1
RamteamJax
Cookie Warning (new European law) insertion. How ?
  • 2012/7/17 18:55

  • RamteamJax

  • Just popping in

  • Posts: 47

  • Since: 2012/6/17


Hello,

Since June 12th the European Union issued a new law meaning that évery site-OP needs to warn their visitors about the usage of cookies on their website(s).

Although our clanwebsite is non-profit only, I received a letter from the government handling this law, that I need to issue a cookie-warning according the strict Dutch law about this, when people visit our website.

I've been looking into it a bit, but I have no idea how to do this with XOOPS.
Since I'm working behind the scenes on a new company website for my datarecovery company, based on xoops, I don't want to run into problems with that one either.

The official governmental letter stated that I have, from today (got it this morning), 5 working days to implement it, or I will receive a 1900 euro expensive penalty and an additional 430 euro penalty every day it's not implemented.

Basically, I'm screwed. If I don't come up with a way to implement it, I am forced to pay a LOT of (CRAZY) money or to shut down the website.

I thought of just adding a warning to the frontpage, but Dutch Law persists that you need a POP-UP warning which people can agree to or deny (in which the last option will guide them back to the last page they visited).

Can anybody please help me ?
I've spent 20-30 hours building the new company website and rougly 10 hours on our clan-site. I basically sat down and almost started to cry. Dutch law is very funny when it comes to downloading music, movies and applications, but it is UTTER CRAP when it comes to these kind of banal things.

So eh .. HELP ?
Thanks in advance !!

I don't want to change everything to PHPNUKE or vBadvanced, since I love the basics XOOPS is based on. Very nice and easy to work with. A dream for semi-professional webdesigners !

Cheers,
Jax

2
Mamba
Re: Cookie Warning (new European law) insertion. How ?
  • 2012/7/17 19:37

  • Mamba

  • Moderator

  • Posts: 11366

  • Since: 2004/4/23


I assume, that there should be a common implementation of the law across Europe.

There are good guidelines from UK, which states that:

Quote:
Implied consent is a valid form of consent and can be used in the context of compliance with the revised rules on cookies.

BBC is using this kind of "implied consent" where they post a special link to "cookies" at the bottom of the page.

They also state that:
Quote:
Some cookies can be exempted from informed consent under certain conditions if they are not used for additional purposes. These cookies include cookies used to keep track of a user’s input when filling online forms or as a shopping card, also known as session-id cookies, multimedia player session cookies and user interface customisation cookies, eg language preference cookies to remember the language selected by the user.

I think, our cookies would fall into the "session-id" cookie.

There are also few good articles, with links to jQuery plugins that could be helpful:

http://designmodo.com/eu-cookie-law/
http://www.webresourcesdepot.com/eu-cookie-law-2-jquery-plugins-to-not-break-it/
http://www.netmagazine.com/features/beginners-guide-new-cookie-law

The CookieCutter and CookieGuard plugins seem to be most popular.

So based on all of this you could:

1) set a special page about cookies, as BBC did, to have "implicit consent", or
2) add a jQuery plugin to get "explicit consent"

Maybe somebody else has a better suggestion
Support XOOPS => DONATE
Use 2.5.10 | Docs | Modules | Bugs

3
Anonymous
Re: Cookie Warning (new European law) insertion. How ?
  • 2012/7/17 20:29

  • Anonymous

  • Posts: 0

  • Since:


From what I have read the Dutch government interprets the law more strict then the European law has in mind, but...

Cookies from (nonprofit) websites, or for keeping login credentials or remembering your shopping cart are not an issue. The law is focussed on third party cookies from advertising networks or companies collecting user data on a larger scale, like google analytics.

The OPTA, the Dutch supervisor, has stated they only direct penalty real abusive cookie use. Other websites get a warning first. Most reassuring fact is OPTA has no scanning software for cookie law offense at this moment. They have asked a student to code some, just a few days ago

4
RamteamJax
Re: Cookie Warning (new European law) insertion. How ?
  • 2012/7/17 21:41

  • RamteamJax

  • Just popping in

  • Posts: 47

  • Since: 2012/6/17


Quote:

Mamba wrote:
I assume, that there should be a common implementation of the law across Europe.

There are good guidelines from UK, which states that:

Quote:
Implied consent is a valid form of consent and can be used in the context of compliance with the revised rules on cookies.

BBC is using this kind of "implied consent" where they post a special link to "cookies" at the bottom of the page.

They also state that:
Quote:
Some cookies can be exempted from informed consent under certain conditions if they are not used for additional purposes. These cookies include cookies used to keep track of a user’s input when filling online forms or as a shopping card, also known as session-id cookies, multimedia player session cookies and user interface customisation cookies, eg language preference cookies to remember the language selected by the user.

I think, our cookies would fall into the "session-id" cookie.

There are also few good articles, with links to jQuery plugins that could be helpful:

http://designmodo.com/eu-cookie-law/
http://www.webresourcesdepot.com/eu-cookie-law-2-jquery-plugins-to-not-break-it/
http://www.netmagazine.com/features/beginners-guide-new-cookie-law

The CookieCutter and CookieGuard plugins seem to be most popular.

So based on all of this you could:

1) set a special page about cookies, as BBC did, to have "implicit consent", or
2) add a jQuery plugin to get "explicit consent"

Maybe somebody else has a better suggestion


Dutch law is like the most strict law regarding cookies in Europe.

__________________________________________________________________

Quote:

flipse wrote:
From what I have read the Dutch government interprets the law more strict then the European law has in mind, but...

Cookies from (nonprofit) websites, or for keeping login credentials or remembering your shopping cart are not an issue. The law is focussed on third party cookies from advertising networks or companies collecting user data on a larger scale, like google analytics.

The OPTA, the Dutch supervisor, has stated they only direct penalty real abusive cookie use. Other websites get a warning first. Most reassuring fact is OPTA has no scanning software for cookie law offense at this moment. They have asked a student to code some, just a few days ago


Actually, they already have, but it's kind of malfuntioning.

As for the non-profit ones. Our clan community website is as non-profit as it can get, but still I got this letter here in front of me.

I do admire your replies, but all I want is something to solve this cr*p.
I don't really want to pay a fine because of the cookie stuff. There's no advertising on our website, other than a teamspeak server banner (which is stated as a form of advertising).

I just lost it. Don't know what to do. Called my company lawyer (every company in NL has one to look over law stuff and more) about this issue. He basically told me to aspire the request and take actions into it. As Flipse probably know (as a fellow dutchmen), there isn't any change in winning from the government over this.

5
Anonymous
Re: Cookie Warning (new European law) insertion. How ?
  • 2012/7/17 22:12

  • Anonymous

  • Posts: 0

  • Since:


I searched the Dutch interwebs but did not find anything about issues similar like RamteamJax has now. Maybe you have the misfortune to be a guinea pig for new law.

Quote:
So based on all of this you could:

1) set a special page about cookies, as BBC did, to have "implicit consent", or
2) add a jQuery plugin to get "explicit consent"


Sounds like a good solution. I guess a cookie is used to show the cookie warning only once

Maybe someone can build a simple module for that, which could be used for more then only a one-time cookie warning. It could also drive a "New xoops version" popup like here on xoops.org, downtime warning for your vistors, happy holiday greetings etc...

6
RamteamJax
Re: Cookie Warning (new European law) insertion. How ?
  • 2012/7/18 1:56

  • RamteamJax

  • Just popping in

  • Posts: 47

  • Since: 2012/6/17


I've been doing some research and more people running clan-websites who I know personally, have the same issue. They all got a letter regarding the cookie-law (talking about roughly 37 clansites in NL). So, I will send a letter to the foundation handling this stupidness, in the name of our own but also the other clanwebsites, about the crazy and threatening letter we all received.

---
btw flipse, the nlxoops.nl website loads extremely slow here, while i'm on a 100mbit fiberglass connection. any idea ?

7
Peekay
Re: Cookie Warning (new European law) insertion. How ?
  • 2012/7/18 8:14

  • Peekay

  • XOOPS is my life!

  • Posts: 2335

  • Since: 2004/11/20


Firstly, make sure this is not a scam. I am confident many webmasters will be getting letters saying their websites are 'illegal' and offering services to rectify this. I wouldn't put it past them for issuing a 'fine' so make sure this is genuine.

Then I would (quickly) put a Xoops block on the homepage that says 'The content management system on this domain sets a session cookie which is essential to provide the requested service of viewing the site'. (session cookies are OK)

and if required...

'The gallery application sets a cookie which is essential to prevent users from voting for the same item twice. This cookie expires after xxx time'.

and most importantly...

'No tracking cookies or third-party cookies are set from this domain'.

AFAIK the law only requires you to ask permission to set cookies if they are non-essential to the user viewing or navigating the site. However, if you use services like Google analytics then you will need to present an 'opt-in' screen.

You can check the cookies set by your site and their expiry times in Firefox via the menu 'tools/page info/security/view cookies'.

8
redheadedrod
Re: Cookie Warning (new European law) insertion. How ?

Sounds like a specialized module is in order. You could build a module that can setup the information and have a xoops/php based admin side and a Javascript based pop up system for the user side that accesses the module php code through ajax that would be included in the theme.

Would something like this work? This would then pop up a window displaying a message and allowing a response. With an agreeable response the user will then continue. With a negative response the user will get an explanation that they can't use the site without a positive response and continue to show this pop up every time the screen is refreshed.

9
Shine
Re: Cookie Warning (new European law) insertion. How ?
  • 2012/7/18 9:21

  • Shine

  • Just can't stay away

  • Posts: 822

  • Since: 2002/7/22


Quote:
Then I would (quickly) put a Xoops block on the homepage that says 'The content management system on this domain sets a session cookie which is essential to provide the requested service of viewing the site'. (session cookies are OK)

This wouldn;t work and isn;t confirm lauw. The cookie warning has to be BEFORE entering the website. User needs to agree (or not) to cookies. If visitor sais yes, visitor wil enter website. Otherwise visitor will not enter bu t transfered to an explanation page.

@redheadedrod
Quote:
Would something like this work? This would then pop up a window displaying a message and allowing a response. With an agreeable response the user will then continue. With a negative response the user will get an explanation that they can't use the site without a positive response and continue to show this pop up every time the screen is refreshed.


Exactly !! But it needs to be website related. Not module related.
After cookie is set (user agrees), the pop doesn't need to be shown again.
It only pops up if user didn't accept cookies or user cleaned up his cookies.

Hm, bad english, but I hope clear enough
















10
RamteamJax
Re: Cookie Warning (new European law) insertion. How ?
  • 2012/7/18 10:02

  • RamteamJax

  • Just popping in

  • Posts: 47

  • Since: 2012/6/17


@Peekay:

I'm sure it's not a scam, I just got off the phone with those complete idiots.
Before I told them the reason of my call, I asked what websites need to implement this cookie-law pop-up. They told me: Websites like news-sites, very large community websites, social media sites etc.

So I told them I have a small community website for a gaming clan, without any advertising and without any trackingcookies. I told them it's a private website with private things on it and that it's just for fun. The woman on the other end of the line specifically told me that I do not have to worry about the law, it's not meant for me.

Then I told her about the letter, stating that I need to pay 1900€ if this crap isn't solved in a couple of days and that fellow clanwebsites in NL from which I know several clanleaders in person, have received the same letter. She hung up.

So I called again, got this guy on the phone and stated he wanted to review my website whíle I was on the phone. So I told him the address, he looked at it and had to tell me that the letter was sent in error, but due to some error in their cookie-scanning application, my website (and thus those other clansites) was categorized as a large media website, júst because I have a login system for clanmembers.

In this case, I got a fax immediately on my request (old fashion i know, but it's still used largely spread) with proof that I have contacted the office and solved this utter bummer.

--

Now, as for the scam thing .. my professional title is Cyber Security Consultant, I don't typically fall for scams, although this letter was sent by airmail I still don't fall for it ;)


@Shine

Thát's exactly what I meant.

During the call and solving the issue about our clanwebsite, I talked to the guy according my company website. Because it's a company website, I dó have to implement the cookie-warning. So despite it's not needed for the clanwebsite, I still have to get the company site (based on xoops) ready for the cookie-law.

So this thread is not solved .. yet ;)

Anyways, thnx for any help so far !!

Login

Who's Online

205 user(s) are online (121 user(s) are browsing Support Forums)


Members: 0


Guests: 205


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Mar 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits