back to article Cookies law: Only two EU states implement full measures – so far

A pattern is emerging that shows European Member States greeting Brussels with a collective thumbs-down on its cookies law. So far, the Commission has had just two submissions from countries that have agreed to fully adhere to the amendments to the e-Privacy Directive. "Denmark and Estonia have notified measures to implement …

COMMENTS

This topic is closed for new posts.
  1. Neill Mitchell

    Denmark

    They've banned Marmite in their cookies as well.

    1. Anonymous Coward
      Joke

      Surely that's just crackers?

      They're a funny lot too. Notice how we get told how great their butter and bacon is, but when you're over there, can you get a decent bacon buttie? Can you feck.

    2. Anonymous Coward
      FAIL

      Marmite

      Isen´t iligal here your half assed british jurnalism just dident get the full story. Because marmite contains vitamin suplements it requieres a permit to sell it in Denmark. Thats all. But i guess its easier to stick your head up your ass instead of tjecking the facts.

      1. mike2R
        Boffin

        Re: Marmite

        We know AC. Everyone knows. But the number of irate Danes having a complete sense of humour failure about it has been far to amusing to let it drop.

        A joke, for the Danes, is clearly no laughing matter.

      2. Anonymous Coward
        WTF?

        Err...

        ...so if you sell goods without a permit, it is not illegal?

        If it's not illegal, why bother to get a permit?

  2. Anonymous Coward
    Unhappy

    I wish to complain

    http://ec.europa.eu

    Sets 2 cookies. No privacy policy, no statement on cookies, no attempt to ask permission to set cookies. These cowboys should be prosecuted to the fullest extent of the law (Note - if they change all this overnight and comply with the deadline, I'll let them off)

    It would be interesting to compile a list of all the EU websites that miss the deadline

    Frown icon coz' it looks like a sad cookie

  3. Andy Fletcher

    Germany?

    I thought the Germans came up with this in the first place, and they haven't agreed to implement it? Where's our referendum on Europe for pitys sake.

    1. Charlie Clark Silver badge
      FAIL

      Groundless rumour mongering

      The law came from the commission and was passed by the parliament. All member states were consulted. In some places that counts are democracy.

      1. TeeCee Gold badge

        Re: Groundless rumour mongering

        Slight problem there: s/passed/rubber-stamped/

        There, that fixes it.

  4. Anonymous Coward
    Thumb Down

    Usual bad legislation from idiots with no technical comprehension.

    We need to be told what practices are illegal, not what might be vaguely permissable on a good day. No-one should have to consider all possible legal definitions of "strictly necessary" before implementing the session ID system that comes built-in to the server's scripting engine.

    1. Jim Morrow
      Flame

      idiots with no technical comprehension

      the idiots with no technical comprehension are the pony-tailed twats who can't build a web site without it burying the user's browser with a shit-load of cookies. this is bad design and lazy programming.

      there is no need whatsoever for any web site to need cookies to work. rather than whine about the idiots in brussels, direct your complaints to the massively over-paid wastes of space who are responsible for generating all these pointless cookies in the first place. if they had any clue there wouldn't be any cookies to get our brussels overlords excited. so just fix your web site and you'll have nothing to worry about from this latest silly law.

      1. Anonymous Coward
        Anonymous Coward

        Cookies are useful

        Cookies exist, aren't harmful if used properly, and are useful. Let's say I want non-registered users to store their preferred background/foreground colour combo. Why not set that as a cookie? (Idealogical reasons aside)

      2. Anonymous Coward
        FAIL

        Jim

        Flat file html website can indeed be browsed with no requirement for cookies provided you do not wish to track usage patterns.

        Complex CGI web applications that require authentication do however benefit from cookies so that a user moving from page to page within the site can be identified without the need to provide authentication on a page by page basses. Likewise session variables can only really be made use of if you use a cookie.

        Unless you are aware of some other way of identifying a user between page hits? If you are then please share it with us.

        However I suspect you are just unaware of your own ignorance which explains your eagerness to criticise people who do things that are beyond your level of understanding.

        PS if you use cookie-less sessions a session ID is appended to your links. You then run the risk that a user will publishing a URL from a link on your site which includes their session ID and so opens their session to anyone who follows the link to the URL.

      3. CD001

        Twonk

        The web is stateless, websites cannot maintain the session from one page to another without some way of tracking the user, you're effectively creating an entirely new instance of the application on every single page - yes you CAN pass the session ID around in the URI but that has a whole host of security implications in and of itself (particularly with regards to session hijacking).

        The BEST way to say ooooh, maintain the state of a user's shopping cart is to use a cookie to track their session - there is still the potential for session hijacking but it's not something that happens inadvertently when someone copies and pastes an address.

        If you're building any kind of halfway secure web application you basically HAVE to use (SSL) cookies, well unless you want the user to log in on every single page of course.

        So Mr. Morrow - as a (heavily pierced) "pony-tailed twat" myself - I ask you to go back to your world of shoddy single-user, toy, VB6 applications, you obviously have no understanding of how the www works.

        Aside:

        Really, unless you're a crapvertiser, you should need no more than 3 cookies.

        1: a non-secure session cookie that holds no sensitive information (basket contents for instance).

        2: a secure user authentication session cookie.

        3: entirely optional but I tend to use it, a cookie placed from JavaScript which provides information for the server-side code about the JS functionality the user has allowed in their browser. It's more reliable than browser sniffing in HTTP headers and allows you to determine whether your script is sending the user "rich, dynamic" views (e.g. when the user adds a product to the basket it automatically appears in a basket summary box without having to reload the page) or static ones (effectively flat HTML).

        Saves a tonne of <noscript> tags and means the markup pushed to the browser is better optimised for that browser (which cuts down your bandwidth consumption).

  5. storner
    Alert

    No cookie law in Denmark - for now

    The official message now is that the rules "need further clarification" before they can be put into effect.

    http://www.version2.dk/artikel/19228-nye-cookie-regler-bliver-udskudt-i-maanedsvis if you can read danish. (Actually, Google does a fair translation).

    Amazing, really - we usually put whatever Brussels fancies into the law books right away.

  6. TeeCee Gold badge
    Coat

    Denmark

    So, is that all cookies or just those with added vitamins?

  7. Anonymous Coward
    Anonymous Coward

    cookie law

    It all seems a bit redundant worrying about things like this when it seems crippling vulnerability in commercial sites will spill far more damaging information about people (Sony anybody?)

  8. Hayden Clark Silver badge
    FAIL

    UAC for the web

    "In order to deliver a lovely web site, we will send cookies. Is that ok?"

    <Click>

    Then proceed as before - only slightly more intrusively, as consent was given.

    Asking for permission simply delegates responsibility to the user, who has no idea what the implications are, and who just clicks on "ok" to make the nasty box go away so they can look at pictures of kittens.

    Just like UAC really.

  9. Lghost
    FAIL

    is there a cookie or two

    Which if I accept it, will disable the ghastly hordes of mobile phone images that have appeared in the page background since I was last here ? ( ironically enough the only place they are not , is on the page that they link to ), but apparently el regs pony tailed designer forgot that if one has been to the "our new mobiles service page" one no longer needs to be haunted by massed blackberrys and shiny phones..

    And another cookie please ,that will also allow us the option of setting the new , hyper-saturated red to go back to something less retina obliterating ..?

    In otherwords give us the option ..via cookies ..to put el reg back like it was ..before you lose at least one reader ..and probably anyone else who doesn't want zombie phones and dayglo red webpages on a tech site.

    You have those cookies ? ..great I'll take two..

  10. Anonymous Coward
    FAIL

    whatever.

    Given the current lack of enforcement for the DPA (yeah, I know there are now fines but I'll believe it when I see it), I can't see this affecting anyone but a few unlucky 'examples'.

    I gave up on bothering to comply with with most govt regulation apart from tax (which they do enforce with teeth) and health & safety (ditto) decades ago..... it's saved me a fortune.

    I'm more worried about US compliance than EU. FTC do have some real teeth.

    Will wait and see - browsers will probably deal with this in a couple of versions.

This topic is closed for new posts.

Other stories you might like