Welcome Guest, Not a member yet? Register   Sign In
EU Cookie Directive
#1

[eluser]oindypoind[/eluser]
So the EU is trying to force a directive upon us for using Cookies, we're now supposed to ask permission to store information in a cookie on a user's computer, but waht does this mean for CodeIgniter, as we use Cookies even for our sessions I believe?

Does that mean the session libraries will have to be re-written?

More info can be found here...
Cookie law makes most UK websites illegal: what you need to know
#2

[eluser]WanWizard[/eluser]
The law applies to "non-essential" cookies, like user tracking, storing preferences, etc.
A session cookie is essential for the operation of the application, and is exempt from this law.
#3

[eluser]oindypoind[/eluser]
Ah okay, I can see lots of arguments are going to arise over whats essential and whats not.
#4

[eluser]WanWizard[/eluser]
The law text states:
Quote:The only exception to this rule is if what you are doing is ‘strictly necessary’ for a service requested by the user. This exception is a narrow one but might apply, for example, to a cookie you use to ensure that when a user of your site has chosen the goods they wish to buy and clicks the ‘add to basket’ or ‘proceed to checkout’ button, your site ‘remembers’ what they chose on a previous page. You would not need to get consent for this type of activity.

This exception needs to be interpreted quite narrowly because the use of the phrase “strictly necessary” means its application has to be limited to a small range of activities and because your use of the cookie must be related to the service requested by the user. Indeed, the relevant recital in the Directive on which these Regulations are based refers to services “explicitly requested” by the user. As a result our interpretation of this exception therefore has to bear in mind the narrowing effect of the word “explicitly”. The exception would not apply, for example, just because you have decided that your website is more attractive if you remember users’ preferences or if you decide to use a cookie to collect statistical information about the use of your website.

Note that this is not a completely new law, most of it was ratified in 2003. Major difference is that the old law described an opt-out, the new law an opt-in (i.e. ask for consent first).
#5

[eluser]Stu Green[/eluser]
Hi guys

I'm gonna bring this back up because I don't feel that there has been enough discussion on it.

In a couple of months it's basically going to be illegal to operate a CodeIgniter site in the EU unless you don't use the session class, use the sessions for essential use (e.g. a shopping cart) or have a big opt-in disclaimer on the home page.

I know that EE seem to be doing something about it (a new version is coming out which sorts the issue out) but I don't see anything happening with CI? We basically need the Session library to NOT create a cookie by default. If you load the library it stores a cookie, which is when it becomes illegal unless you have consent from the visitor.

I know that a lot of apps will be ok because the cookies/sessions are essential for operation of the web application, but what about sites that have just content and maybe some simple login system, or a basic tracking system, etc.

What are you guys doing about this in your applications?
#6

[eluser]InsiteFX[/eluser]
Well that will never work because sessions requrie a cookie!
#7

[eluser]kanjimaster[/eluser]
Stu,

I'd not worry too much about this this. You're UK-based and the UK Data Commissioner is applying a lot of common-sense to this issue. It doesn't look to me as though session cookies are likely to be banned as a result of this EU directive (as long as, e-commerce exceptions aside, that's all they're being used for).

Of more concern to you should be the provisions added to the Companies Act in 2006, as there are requirements in there that have been in force for several years and with which none of your sites appear to comply. This link may help => http://www.out-law.com/page-7594.
#8

[eluser]WanWizard[/eluser]
As I wrote before, cookies that are essential for the operation of the web application (and a session cookie or a remember-me cookie is) are exempt from this law. So I wouldn't worry to much.

This law is to prevent web applicaties tracking users, user preferences and/or users surfing history without their approval.




Theme © iAndrew 2016 - Forum software by © MyBB