Try clicking on the Save button on the pop-up layer without making any choice (NB - may only show up in the EU).
The thing is that the user has to make a conscious choice. A “yes” or “no”. I am not yet convinced that a passive “using this site agrees to cookies” type disclaimer on the home page will be sufficient.
It is worth noting that the ICP’s site mentions all the cookies they use and what they are used for here:
If I’m reading the latest on this correctly, it would be sufficient to put a line or two in your Privacy Policy stating that you use third-party cookies for site performance tracking only, and that should do the job. If you want to make a larger message about it on the home page (and I’m not clear why you would) then you could add the advice to your users that they could set their browsers to allow cookies from the current site only. That disables third-party cookies and will still allow them to use e-commerce sites and Web applications.
From what I can tell so far you need to make sure no cookie loads (e.g. for google tracking) unless the user has specifically clicked to request them.
This means a script (badge) of some sort to show on each page of your site for the first time user. It’s not enough to bury reasons why it in your terms.
–
David
On 14 May 2012, at 15:01, Walter Lee Davis wrote:
If I’m reading the latest on this correctly, it would be sufficient to put a line or two in your Privacy Policy stating that you use third-party cookies for site performance tracking only, and that should do the job. If you want to make a larger message about it on the home page (and I’m not clear why you would) then you could add the advice to your users that they could set their browsers to allow cookies from the current site only. That disables third-party cookies and will still allow them to use e-commerce sites and Web applications.
And I’ve heard the consent for cookies only lasts for 90 days anyway – then the user has to accept cookies again.
…“This law applies to both individuals and businesses based in the EU regardless of the nationality of their website’s visitors or the location of their web host. It is not enough to simply update your website’s terms and conditions or privacy policy.”
Don’t you love the EU bureaucrats.
Although I suppose it’s an opportunity for script writers to offer some solutions here and make a buck.
–
David
On 14 May 2012, at 15:01, Walter Lee Davis wrote:
If I’m reading the latest on this correctly, it would be sufficient to put a line or two in your Privacy Policy stating that you use third-party cookies for site performance tracking only, and that should do the job. If you want to make a larger message about it on the home page (and I’m not clear why you would) then you could add the advice to your users that they could set their browsers to allow cookies from the current site only. That disables third-party cookies and will still allow them to use e-commerce sites and Web applications.
Thankfully StatCounter has now posted the following allowing their code to become EU compliant:
You can now disable the use of StatCounter cookies on your site if you wish.
Go to “Projects”
Click the “wrench” or “spanner” icon beside your project name
In the left menu bar, click “cookie opt-out”
Opting out of using cookies will adversely affect some of your stats but the vast majority of your stats will continue to be accurately tracked.
The cookie opt out page provides full information on the stats affected.
I’ve been running the “attacat” extension for Google Chrome over one of my websites. Having solved the StatCounter issue it has now identified third party cookies from:
-embedded YouTube videos
-Google maps
-Blogger
I can get around the first two by using static images and external links but I’m stumped as far as Blogger is concerned. As I can’t control a visitors entry page to the site (they could come straight in to a blogger page) how do I solve this issue?
I’ve not followed this thread closely, but does this legislation affect
things like trackback pings and all the fancy blogging hoo-hah?
That would not be even manageable.
–
Ernie Simpson
On Thu, May 17, 2012 at 11:19 AM, Gordon Low email@hidden wrote:
Hi again
I’ve been running the “attacat” extension for Google Chrome over one of my
websites. Having solved the StatCounter issue it has now identified third
party cookies from:
-embedded YouTube videos
-Google maps
-Blogger
I can get around the first two by using static images and external links
but I’m stumped as far as Blogger is concerned. As I can’t control a
visitors entry page to the site (they could come straight in to a blogger
page) how do I solve this issue?
I have read loads about the EU cookie law, but have to confess I’m not much wiser than when I read the very first article. There is much confusion and conflict of opinion about what you can and can’t do, though it does appear to be constrained to cookies.
What is clear is that a message saying you are using cookies is not good enough, unless these cookies are only ‘necessary’ cookies that allow shopping baskets to function etc…
Cookies that aid the improvement of websites, such as analytic cookies are not considered necessary. Whilst some ‘try’ to argue that they ultimately help the visitors experience, it is falling on deaf ears.
No cookies, other than the necessary cookies that allow the site to function, must be loaded into the page without the consent of the visitor. Ideally they should be able to revoke or adjust their selection from perhaps the necessary, to functional - like the storing of usernames etc to the Tracking and Social cookies like twitter and Facebook buttons use.
I have been looking into some scripts to do all this, though they are all jQuery which is another headache as the $ are stamping all over Prototype. A bit of noconflict sorts it but I would prefer to lose the extra page weight of the second JavaScript file.
If anyone knows of any prototype scripts that can achieve this goal, then please post a link here.
Using server logs for analytics solves the google analytics issue, but we still need to deal with those G+, Facebook and Twitter buttons etc…
Ps. Thanks to Walter and the like who have discussed noconflict on this forum as I had know idea about it before I searched for jQuery problems!
I have been experimenting with one of these scripts on this page http://www.nialtoservices.co.uk/wolf
It’s just a duplicat of my home page and I selected it as it uses carousel which was a challenge to get working with it.
You will see the link to the jconsent file in the head of the page. Only have my iPad at the mo so can’t see the files direct link easily.
I have spoken to the guys at wolf who wrote this and other scripts and it is a paid license to use it but they were not adverse to me changing it to make it work. I had to edit the z-index to get it to layer on top of the CSS layers in my page.
Let me know if you need anything else. I’ll have acces to my mac in about an hour if you do.
As an aside, i should mention that his script has additional code that is wrapped around the individual cookie gremlins to allow them to load or not as the case may be.
Although I have already shelled out cash for this, I would be more than happy to pay for a license to use something specifically written in prototype and tailored to the freeway community. I’m sure I am not alone In that and so if something could be created that would work like the script i am testing on the linked page, I and probably every other freeway user in the EU that wanted to be responsible and comply, would be happy to pay my way.
Interesting. They’re using jQuery primarily to manage cookies, and to do some basic DOM manipulation to add the panel to the page. I don’t see anything here that would be that horrible to recreate using Prototype. I’ve shown a cookie manipulating tool here recently that’s Prototype-based, that should make this pretty do-able.
Walter
On May 17, 2012, at 3:02 PM, Alan Herbert wrote:
I have been experimenting with one of these scripts on this page http://www.nialtoservices.co.uk/wolf
It’s just a duplicat of my home page and I selected it as it uses carousel which was a challenge to get working with it.
You will see the link to the jconsent file in the head of the page. Only have my iPad at the mo so can’t see the files direct link easily.
I have spoken to the guys at wolf who wrote this and other scripts and it is a paid license to use it but they were not adverse to me changing it to make it work. I had to edit the z-index to get it to layer on top of the CSS layers in my page.
Let me know if you need anything else. I’ll have acces to my mac in about an hour if you do.
Sounds very interesting Walter. I like the consept of this particular method. Whilst its very in your face, the user will know that we are complying with the EU law. There is also an option to place a link in the privacy policy to reopen the adjustment window and change your preferences.
I think it’s the best solution I’ve come across so far.
The only irony in all this is that the only way for the user to store this preference for her next visit is – wait for it – in a cookie.
Walter
On May 17, 2012, at 3:26 PM, Alan Herbert wrote:
Sounds very interesting Walter. I like the consept of this particular method. Whilst its very in your face, the user will know that we are complying with the EU law. There is also an option to place a link in the privacy policy to reopen the adjustment window and change your preferences.
I think it’s the best solution I’ve come across so far.
I know, and that bit makes me smile. But it would be considered necessary and it’s a 1st party cookie
, so we don’t need a second consent to consent to the initial consent - Spiralling Consent Syndrome - SCS not to be confused with CSS
Alan, don’t you think the full screen warning approach will just scare everyone away. The majority of users will not have a clue about what is going on and just scoot away from any site with a warning. A client of a web designer (say with any kind shop/selling) definitely would not go for this. Don’t you think the approach of having a small badge in the bottom corner is better?
And again a white label script / action we could all use and even style is very much worth paying for.
David
On 17 May 2012, at 20:28, Walter Lee Davis email@hidden wrote:
for the user to store this preference for her next visit is – wait for it – in a cookie.
On 17 May 2012, at 20:43, “Alan Herbert” email@hidden wrote:
I know, and that bit makes me smile. But it would be considered necessary and it’s a 1st party cookie
, so we don’t need a second consent to consent to the initial consent - Spiralling Consent Syndrome - SCS not to be confused with CSS
Well the other option I saw implemented a top bar, a bit like the ones that appear in IE giving those active x warnings I remember from years gone by.
It was more of a yes or no to cookies rather than the sliding option.
I think the dark page dim may be a bit more daunting, though many people are used to that kind of light box effect.
Whilst I do agree that we don’t want to scare people away, before too long they are going to be used to cookie alerts when visiting sites in the UK if not elsewhere in the EU.
What would be great is to have lots of ideas and suggestions between us all to come up with the best possible solution, and work towards creating an easy to implement freeway fix for it. So the more input we have Dave the better. I’m not saying my suggestions are the answer but indefinitely don’t want to stick my head in the ground. As with most of us I have clients depending on me to make their sites compliant so I’m grateful for all the input.
I saw the link you posted in the beginning, though they did not seem to offer a white lable solution. I don’t know if I liked the permanent reminder in the corner either but it’s all food for thought.
Yup. I have read this article you link to below and they state that:
“That’s what happened with the Information Commissioner’s Office (ICO) implemented the new law with existing technology, over 90% of site visitors declined to accept a Google Analytics cookie, thereby disappearing from their analytics.”
If visitors wish to choose not to accept my third party cookies like google analytics or the social buttons, that is their prerogative and the point of the EU cookie law. I might not like it but I can’t change it and so am looking for the freeway communities support to develop a ‘best case scenario’ solution.
It does not mean they are leaving my website, just that they did not wish to be tracked by google - and be hunted around the web with recurring adverts. A simple solution is to use server log analytics to gain visitor information.
As we only have about a week to become compliant, everyone’s thoughts and suggestions are welcome. I confess I was waiting for a solution to miraculously appear on this thread, then realised that I should contribute to help make it happen - and probably to offer my limited advice elsewhere in the forum rather than leave all the work to the usual few.
