Cookies: New UK Legislation

classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

Cookies: New UK Legislation

GregChapman
This post was updated on .
Thanks to a colleague expressing worries today about Google Analytics and new legislation, I have finally put two facts together that I really should have been thinking about in combination for some time.

1. Nabble uses cookies.

2. Legislation that came into effect on 26 May 2011 will begin to be enforced from the end of May 2012.

This is European Union inspired legislation which, as usual, the UK is implementing ahead of other member countries. It requires that:
==============================
Your website must avoid the use of cookies or similar technologies, unless the subscriber or user:
1. is provided with clear and comprehensive information about the purposes of the storage of, or access to, that information; and
2. has given his or her consent.
==============================
Can you, with some urgency, provide a non-technical description of the cookies used by a Nabble application.

I confess I haven't read the full terms of the legislation yet, but have found a guidance paper on a government site, which should prove helpful.

I understand, from news stories, that delivering adverts based on cookie data will bring a site under the scope of the legislation, so adding checkbox on the registration screen, does not appear to be a sufficient measure.

EDIT: My colleague has now pointed me to a page on his host's site that explains things reasonably succinctly:
http://www.heartinternet.co.uk/blog/2012/04/what-to-do-about-the-new-eu-cookie-law/
Hope this helps.
Volunteer Helper - but recommending that users move off the platform!
Once the admin for GregHelp now deleted.
Reply | Threaded
Open this post in threaded view
|

Re: Cookies: New UK Legislation

Hugo <Nabble>
Thanks for bringing this to our attention, Greg!

Based on the article you mentioned, sites that must comply with those regulations must be based within the EU.

"If you/your business resides within the EU, you have until the 26th May 2012 to implement your solution on your website(s)."

"The law is linked to you/your business, so even if you have a .com website with an American audience, you still need to comply with regulations if you/your business is based within the EU."

Nabble is a company in California, so this shouldn't apply. Do you see other issues? What do you think?
Reply | Threaded
Open this post in threaded view
|

Re: Cookies: New UK Legislation

GregChapman
Hi Hugo,

Hugo <Nabble> wrote
Thanks for bringing this to our attention, Greg!

Based on the article you mentioned, sites that must comply with those regulations must be based within the EU.
I think you misunderstood/misread the clauses you quote.

It is NOT sites that must comply with those regulations but rather that "The law is linked to you/your business".

Whether it's for a personal or a business purpose, any web site maintained by an EU-based individual or business, regardless of where in the world it is hosted, needs to comply.

Having said that, after my original post, I read this interview with the guy in charge at the Information Commissioner's Office tasked with enforcing the Act of Parliament, I am slightly less worried about an imminent £500,000 fine than I was a fortnight ago.

However, it still seems to me that if Nabble intends to grow its EU market then it would be wise to ensure that there are tools built in to the Nabble product that would ensure compliance. We only need to wait until the ICO pick a high profile case to pursue - perhaps Google (Remember how the EU forced Microsoft to drop Internet Explorer from the Windows package in Europe a few years ago) - and companies such as yours could find a rapid exodus of business from users based in the EU.
Volunteer Helper - but recommending that users move off the platform!
Once the admin for GregHelp now deleted.
Reply | Threaded
Open this post in threaded view
|

Re: Cookies: New UK Legislation

Hugo <Nabble>
Hi Greg! Now we have an add-on that provides a solution for the cookie law in UK and EU. You can click on "Options > Application > Extras & add-ons", select the "Privacy & Law" tab and enable the add-on. Please read the description and test it. Then let us know what you think. Thanks!
Reply | Threaded
Open this post in threaded view
|

Re: Cookies: New UK Legislation

GregChapman
Apologies for taking a few days on this.

I think I've done a reasonable amount of testing, viewing and posting  both as a registered and unregistered user and changing permissions around on my test forum to allow both "Anyone" and "Registered" users to post (clearing cookies between sessions), all with the default E-Privacy setting set and unset. All seems to work as I would expect.

The Acceptance screen itself seems to meet all that is required, as I understand it (and that may not be saying much!) under the directive.

My only reservation concerns the adding of additional countries to the "cookie_countries" macro. I feel the comment needs to give more detail about adding countries. For example can a user enter either "The Netherlands" or "Holland". Can German users specify "Deutschland"? Also, because this add-on is meant to cover the legal requirements of the entire EU, is there an single "country" term to use for the entire EU?

Obviously, because not all who administer Nabble applications will be up to finding and editing the macros, the ideal would be a specific screen with checkboxes to cover all of these options, but I recognise that that can probably wait until other EU-based Nabble users request the feature.
Volunteer Helper - but recommending that users move off the platform!
Once the admin for GregHelp now deleted.
Reply | Threaded
Open this post in threaded view
|

Re: Cookies: New UK Legislation

Hugo <Nabble>
Thanks for the feedback, Greg!
GregChapman wrote
My only reservation concerns the adding of additional countries to the "cookie_countries" macro. I feel the comment needs to give more detail about adding countries. For example can a user enter either "The Netherlands" or "Holland". Can German users specify "Deutschland"? Also, because this add-on is meant to cover the legal requirements of the entire EU, is there an single "country" term to use for the entire EU?
That's a good question. We use the geoPlugin code to get the name of the country, so those questions should go to them (see their google groups page).
GregChapman wrote
Obviously, because not all who administer Nabble applications will be up to finding and editing the macros, the ideal would be a specific screen with checkboxes to cover all of these options, but I recognise that that can probably wait until other EU-based Nabble users request the feature.
Maybe. But people may also share the NAML code of that macro so that other users can simply copy & paste it in the NAML editor. We can wait and see.
Reply | Threaded
Open this post in threaded view
|

Re: Cookies: New UK Legislation

GregChapman
Hi Hugo,

You might want to check out this topic:
http://support.nabble.com/EU-legislation-on-cookies-td7594933.html#a7594936

I never did follow up your link to the plug-in you use. It maybe time more countries got into the default macro as not everyone is up to Macro editing.
Volunteer Helper - but recommending that users move off the platform!
Once the admin for GregHelp now deleted.
Reply | Threaded
Open this post in threaded view
|

Re: Cookies: New UK Legislation

Hugo <Nabble>
So Nabble should include all countries in the list by default, right?
Do you have the list of countries already available for me? Thank you.
Reply | Threaded
Open this post in threaded view
|

Re: Cookies: New UK Legislation

GregChapman
I think this list is OK:

http://en.m.wikipedia.org/wiki/Member_state_of_the_European_Union#List
Volunteer Helper - but recommending that users move off the platform!
Once the admin for GregHelp now deleted.