You are viewing this forum as a guest. Login to an existing account, or create a new account, to reply to topics and to create new topics.
The new law, which will come into force on 25 May 2011, is an amendment to the EU’s Privacy and Electronic Communications Directive designed to keep pace with the constant evolution of online fraud.
Will Eurocart breach this new law?
Businesses and other organisations running websites in the UK must ‘wake up’ to the fact that European Union (EU) legislation, which will require them to get consent in order to store or access information on consumers’ computers, is coming into force soon. (actually being bought in today, we have one year to implement the new law but must be seen to starting to implement from now).
That is according to a speech by Information Commissioner Christopher Graham at an annual Data Protection Officer conference hosted by the Information Commissioner’s Office (ICO) in Manchester today.
Offline
CCP uses a session cookie to tie the browser session to server-side session data so the actual info is stored server-side and the cookie only stores the session id. This is as safe as you can get in maintaining info from page to page over a stateless protocol (http).
Offline
Hi,
Just been looking at the new EU rules relating to cookies and as far as I can tell it is the placing of the cookie that requires the consent - so although the cookies placed by CCP only have session ID info they may be covered by the new rules.
Has any one looked into a way of allowing web site users to opt out of cookies if we really need to do this.
Whilst the new regulations came in on 25th May looks like we have a year to get to grips with this.
Rob
Offline
The bad news is that there is no easy way to do this. If you can't set a cookie then you can't know if you have asked for permission before ( if they declined the setting of cookies ) so you will keep on asking until they agree to let you set a cookie or they leave your site.
The good news is that ANY site that uses session info will have the same problem so most people will agree to cookies.
Offline
Hi Vbsaltydog,
I like your point that you need to set a cookie to know if the user has accepted the use of cookies or not.
Looking into the rules a bit more it seems that it is OK to set cookies to be able to remember something the user has explicitly asked the site to do e.g. add to cart and the checkout process.
As I understand, CCP sets session id cookies as soon as someone visits the site and these stay essentially blank (server side) until the user does something like add to cart. What is the possibility of not setting session id cookies until the user actually does something other than look around the site?
If it is possible to leave setting cookies until something active is requested then there is the opportunity to either actively request consent for cookies or to simply have a note that clicking the button will put a cookie on your machine.
Of course this probably means that nice features like "recent pages" etc would end up being disabled, until active sign up - but an "Enable Enhanced Features (uses cookies)" button could get around that.
Rob
Offline
robprotronica wrote:
What is the possibility of not setting session id cookies until the user actually does something other than look around the site?
If it is possible to leave setting cookies until something active is requested then there is the opportunity to either actively request consent for cookies or to simply have a note that clicking the button will put a cookie on your machine.
This would require a redesign of CCP by Kryptronic.
Offline
Hmmm.....
One interpretation of the last comment could be that come May 24 2012 CCP will not be legal to use in Europe.
Not entirely sure that session id cookies set at the start of session are going to cut it with the wiggle room given by the "entirely necessary to perform the user request" clause.
Will watch developments (or their lack) with interest.
Rob
Offline
I could mod CCP to meet the requirements but it would not be a cheap mod and CCP updates could potentially overwrite the mod.
Offline
It would seem to me that it is up to Kryptronic to keep the product "legal" in all the territories that they sell into.
Sounds like the necessary mod is doable though, if it really is necessary.
Hopefully Kryptronic will pick this up and take a look - after all this issue does affect every Euro Cart out there.
Here is the link to the UK Gov guidance of the new rules if anyone is interested:-
http://www.ico.gov.uk/~/media/documents … ations.pdf
Last edited by robprotronica (06-09-2011 03:14:20)
Offline
Any more updates on this?
Thanks
Offline
europe and uk interfering with us again - nanny states
Offline
webmaster wrote:
We're addressing this issue with the release of version 8 of ClickCartPro and EuropaCart, which will be available in plenty of time to upgrade before May 25.
Where is it?
Offline
have a look what i have done on my blog, I will also implement this on my website soon, a simple slide up DIV for acceptance of cookies, this would easy enough to add to the index page with a small script
blog.scruffygirl.com
Offline