back to article 'falls short' of legal obligation to enforce EC cookies Directive

On the eve of a new European Union directive on web cookies coming into force tomorrow, the UK government has issued only a "partial notification" to Brussels' officials on how it will implement the changes into UK law, The Register has learned. The Commission's spokesman Jonathan Todd confirmed to us this morning that it was …


This topic is closed for new posts.
  1. There's a bee in my bot net

    Open infringement procedures...

    "We will closely monitor all Member States' implementation and will open infringement procedures against any Member State that fails to notify implementing measures by the 25th May deadline,"

    Am I the only one who would like to think that that meant holding politicians to account in the legal sense rather than just issuing a telling off or issuing a fine. That is to say MPs facing criminal proceedings... I know it won't happen, I'm just enjoying the mental picture. Now that's an accountable government!

  2. Anonymous Coward


    so fine upstanding websites like will spend time and money complying to this crap, while the real skankers, for example will carry on dropping an armful of tracking cookies.

    Why is Vaizey such an idiot?

  3. alain williams Silver badge

    And I still don't understand

    The ''news release'' of today claims that it is ''clear'' -- but not for me. I wrote to the ICO 2 weeks ago, they have not bothered to answer, so today I have asked them again -- I am not holding my breath while waiting for a reply.

    What is worrying is that the ICO comments on their own web site now suggests that session cookies are covered by the new rules:

    Previously I understood they they were not as they were ''essential to the site operation''.

    How on earth can we be expected to follow vague rules? Those responsible for setting them seem to be clueless; they have the ability to generate vast amounts of meaningless waffle while carefully avoiding any specifics. Are they waiting for the courts to provide the interpretation and then tell us that that is what they meant all along -- wallies :-(

    1. Ben Duguid

      I know what you mean...

      I'd always read their previous guidelines as meaning that session cookies would be covered, which as an ASP.NET developer worried me because cookieless sessions make for very ugly URLs.

      However, I notice that their banner warning/consent form states "one of the cookies [...] has already been set", and their privacy page now lists out the session cookie explicitly:

    2. MarkieMark1


      when you click 'continue' without checking consent the ico site says

      "You must tick the 'I accept cookies from this site' box to accept."

      wasn't that the purpose of the directive, to allow people to refuse to accept? :-D

  4. Richard Fletcher

    ICO still not complying

    ICO still set a session Cookie without permission, which I thought was against their rules. http://

    1. Ben Duguid

      Apparently it's ok...

      Because their consent banner states they have already set it.

  5. Colin Millar


    A website can comply with the cookie law by relying on browser settings?

    But you can't regulate browsers to make sure they offer the necessary functionality.

    So how this going to work - maybe websites will refuse to work with non-defined browsers - remember those bad-old days "You need {browser} to view this website"

    Maybe the EU will introduce some law requiring browser standardisation - that should be fun to watch.

    1. Matthew Collier

      What do you mean, remember....?

      ....those bad old days never left. Now, on top, you've also got sites which display no conent at all, until you allow half the planet to run Javascript on your machine...

  6. Anteaus

    In a word...

    Well, a URL actually

    1. Intractable Potsherd Silver badge

      Yeah ...

      ... because we'd be so much better off without any control over our corrupt and self-serving politicians.

      [End sarcasm]

      1. Anteaus

        True but...

        Little crooks have bigger crooks to bite e'm...

        And so on up... until the Council of Minsters.

        Though, at least our own Arthur Daleys are accountable, whereas the Al Capones of Brussels are not.

  7. Anonymous Coward
    Anonymous Coward

    Its very simple...

    Only use non persistent cookies to facilitate the service provided.

    Dont use persistent cookies or any other form of retain between session data.

    Don't send data to third parties like Omniture, do your own in house statistics, its not difficult.

    Wont Comply?, well next year I will be after all those who don't comply, in the mean time I will carry on blocking all extraneous connections to Omniture etc (both the http/https streams)

    For any body who thinks this isn't a problem, try Wireshark, also do a ssl mitm test, you will be amazed!!!

    1. Anonymous Coward
      Anonymous Coward

      hang on

      Yes, that's very noble of you, but,

      But a business has to generate stats around the usage of it's website, for many developing in hours would require as much overhead as putting the site together in the first place.

      Spending money for an off the shelf product complete with SLAs and NDAs is very viable

      If we can't report stats to those upstairs, they'd very likely come to the idea that no one was looking at our site, and the stats that upstairs want are exceptionally complex, including media streams, time on site, and most importantly new against repeat visitors.

      what's wrong with that?

      1. BoldMan


        Stop contracting out to a 3rd party to track your stats and instead develop some web server log analytics - that will contain ALL the data that Omniture gathers, and it will NOT be sent to a 3rd party but will remain on YOUR servers!

        Personally, I've been using Ghostery FF add-in for some time now which blocks tracking cookies but allows useful cookies through. I don't want Google, Omniture etc etc spying on my browsing habits by wasting my hard disk space and bandwidth. If you want to spy on me, use your own web logs and analytics software!

        1. Anonymous Coward
          Anonymous Coward

          Thanks for your response

          couldn't have put it better.

          However cookie tracking is only part of the problem, other scripts on the page will not get trapped.

          I use a combination of adblock and iptables to stop the more sensitive third party traffic leaving my lan.

          Paranoid, well yes as I do not trust the financial/commercial organisations to safeguard my data.

      2. Anonymous Coward
        Anonymous Coward


        Bold Man answered the question as I would have done.

        Its the third party issue that bothers me , coupled with the "wont tell you what we send because its commercially secret" attitude, followed by the condescending "we are fully in compliance with the DP legislation".

        Now, when its on the http side of the fence, I can live with that, I can see it, but when its on the https side,

        where I cannot, while I am carrying out secure personal financial or other transactions, no way.

        Why do they need to send this data to a third party, out side the EU?

        Omniture obfuscate the IP address allegedly, but it is still possible to make an educated assessment of the client id by other means.

        What amazes me as why the beardy sandaled security guru's have not raised this, they have been informed.

  8. Anonymous Coward
    Thumb Up

    EU Can't Comply with its own directive

    Not to worry.

    The European Parliament have done nothing at all on their own site.

    Cookies galore.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2022