VP-ASP :: Shopping Cart Software

Shopping Cart Software Solutions for anywhere in the World

US/Canada(Toll Free): +1 888 587 2278
Europe/UK: +44 (020) 7193 9408
Australia/New Zealand: +61 3 9016 4497

VP-ASP Shopping Cart Customer Forum

Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
Password:
Save Password
Forgot your Password?

 All Forums
 VPCart Forum
 Announcements
 UK Legislation
 New Topic  Reply to Topic
 Printer Friendly
Next Page
Author Previous Topic Topic Next Topic
Page: of 2

Sharon
VP-ASP Super User

353 Posts

Posted - May 21 2011 :  05:02:27  Show Profile  Visit Sharon's Homepage  Reply with Quote
I thought all UK users of VPASP should be interested in the following:

From 26 May 2011, you must obtain the informed consent of users, visitors and/or subscribers to your website before you install cookies, or other means of storing information, on their terminal equipment or mobile devices.

LInk to ICO advice

http://www.ico.gov.uk/for_organisations/privacy_and_electronic_communications/the_guide/~/media/documents/library/Privacy_and_electronic/Practical_application/advice_on_the_new_cookies_regulations.ashx

Edited by - Sharon on July 06 2011 03:45:52

support
Administrator

4266 Posts

Posted - May 21 2011 :  05:22:50  Show Profile  Visit support's Homepage  Reply with Quote
Wow, that is crazy. I love how governments try to bring in legislation that will completely hinder local business and make it much easier for international businesses to grab a bigger share of the market.

It will be interesting to see if this goes through.

I imagine for starters UK busineses will need to add some form of disclaimer on their site.

Thanks
Cam Flanigan

VPASP Support
Go to Top of Page

devshb
Senior Member

United Kingdom
1898 Posts

Posted - May 21 2011 :  16:10:18  Show Profile  Visit devshb's Homepage  Reply with Quote
(seems to relate to the whole of Europe too, not just the UK)

I'm with Cam on this one; asking you to explicitly agree to having a cookie whenever you visit a european site isn't just going to be a massive headache for site-owners, it'll also be really annoying for users too (I don't want to have to click "yes, I agree to cookies" every time I browse products on the tesco or argos website for example).

I would have thought that almost every website needs a cookie of some description, even if it's just a pointer to a server session.

One of the links that sharon's link points to is:
http://www.allaboutcookies.org/

which says:

"
On May 26th 2011, new rules governing the use of cookies by websites comes into force in Europe.

Rather than the "Opt out" option for website visitors, websites will need to specifically gain the consent of their visitor and they must "Opt In" to be able to store cookies on their computer or other devices.This is expected to be difficult to manage and enforcement will more than likely be done subtlely and with encouragement rather than with the threat of fines and penaltys.
"

Like Cam, I'm guessing/hoping that simply having a disclaimer on the site somewhere should be enough for now.

Simon Barnaby
Developer
[email protected]
www.BigYellowZone.com
www.BigYellowKey.com
Follow us on Twitter: http://twitter.com/bigyellowzone
Web Design, Online Marketing and VPASP addons
Go to Top of Page

carfin
VP-ASP Expert

United Kingdom
948 Posts

Posted - May 23 2011 :  04:17:02  Show Profile  Reply with Quote
This really is going to be a headache but understandable. I've often been concerned that when visiting a website I see advertising relating to different sites that I visited a couple of days ago and thought that I haven't agreed to my internet browsing being 'tracked' by cookies that are being used by marketing companies to gather goodness knows what information about me, so at least with the new legislation I should be able to see exactly what data these cookies are collecting and be able to say no to them. In my opinion it should be implemented across the globe and not just in Europe.

Carrol
www.deanston-electrical.co.uk

Surprised that Google Analytics aren't being more vocal on this issue because under the new legislation their cookies will be deemed illegal unless consent is confirmed by the visitor, but apparently they have already run into problems in Germany because customer IP addresses are being stored on servers outside the EU, which breaches Germany's privacy protection rules.

Edited by - carfin on May 23 2011 04:46:11
Go to Top of Page

devshb
Senior Member

United Kingdom
1898 Posts

Posted - May 23 2011 :  09:17:57  Show Profile  Visit devshb's Homepage  Reply with Quote
ah; yes; you're talking about websites sharing information with each other rather than a website recording the info for its own purposes.

I definitely agree with you on that one, but I assume that's done more by databases than cookies (ie I've got "website x can NOT access cookies stored by website y" turned on in my brower, but I also still seem to get targeted ads on some sites; I assume they must be storing some kind of common id in a cookie or your ip address like you say, but that behind the scenes they're sharing the information about your account/browsing in a common database)

(In this instance I'd treat an ad as a separate site, even if it appears on the same site, ie the sites are obviously sending across your browsing history to the ad site so that the ad site can send back a targeted ad. Facebook is probably one of the worst culprits for that and they don't let you turn it off which is really annoying.)

Sharing info between sites is a whole different ballgame, and unless it's just for something like a payment gateway when you order something (or a shipping api to get a shipping price), I also think you should have to give explicit permission for that.

Mind you, it seems to me that it's not so much cookies that they should be looking at, it's IP addresses and userids/emails; my guess is that most of these things that share information between sites doesn't really use cookies at all, they just send across your ip address or your logged-in email/userid to store a common record in a database; it probably has nothing to do with cookies at all. Then again, technical issues never were the strong point when it comes to the EU commission etc.


Simon Barnaby
Developer
[email protected]
www.BigYellowZone.com
www.BigYellowKey.com
Follow us on Twitter: http://twitter.com/bigyellowzone
Web Design, Online Marketing and VPASP addons

Edited by - devshb on May 23 2011 09:42:15
Go to Top of Page

Steve2507
VP-ASP Expert

590 Posts

Posted - May 24 2011 :  09:11:31  Show Profile  Reply with Quote
This might help clear things up.

Here's an email I received from IMRG (imrg.org).




Consent for Cookies: ICO's Guidance on New Cookies Law

The Information Commissioner's Office (ICO) has issued its long-awaited guidance relating to the new cookies law. The guidance issued by the ICO on 9th May 2011 follows the publication of the UK Regulations<http://www.legislation.gov.uk/uksi/2011/1208/made> implementing the changes required by the revised E-Privacy Directive.



Under the new Regulations a subscriber or user has to give consent to the use of cookies, having been given clear and comprehensive information about the purpose of them. Under the previous law, organisations only had to inform users how they used cookies and how the user could 'opt out' if they objected to their use.



The Regulations state that consent may be signified by a subscriber who amends or sets controls on the internet browser which the subscriber uses or by using another application or programme to signify consent.


The only exception to the requirement for consent is cookies that are "strictly necessary" for a service requested by the user. The ICO has indicated that this exception should be interpreted quite narrowly and may apply in the circumstance where a user of a website has chosen the goods they wish to buy and has clicked "add to basket" and the site remembers what items they chose on a previous page.

Although the new legislation comes into force on 26th May 2011, the Government's view is that there should be a phased approach to the implementation of the changes and the ICO is not expected to take enforcement action for non-compliance in the short term. The ICO will shortly be issuing some guidance on how they intend to enforce the new Regulations.

At this stage, the ICO advises organisations to:

1. check what type of cookies and similar technologies you are using and how you are using them
2. assess how intrusive your use of cookies is
3. decide what solution to obtain consent will be best in your circumstances.

It is this third point that most organisations will be focusing on. Use of browser settings to indicate consent appears to be the most practical method. However, the Department for Culture, Media and Sport (DCMS) response to the consultation paper published in September 2010 suggests that the current form of browser settings does not comply with the revised legislation. The ICO similarly notes in its guidance that most browser settings are not sophisticated enough to allow the user to provide appropriate consents to the various types of cookies. Therefore some other means of obtaining consent would have to be sought, at least until the browser manufacturers have developed and made available browser level solutions which are appropriate to signify consent.

The ICO suggests the following alternatives:

* Pop-ups and similar techniques: users are able to expressly and clearly consent (eg via a tick box) although there may be some impact on user experience, particularly if you use many types of cookies.
* Terms and conditions: the user might be asked to agree to the terms and conditions when they first register or sign up to a website. This solution would work for new customers but changing the terms of use to include consent for cookies would not be sufficient to argue that consent had been obtained from existing customers who would have agreed to alternative terms. For existing customers, the ICO advises that users should be made aware of the changes to the terms regarding cookies and then asked to consent to them, for example via a tick box.
* Settings-led consent: some cookies are deployed when a user chooses how the site works for them and the consent could be obtained as part of this process, for example a user could be presented with the option for a site to remember which language version a user wants to access, and state that by clicking "remember this setting", they are consenting to allow cookies which are required for this service.
* Feature-led consent: some websites use cookies to remember what a user has viewed or what parts of the site they have accessed in order to personalise the content served. In these cases, provided the user is taking some action to tell the webpage what they want to happen by opening a link, clicking a button, etc then consent could be requested at this point. If this feature is provided by a third party, appropriate transparency would need to be provided to the customer.
* Functional uses: where analytic cookies are used, for example to track a user across multiple sites, consent (as well as appropriate notices regarding such cookies) would still be required. A solution might be to put some text in the header/footer of a webpage which is highlighted or which turns into a scrolling piece of text when you want to set cookies on that user's device. This could prompt the user to read further information and make any appropriate choices that are available to them.
* Third party cookies: where third parties are permitted to set cookies on a user's device via your website, such as for third party behavioural advertising via an ad-network, obtaining consent becomes more complicated. Users must be given information by both parties and be allowed to make informed choices about what is stored on their device. The ICO is working with industry and other European Data Protection authorities to assist in addressing the complexities of this scenario. The Internet Advertising Bureau has also recently released its cross-European self-regulatory framework<http://www.iabeurope.eu/media/51925/iab%20europe%20oba%20framework_merged%20ii.pdf> for online behavioural advertising (OBA). Although arguably not sufficient to obtain consent, the framework requires organisations to use an icon with OBA that can direct users to a site with further information and details about how to refuse or turn off OBA advertisements.


Direct Marketing Association (DMA) Guidance



The DMA has also issued some guidance which is broadly in line with the ICO guidance. The DMA guidance<http://www.dma.org.uk/_attachments/Resources/7048_S4.html> does provide additional details around categorising types of cookies and how to deal with each category.

What steps should you take now?

The ICO has indicated that if it were to receive a complaint about a website, it would expect an organisation's response to set out how it has considered the new requirements and to have a realistic plan to achieve compliance






My take on it
It's quite long but if you take the time to read it it does make sense and you can find where your business fits.

If you are using cookies for your basket you do not need to worry as these are "strictly necessary".

On the view of Google Analytics, GA uses javascript and writes the information to a database so there are no cookies involved, however if you are split testing then cookies are used.

If you are tracking users across multiple sites then you definitley need to rethink your tracking strategy. But if you are only tracking visitors on your site without using cookies and the cookies that are used have no alternatives then you do not need to worry.

The things that will be affected are these site trackers that change the content depending on what a user has viewed. We were going to sign up with one a couple of months ago, thankfully we put it on hold.


Steve
Sex toys from a UK sex shop including vibrators and dildos.

Edited by - Steve2507 on May 24 2011 09:12:30
Go to Top of Page

Sharon
VP-ASP Super User

353 Posts

Posted - May 24 2011 :  10:45:15  Show Profile  Visit Sharon's Homepage  Reply with Quote
quote:
Originally posted by Steve2507

My take on it
It's quite long but if you take the time to read it it does make sense and you can find where your business fits.

If you are using cookies for your basket you do not need to worry as these are "strictly necessary".


Thanks Steve, you've made it a clot clearer for me.
Go to Top of Page

Steve2507
VP-ASP Expert

590 Posts

Posted - May 25 2011 :  03:46:32  Show Profile  Reply with Quote
No problem, glad to help.


Steve
Sex toys from a UK sex shop including vibrators and dildos.
Go to Top of Page

carfin
VP-ASP Expert

United Kingdom
948 Posts

Posted - May 25 2011 :  03:58:05  Show Profile  Reply with Quote
Yes, thank you Steve, in particular for the Google Analytics part. I didn't realise they do not use cookies for their standard statistics collection.
Seems like our site will only require one user agreement prompt and we can slot that in on the registration page with a check box :)

Carrol
www.deanston-electrical.co.uk
Go to Top of Page

carfin
VP-ASP Expert

United Kingdom
948 Posts

Posted - May 31 2011 :  03:49:16  Show Profile  Reply with Quote
Just checked out exactly what Google Analytics does, and cookies are definitely involved, and there are lots of them, some permanent, some session. Here's the list -
http://code.google.com/apis/analytics/docs/concepts/gaConceptsCookies.html
Back to the drawing board for obtaining consent from every visitor, or I think we might just turn the tracking stats off.

Regards,

Carrol
www.deanston-electrical.co.uk
Go to Top of Page

support
Administrator

4266 Posts

Posted - May 31 2011 :  07:55:19  Show Profile  Visit support's Homepage  Reply with Quote
My feeling is that Google will come out with a solution for this as this will have a massive impact on their analytics tools.

I could be wrong but would suggest you watch this space so to speak.

Thank you

Cam Flanigan
VPASP Support
Go to Top of Page

carfin
VP-ASP Expert

United Kingdom
948 Posts

Posted - May 31 2011 :  09:07:23  Show Profile  Reply with Quote
Yes I'm sure Google will come up with something soon but until then, according to the ICO's guidelines and recommendations, our site is now fully compliant

Here is how I have implemented this.

To all visitors there is a notice added to shoppagetrailer.htm about our site using cookies and to adjust their browser privacy settings if they don't want to accept them, with a link to our privacy policy page which contains information about the cookies that we use.

Registered users who signed up before 25th May have a link on the Customer Service page to send us their consent, which is recorded in our Trade Customers table (an existing custom table to check registered business accounts). The link will only appear to customers where consent recorded is false. We also have a small graphic on the left column to let users know that we are compliant with the consent legislation.

Users who register after 25th May have to check a box on our verify trade account page before they can register on the site. No cookies = no registration, because there's no point in them registering if they do not consent to cookies as they won't be able to see prices, stock levels or special offers etc.

Perhaps the VP-ASP developers could think about adding a checkbox to the customer registration page for consent to cookies, for sites that are based in EU countries.

Regards,

Carrol
www.deanston-electrical.co.uk

Go to Top of Page

Letraset
Starting Member

9 Posts

Posted - May 23 2012 :  08:05:33  Show Profile  Visit Letraset's Homepage  Reply with Quote
This is an old topic ...but ...it would be great if VPASP could produce a list of cookies and their purpose. They may not be relevant in regards to the new legislation, however, customers are still going to be aware that cookies are present. It would be helpful if they knew the ‘function’ of the VPASP cookies, and why disabling them may harm their experience on the site. If anyone sought to list the cookies for those customers who want this level of visibility, having a ready-available list would make it easy to do so.

Personally I think it would help customers understand that cookies are also used for function, not just as "evil corporate spies" lurking on their computer. This level of visibility also gives sites credibility with their customers.

Kind Regards
K.

Go to Top of Page

support
Administrator

4266 Posts

Posted - May 29 2012 :  00:23:24  Show Profile  Visit support's Homepage  Reply with Quote
Hi guys,

I have just posted a blog on this topic here - http://www.vpasp.com/blog/VPASP-and-the-EU-Cookie-Law/

Please let me know your thoughts.

Thank you

Cam Flanigan
VPASP Support
Go to Top of Page

devshb
Senior Member

United Kingdom
1898 Posts

Posted - June 23 2012 :  08:45:28  Show Profile  Visit devshb's Homepage  Reply with Quote
A week or so ago (a year after the legislation was created, and 48 hours before the "grace" period expired) the UK ICO decided that only "implied" consent was required.

ie you no longer have to have a big "WE USE COOKIES" banner popup on your site which drives all your customers away.
No countries other than the UK are even thinking of enforcing this in their countries, despite it being an EU directive.

The rest of Europe will simply ignore it, and obviously no company/site outside the EU will do anything about it either.

So, that puts UK companies at a massive unfair disadvantage, firstly because nobody outside the EU will be doing anything about it, secondly because out of all the EU countries, the UK is the only one which has a government that's stupid enough to not understand the damage enforcing this law will do, and thirdly the few UK sites who actually DO comply with the law will be put at a massive disadvantage compared to the UK companies who DON'T comply.

The directive had good intentions, and I've always been a very pro-privacy person, but I don't believe it's right that every single website in the UK should be teaching their customers the technicalities of what cookies are for and how the internet works, and scaring them off by trying to explain something that virtually every website on the planet does.

It's like going into a mobile phone shop, and before you're even allowed to look at the phones, a sales rep comes up to you demanding that you sign a piece of paper that says:
"Each phone that I look at will have an antenna. I understand that without an internal antenna, my phone might not function correctly."

It's just not the job of site/business owners to tell their visitors the detailed technicalities of how the internet works.

I don't think I'm the only person with that view, either. Virtually no large UK retail company is complying with the law. All they're doing is putting a cookie text link on their footer, and linking that to a page which basically says:
"We use cookies. Without cookies our site/business can't function, and neither can any other site. If you don't accept this, then either disable cookies in your browser or don't use our site."

Simon Barnaby
Developer
[email protected]
www.BigYellowZone.com
www.BigYellowKey.com
Follow us on Twitter: http://twitter.com/bigyellowzone
Web Design, Online Marketing and VPASP addons
Go to Top of Page

devshb
Senior Member

United Kingdom
1898 Posts

Posted - June 26 2012 :  04:46:48  Show Profile  Visit devshb's Homepage  Reply with Quote
Those of you not from the UK probably won't know this, but ironically enough one of the first people to have had a complaint made against their site not being compliant with the new cookie law was an English MP from the same party/government that is trying to enforce the law (https://menshn.com/).

(they're now compliant, kind of)

Oh, the irony of it all.

It'll be fascinating to see what the response is from all the top 50 uk retailers who the ICO wrote to recently to ask why their sites didn't comply.

Simon Barnaby
Developer
[email protected]
www.BigYellowZone.com
www.BigYellowKey.com
Follow us on Twitter: http://twitter.com/bigyellowzone
Web Design, Online Marketing and VPASP addons
Go to Top of Page
Page: of 2 Previous Topic Topic Next Topic  
Next Page
 New Topic  Reply to Topic
 Printer Friendly
Jump To:
Snitz Forums 2000