Cookies - User Options
-
Hey all,
Under EU law all website visitors must be informed if the site uses cookies or any other storage.
I don't see anything on nodebb to indicate that it complies with this?
This is just one of many sites explaining the law.
-
@Dave-Huggy-Jones NodeBB is Canadian, therefore doesn't have to comply to this, nor include it in their software. Just make a widget with an I agree or a I disagree button, if they click agree, remove the widget, if they disagree, send them to google.
It's a stupid law anyway, no one has ever been prosecuted for not having a cookie warning. And no one ever will. For a time in the past, it was illegal to eat a mince pie on Christmas Day, but people still did it.
A prime example is the ico website, they have no cookie warning that I can see, just a page about it in the footer. https://ico.org.uk
-
The rules
Interestingly, despite the fact that the legislation is based on protection of personal information and privacy, it applies even when a cookie is not being used to collect any personally-identifiable information. The rules apply to all cookies, and are intended to prevent information from being stored on users' computers without their informed consent.
As is the case with privacy consents in general, the preferred approach for cookies is to obtain explicit consent. This can be achieved, for example, by providing a notice to the user explaining what cookies are, how they will be used, what they will do, and asking the user to click "I agree."
Explicit consent is the best legal way to ensure that the user has really consented to the issuance and acceptance of cookies. However, it is onerous and irritating, especially if it is done each time the user visits the website. That's why implied consent is also acceptable, at least in the U.K.
Implied consent involves providing information to the user and looking for some action by the user which indicates that the user has consented. For example, a website may post a clear and unavoidable notice when the user first visits the site, advising the user that cookies will be used, and explaining what cookies are. If the user clicks on any other pages within the site after the notice has been displayed, the user may be deemed to have given implied consent to receiving the cookies described in the notice. The requirements and wording of the notice may vary depending on the audience, such as how tech savvy it is.
Failing to comply with the rules may result in a number of actions. In the U.K., those actions range from an information notice and request to comply (on the low end), to a monetary penalty of up to £500,000 (on the high end).
Canadian companies
The U.K. law applies to all companies in the U.K., even if their websites are hosted elsewhere. Likewise, the U.K. Information Commissioner's Office has taken the position that Canadian and other foreign companies should comply with the legislation if their websites are designed for the European market, or if they provide products or services to European customers. Practically, it may be difficult for EU authorities to enforce this law against Canadian companies that have no assets in the EU; however, there are good domestic reasons for Canadian companies to comply with the legislation as well.
Canadian Law
In particular, Canada's anti-spam legislation, which has been passed but not yet implemented, contains similar rules regarding cookies in Canada. The starting point in Canada is that express consent is required to install a computer program on anyone's computer system.
Obtaining consent requires: (a) clearly and simply explaining the purposes for which the consent is being sought; (b) describing the function and purpose of the program and providing all other prescribed information; and (c) obtaining the user's consent. The legislation permits implied consent for cookies if the user's conduct is such that it is reasonable to believe that they have consented to the installation of the cookies.
I agree with it being a stupid law, I didn't make it!
From what I read I believe that if the website may attract EU visitors then you need to apply the rule.
Which I read as any website.And with nodebb being multilingual that probably implies that the site (or any installation of) needs to at least have this popup option to cover everyones arse.
-
I think the general consensus here is if you don't want Cookies on your PC, disable them, or don't use the internet. I mentioned clicking I disagree and sending them to google, but they use cookies too, so the only place you could logically send them is 127.0.0.1. My point still stands, no one has been fined £500,000 and no one ever will. Why panic about a law that's not being enforced by anyone?
And the overall thing is if you want to include a page for cookies, there's a CMS /custom pages plugin that would allow you to do that. Or just throw some Javascript in the header to ask people to accept. There. Done.
-
Yes I totaly agree, I need to add something to comply with this as I'm in the UK (my bad), even tho I think it's stupid and may never get enforced.
I can't afford the legal costs if it ever did and as a community/open source project I'm just informing the rest of the community who may or may not be aware of this, as I didn't find it mentioned before.
Thanks
Dave