ICO has yet to begin probing cookie violators According to a freedom of information (FOI) request submitted by PC Pro magazine, 320 websites have been reported to the privacy watchdog through its online submission tool since a year's 'grace period' ended on 26 May. However, none of those sites have been investigated. "At present the information has not yet been analysed …
The moment a single site is investigated and any action taken against them then this will become a tool in the arsenal for anyone trying to hurt their competitors.
Afterall, apart from El Reg, how many sites can put up with that ugly bar on their page talking about something users have zero idea about?
El Reg is in the technology sphere, so its readers have some idea, a wedding site though has people viewing it who wouldnt understand what the hell your talking about if you had a face to face and spent 3 hours explaining it. They would just press the X in the corner and leave thinking the site had stolen their credit card information.
Fail. The law is fail
El Reg is in the technology sphere, so its readers have some idea
Or maybe some of its readers have an idea as you clearly don't. Your example of a wedding site makes a nonsense of your assertion about people "hurting their competitors".
While the ICO is tardy in following up on the reports, it's approach is generally to be welcomed: the cookies that are the problem are those related to behavioural advertising and sites that employ them such as El Reg, The Economist and the BBC really are trying to follow the spirit of the law by informing users, probably for the first time, that they work with companies who "spy" on people. It would probably be best for all sites to have a common approach, I think the BBC with the granular opt-out options is probably best, but it is refreshing to see how many sites have adopted the right approach to the legislation.
Now all we need is the ICO to set some precedents by enforcing the law and fining some of the more egregious breaches.
"While the ICO is tardy in following up on the reports, it's approach is generally to be welcomed"
What you meant to say there was, while the ICO has prooved time and again is that they are utterly toothless in the face of any real issues. Its approach is generally to be seen as a form of smoke screen hiding other issues behind walls of talk and misinformation.
Check out past performance on ACTUAL problems (Phorm anyone?, did the UK ever reply to Vivian?) My example of a wedding site is to describe the average web user, and from my experiance within the world of websites and marketing those sites, ANY bone that can be used as a weapon, and automated (as in the case for this complaints system) WILL be abused, in seconds till it breaks.
Good on the big boys trying to follow the spirit of the law, its a pity that the law is stupid to the point of uselesness, and even If someone DOES understand about what a cookie does, and clicks NO!! theres a bloody good chance that their presense and sites visited are being sold off by BT to some advertising company using their own deep packet sniffers.
Then again, if the ICO will accept that a company like this "didn't realise it was a crime" then they are hardly going to waste any energy setting some precedents and enforcing this bobbins law over a text file recording some basic information for adsense even the site owner doesent realise its making.
this bobbins law over a text file recording some basic information for adsense even the site owner doesent realise its making.
Spelling and grammar errors aside, Ignorance is no defence before the law.
Maybe it's about time people educated themselves about the price that some of these services exact. If shopkeepers can be held liable, say for selling tobacco or alcohol to minors, why shouldn't website owners also be held responsible? Cast the whole thing in a slightly different light and dust it with "won't someone please think of the children" and the same Daily Mail readers will be baying for blood.
Has been defeated de facto. Nice idea in theory but in practice the vast majority of websites have mandated that cookies must be allowed to view them and/or continued usage of the site denotes acceptance of cookies. They are too integral a part of the structure for many legitimate websites, and I don't think anyone would cry out if the law was repealed.
I disagree. While a lot of legitimate sites use and need them the vast majority do not. I get promoted to accept or block cookies (and if, as is often the case, I keep getting promoted by a site - as it wants to store lots of them - I just block all from that site). Only occasionally do I need to undo a block to get a site to work properly (and these are normally ones with checkout/cart facilities - which I tend not to block in the first place if I will be purchasing items).
From my experience over 90% of cookies I get are of no benefit to me - your mileage may differ, of course. :-)
Fair arguments. My point is that for a number of legitimate websites (I presume neither of us has statistics to hand so we can hopefully agree to disagree on the 'vast majority' bits) the designers have passed the buck to punters rather than have a good long think about whether they could do their website without cookies as default.
I think the spirit of the law was good in the vein of protecting identities online, I just think it's main aim (which I presume to be an internet that does less tracking) has been neatly sidestepped without any real progress. A better solution in my book would have been to get the major browser makers to cooperate on having future browser releases disable cookies by default; that would have prompted better designs in my opinion.
I ask this question in general ignorance rather than sarcasm, but how is this whole cookie thing meant to work? I visit a site, it asks me if I consent to cookies. Either:
I click 'YES', the site uses cookies and doesn't bother me again
or:
I click 'NO', the site doesn't use cookies, so next time I visit it's got no way of knowing I've already said no, so it asks me if I consent to cookies, I click 'NO'.... and so on ad infinitum until I get so fed up of being asked I just click 'YES'
Did I miss something?
Perhaps ICO should be fined for not having an investigative team ready in time? They had a year's grace period to get ready for the new enforcements to take effect after all.
Considering the amount of UK businesses' time and money they've wasted the least they could have done was get their shit in order before the agreed date.
There's some vagueness about this. If you don't use cookies at all, you don't need to care.
If you use cookies for "functionality" (such as remembering somebody is logged in), you don't necessarily need to worry (though continue to a bit IMHO), because logging in implies use of it.
If you use cookies for "tracking", you have to warn. Though you apparently don't have to provide an opt-out.
You have to provide an opt-out.... however that opt-out can be in the form of 'go away!'.
Which is precisely what my sites do. "We use Google Analytics to record usage information, which requires the use of non-personally identifiable cookies. Continue, use your browser to block these cookies, or do not use our site"....in short.
What you need to understand is that the ICO don't care about the little people. They have failed to take action against TPS contraventions. They will not take any action for a company failing to comply with a section 11 request, and they will not want to take action against cookie violations.
All the ICO want to do is go after government organisations and it throws most of its limited resources into doing this. They don't really care about marketing issues.
www.mindmydata.co.uk
I'm all in favour of restrictions on the tracking/personal surveillance industry.
But the problem this law addresses is the *symptom* not the *cause* of the problem.
To prevent tracking/personal surveillance, the law should require explicit consent for the creation & use of surveillance databases for marketing.
Banning 'bad cookies' is like banning 'bad biros' in an effort to prevent cheque fraud. Its nonsense.
If you can't give people rights that you are willing to back with robust enforcement, there is no point giving them rights in the first place.
The ICO have proved time & time again; they are too lazy/corrupt/incompetent to enforce the law.
ICO know the law is pants, but unlike most other European countries that have absolutely no intention of ever enforcing the law, ICO feels obliged to try to do it's job. So they've given us an extra year and outlined that their interpretation of compliance is as relaxed as you could possibly get without completely ignoring the law.
Everything ICO say on this issue comes from a positiion that screams "this law suck - do the minimum necessary to look like you are taking it seriously and we'll leave you alone - because we've got better things to do too!".
I'm not ICO fanboy, but they dreadful law wasn't their doing - blame the Eurocrats for that.
This post has been deleted by its author
This post has been deleted by its author
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
