Case in point - http://natgeotv.com/uk/
You'll get a cookie pop up with no 'yes please go away' setting'.
If you ignore it, it'll pop up again.
If you ask for more information you'll get this page -
http://natgeotv.com/uk/cookies
...in which you'll have the cookies listed, amongst others, __utma,
_gig_llp, pbwmaj6, dyncdn, ucid and many more, none of which the vast
majority of people will have a clue what any of them are.
Now tell me this is good legislation.
Ian
----- Original Message -----
From: "Ian Griffiths" <[log in to unmask]>
To: <[log in to unmask]>
Sent: Saturday, September 29, 2012 11:58 PM
Subject: Re: [data-protection] Friday food for thought - Cookies
> Again, I don't see that a user of the internet needs to know about how
> cookies work. My mum shops online, she cares about her privacy but she
> doesn't want or need to understand the process sufficiently well in order
> to shop. The vast majority of browsing public have a right to have their
> privacy protected but shouldn't therefore be required to educate
> themselves with what is going on. The manufacturer of my car wasn't
> required by law to have me understand how an engine works and I'm glad
> they weren't, a high level understanding of the fact I get in and it goes
> is enough for me.
>
> The pretence is fine - people should make informed decisions about the
> amount of information they disclose online.
>
> The problem is that if a site takes the view that the user should be
> consulted about all cookie storage - then they have to ask the user
> whether they want to store cookies or not.
>
> Should the user say yes - all is (relatively) fine - you store their
> answer, you use cookies, the site behaves as normal.
>
> Should the user say no - you can't store the no answer anywhere. You
> can't set a cookie because that option has just been removed from you.
> You can't log something on IP or user agent (browser) because those are
> shared. You therefore need to ask people each time they go there whether
> they want cookies or not, and each time they need to tell you know,
> because there is no persistence in the answer implicit in the protocol and
> the legislation has forbade you to integrate any.
>
> Even if they say yes and you silence the question in the short term, that
> yes answer will not be returned if they use a different device or if after
> a time the cookie is removed or expired.
>
> So you end up asking them the question lots of times regardless of how
> they answer. Which is annoying.
>
> Then you ask the question of what is being stored anyway. If you're
> authenticating a user, you're probably storing their username and some
> other things relating to the session. All of which is provided by the
> user, and therefore can be conditionally supplied subject to principle 1.
> You might even go so far as assuming that them having provided a username
> permits you to refer to them with that name and the fact they want some
> relationship with your web site permits you to administer that
> relationship. I would imagine most people understand that if they supply
> a username, the site will use it as part of their authentication to that
> site.
>
> I think its very dangerous that there is somewhat of a lack of
> understanding across a lot of camps, and that translates in to poorly
> drafted legislation and vague guidance.
>
> I'm all for privacy but please, employ someone with a grasp of the
> technical issues.
>
> Ian
>
>
>
>
> ----- Original Message -----
> From: "Sandeep Das" <[log in to unmask]>
> To: <[log in to unmask]>
> Sent: Saturday, September 29, 2012 5:04 AM
> Subject: Re: [data-protection] Friday food for thought - Cookies
>
> I never said that the consumer is educated. I said that there is a need to
> make him/her educated
>
> And I would question why this legislation is annoying
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at
> http://www.jiscmail.ac.uk/help/commandref.htm
> Any queries about sending or receiving messages please send to the list
> owner
> [log in to unmask]
> Full help Desk - please email [log in to unmask] describing your
> needs
> To receive these emails in HTML format send the command:
> SET data-protection HTML to [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|