do you cope with GDPR?

Portfolio: www.ivapelc.cz
Admin Themes: Deep Space | Light Blue | Green Life