back to article Brussels cunning plan to save the EU: No more Cookie Popups

Beleaguered Brussels bureaucrats have come up with a cunning plan to make us love the European Union again. They might relax the world’s most hated internet regulation. Directive 2009/136/EC, also known as the "Cookie Directive" has obliged websites hosted in member states to pester users with a popup if the site uses cookies …

  1. ElReg!comments!Pierre

    Love the EU again?

    TBH most of the flak (and perhaps a major cause for Brexit) stems from the feeling that all powers now reside in Brussels, in the hands of unelected bureaucrats (the Comission; because the so-called Parliament has only a consultative role if memory serves).

    That feeling is reinforced by national politicians hiding behind the "it's not me it's the EU" mantra almost everytime they pass an unpopular law. Plus they seem to go out of their way to look like total chumps anyway, ridiculing the whole democratic process (the last point perhaps explaining The Donald, too: when they all act like unfaithful chumps, why not vote for the chumpiest of them all, after all?)

    1. bombastic bob Silver badge
      Meh

      Re: Love the EU again?

      "all powers now reside in Brussels, in the hands of unelected bureaucrats"

      upvote anyway, even if you got the Trump part wrong

    2. Lusty

      Re: Love the EU again?

      "if memory serves"

      It doesn't, you need to go and read how the EU works because it doesn't work how you think it does.

      1. Anonymous Coward
        Anonymous Coward

        Re: Love the EU again?

        @lusty

        Regardless of the technicality of how the EU works the sentiment is the same. And that is the problem! People feel disconnected from the people who hold power in EU, more so than even domestic government - which has its own problems.

        So it would seem that whether or not EU representatives are elected, it makes no difference.

        1. Anonymous Coward
          Anonymous Coward

          Re: Love the EU again?

          Having read a history of the EU, that's by design. The last thing wished for was direct democracy or a republic.

        2. strum

          Re: Love the EU again?

          >Regardless of the technicality of how the EU works the sentiment is the same.

          In other words - you're going to believe what Murdoch told you, even when it has been demonstrated to be false?

          1. David Beck

            Re: Love the EU again?

            Did "Murdoch" write -

            http://www.europarl.org.uk/en/your-meps/what_do_they_do.html

            I believe you'll find this enlightening by what it doesn't say the MEPs do, initiate legislation.

        3. John Brown (no body) Silver badge

          Re: Love the EU again?

          "Regardless of the technicality of how the EU works the sentiment is the same. And that is the problem! People feel disconnected from the people who hold power in EU, more so than even domestic government - which has its own problems."

          But, as mentioned above, that's UK gov telling us that all the problems are caused by "the nasty EU made us do it". Usually it's down to how each national government interprets each EU directive. Here in the UK, the Gov seems to take each Directive literally and enacts laws to implement said directive in it's most extreme form. Meanwhile in, for example, France, the law(s) implementing the same directive seem to be generally more forgiving and lax and work to the assumption that the Directive is guidance rather than dictat.

          Not forgetting, of course, that some of the most outrageous implantations of EU Directives where the gov has blamed the EU were Directives where gov.uk had a big hand in creating them in the first place.

          Despite Cameron and his remainers, you'd almost think that successive governments of the last decade or two had contrived this anti-EU sentiment precisely to get the UK out of the EU.

      2. David Beck

        Re: Love the EU again?

        @Lusty

        It is consultative. The MEPs can only agree, amend or decline what the Commission presents and only then if they need to ask the MEPs at all, that is, not a Directive. The MEPs cannot initiate legislation.

        I'm not using my memory, just -

        http://www.europarl.org.uk/en/your-meps/what_do_they_do.html

        1. Anonymous Coward
          Anonymous Coward

          Re: Love the EU again?

          MEPs can and have told the commission to introduce legislation for them to approve. They also regularly override the commission.

          They have the power to dissolve the commission of they want to.

          The council of ministers (our national governments) also often propose legislation and can keep the commission in check.

          The role of the commission is to speak to the relevant groups and sort out the detail of the law required to do it. They also propose law to solve problems they see in the working of the EU.

          The UK media vision of the commission sitting around all day telling the national government what to do is simply not true.

  2. Anonymous Coward
    Anonymous Coward

    What good will this "relaxation" do?

    I would imagine that 10E-(a large number) of websites don't use cookies at all. Those that do fall into the category of ad-supported, or extracting-the-money-to-run-the-site-from-you-some-other-way. Is there really any point in requiring anything more than a simple declaration somewhere on the site that cookies are used to serve ads?

    From my own experience, users either don't give a f*** or are using adblockers anyway.

    1. Anonymous Coward
      Anonymous Coward

      Re: What good will this "relaxation" do?

      > I would imagine that 10E-(a large number) of websites don't use cookies at all.

      Most sites use cookies in one form or another - to count unique visitors if nothing else.

      The pop-ups were certainly useless. "Click here if you are happy that you are being tracked with cookies. Oh, this banner will stay here forever until you click to say yes. If you don't want to be tracked, then don't visit our site."

      The final irony was once you had clicked the button saying that you had read the cookie policy, the site had to give you a cookie to remember that you had done so.

    2. Electron Shepherd

      Re: What good will this "relaxation" do?

      would imagine that 10E-(a large number) of websites don't use cookies at all

      I suspect it's just the opposite. I can't speak for LAMP-based sites, but if you're using ASP in any flavour, you get cookies as part of the architecture.

      Any e-commerce site will be using them, because without some kind of state management, any form of basket management is impossible. There are alternatives to that which the EU defines as a cookie, such as modifying the URL, storing state in the DOM, or using "Flash cookies", but they are all "worse" than standard HTTP cookies for compatibility and user-acceptance.

      A lot of cookies are benign, anyway, and aren't used for user tracking. Our product is priced in GBP, USD and EUR, and a visitor can select their preferred currency. We pre-select based on a geo-lookup on their first visit, but that's not perfect, and just because, for example, a visitor is in Europe doesn't mean that they always want pricing in Euros. We keep their selected preference in a cookie. No user tracking, just a small convenience for them.

  3. Potemkine Silver badge

    Scapegoats

    Beleaguered Brussels bureaucrats

    European directives have to be voted by the European Parliament, it's not a bureaucratic process decided in some dark office...

    1. inmypjs Silver badge

      Re: Scapegoats

      "European directives have to be voted by the European Parliament, it's not a bureaucratic process decided in some dark office..."

      Err what they get a chance to vote on (and almost always nod through without bothering to understand) is the result of a bureaucratic process in some dark office.

      1. Potemkine Silver badge

        We have the politicians we deserve

        and almost always nod through without bothering to understand

        If you're not satisfied with the people representing you at the Parliament, vote for somebody else or even better, run for the job yourself.

        1. enormous c word

          Re: We have the politicians we deserve

          The point is that in Brussels, we aren't represented by people we voted for. Having a stable Civil Service in the UK (for instance) means that while political parties come and go, at least the business of government can carry on lead by (but unhindered by) whoever just won the most recent popularity vote.

          In Brussels, however, the euro-parliament is a side-show to distract you from the loss of democracy. Actors (former politicians usually) playing the roles of politicians are plied with huge amounts of money and benefits and they play along with it because it's a get-rich quick scheme where the whole family can join in.

    2. David Beck

      Re: Scapegoats

      Depends, if the Commission has already a Directive which exhibits "competency" in the area of the Directive then the Parliament is not needed. If the Directive is a new competency, as allowed by a new or changed treaty, then the Parliament gets to say yes or no (with some small ability to amend). The discussions occur in Brussels but as you know all votes occur in Strasbourg since the French just couldn't stand the idea that the EU offices were all in Belgium. I suggest that we follow and move all UK parliamentary voting to the Isle of Man.

  4. Anonymous Coward
    Anonymous Coward

    Too little, too late!

    Do you really think that websites are going to change their current cookie routines? That takes time and time is money, so I sincerely doubt it. The damage has been done, and we all know which "geniuses" we have to thank for it.

    1. Anonymous Coward
      Anonymous Coward

      Re: Too little, too late!

      They will change because those horrible "accept cookie" notifications piss off their users. It always surprised me that firms followed the misguided directive to put them there in the first place. A one fingered salute would have been more useful.

  5. ratfox
    Windows

    When is it required, then?

    circumstances in which consent is not required can be interpreted more broadly

    When is it required? When do users actually want to be informed that cookies are used to track them? They say that the consent is not needed for analytics cookies, but I believe those are by far the most objectionable cookies, since they are used by Facebook et al to track you across the web. What's left?

    1. John Brown (no body) Silver badge

      Re: When is it required, then?

      "They say that the consent is not needed for analytics cookies, but I believe those are by far the most objectionable cookies,"

      Exactly this. Cookies used to make the site functional, eg preferences, bookmarks, shopping trolleys etc, especially when not from a 3rd party, are fine. The analytics tracking cookies are *precisely* the ones people don't like and are the specific threat to privacy that most people thought this original cookie directive was about.

      Even El Reg only shows a banner telling you they use cookies. There no option to refuse them other than to run your own cookie blocker. Pretty much everyone saw that loophole immediately and simply carried on as normal, bar the warning pop-ups. Although IIRC, the BBC do have options of allow all cookies or allow only functionally required cookies but those options are a bit harder to find.

  6. Baldy50

    Pop off!!!

    http://laughingsquid.com/cookie-monster-no-want-to-delete-cookies/

  7. Spudley

    Does anyone know if there's been a single instance of anyone being fined or prosecuted for not complying with the cookie regulations?

    Not only universally hated but also ambiguous and vague to the point that nobody ever really knew whether they were actually compliant.

    1. Fonant

      Well none of my customers have heard anything, even though I advised them not to bother with a customer-annoying cookie popup.

      This was a classic example of politics and logic being at opposite ends of the spectrum.

  8. Mage Silver badge
    FAIL

    Cookie law

    The implementation totally broke the intent. You can't click NO. So it was useless.

    They put even 1st party cookies on your PC ANYWAY even if you don't click "OK".

    Also they never warn about 3rd party (the evil ones regarding privacy). Why is blocking that OFF by default in Firefox?

    Simply BAN 3rd party cookies.

    Also Google is popping up a giant contract you have to agree to unless you block their cookies.

    Google are also somehow changing Firefox so when Google is blocked they are unblocked and you get their cookies back and then a day or so later their malicious multipage contract terms.

    1. bombastic bob Silver badge
      WTF?

      Re: Cookie law

      "Google are also somehow changing Firefox so when Google is blocked they are unblocked and you get their cookies back and then a day or so later their malicious multipage contract terms."

      uh, whuh?

      if FF is changed like that, time to fork it! [then again it was time to fork FF when the hamburger menu first showed up]

      1. Mage Silver badge
        Linux

        Re: uh, whuh? (Forking?)

        Well, I don't know what Google are actually doing, and certainly Chrome or Edge are worse privacy alternatives.

        I don't have a Mac, I hate iTunes (it's gone off windows) and I mostly now use Linux Mint + Mate rather than Windows, though have WINE on Linux and XP in a VM (no WAN) and Win7 as alternate boot for Windows stuff with no alt Penguin.

    2. Zippy's Sausage Factory

      Re: Cookie law

      And people wonder why I use StartPage...

    3. Anonymous Coward
      Anonymous Coward

      Re: Cookie law

      "You can't click NO. So it was useless."

      My hobby site implemented cookies in the spirit that users might like.

      It doesn't store cookies except if a user fills in a request form that will send that data to the web master. At that point they are prompted to ask if they want the site to generate a cookie. If yes then it remembers the nature of their information.

      If they say no then the form still sends their request - but will not remember their details for any future use of the form.

      At any point they can cancel the stored cookie by bringing up the form and unticking a box.

  9. Mage Silver badge
    Big Brother

    Good and Evil Cookies

    You need cookies on any site you log in on (or fill in a form etc), as stupidly HTML is stateless. This is good use.

    A site blocking their images because you blocked their tracking cookie is malicious, bad. (Guardian and others).

    A third party using cookies and/or scripts (default Facebook button) and/or fonts and/or javascript libraries and/or images (including single clear pixels with unique URL) is an evil abuse of privacy to track your total behaviour all day. Google Analytics and Google DNS is evil, because Google don't just provide the analytics to site, nor your DNS lookups, but add that to the profile.

    Webmasters: Install adverts locally*. Install all scripts locally (ads do get used to serve malware as well as track), install web fonts locally*, only serve your own session tracking cookie, and only if a user is logging in. Anything else is dishonest, privacy busting, less robust and insecure.

    [Locally means your own domain / server farm]

    Dystopian novelists never imagined the lengths that corporations would go to, except maybe John Brunner (Shock Wave Rider) and Harry Harrison ("to the stars trilogy" and the Teddy short story)

    1. Anonymous Coward
      Anonymous Coward

      Re: Good and Evil Cookies

      "You need cookies on any site you log in on (or fill in a form etc), as stupidly HTML is stateless."

      My site uses HTML forms to send data to the webmaster. Storing a cookie is entirely optional if the user wants it to remember the data for their future convenience.

    2. John Brown (no body) Silver badge

      Re: Good and Evil Cookies

      "A site blocking their images because you blocked their tracking cookie is malicious, bad. (Guardian and others)."

      TuCows did this years ago. They directed all file download request via they ad server. Block the ad server and no downloads for you. So I went somewhere else for my "free", PD, shareware, open source stuff. That was about the time I first installed FreeBSD on the spare computer. Now I don't use any of those file download libraries because now I don't use Windows either. TuCows and their ad tracking shenanigans were a direct result of MS losing my business (amongst other reasons, natch!) Now I just install NoScript and Ghostry and am careful about which sites I allow through my defences. It's a balance between whether I deem the site useful and so will "pay" with a bit of my privacy. I don't really mind a site tracking my visits. I do mind facebook, google and their ilk tracking me on sites they don't own.

  10. This post has been deleted by its author

  11. Trigonoceps occipitalis

    uBlock

    I use this to block the cookie warnings - Left Cick-Block Element

    (No connection to etc etc.)

    1. Anonymous Coward
      Anonymous Coward

      Re: uBlock

      Thank you - the annoying El Reg cookie bar is now blocked. :-)

  12. Pseu Donyme

    The only place that mentions "cookie" in 2009/136/EC* is (66):

    "Third parties may wish to store information on the equipment of a user, or gain access to information already stored, for a number of purposes, ranging from the legitimate (such as certain types of cookies) to those involving unwarranted intrusion into the private sphere (such as spyware or viruses). It is therefore of paramount importance that users be provided with clear and comprehensive information when engaging in any activity which could result in such storage or gaining of access. The methods of providing information and offering the right to refuse should be as user-friendly as possible. Exceptions to the obligation to provide information and offer the right to refuse should be limited to those situations where the technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user. Where it is technically possible and effective, in accordance with the relevant provisions of Directive 95/46/EC, the user’s consent to processing may be expressed by using the appropriate settings of a browser or other application. The enforcement of these requirements should be made more effective by way of enhanced powers granted to the relevant national authorities."

    From this I'd gather that cookies needed for shopping carts and such are ok, as are session cookies in general as they are not (permanently) stored on user equipment. "Analytics cookies", if they mean 3rd party tracking cookies, would seem to fall foul of this as they are stored on user equipment and are a privacy menace amounting to spyware. If anything, the latter should be more clearly and categorically banned (at least without explicit consent and a right to refuse without affecting the service).

    * http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32009L0136

    1. Charlie Clark Silver badge
      Thumb Up

      Yes, "strictly necessary" cookies have never been a problem: the people who drafted these documents are not entirely clueless. Banners, such as those used on El Reg, do not constitute informed consent but are easy to copy. As this is how much of the internet works, this is why we see so many of them.

      There is, of course, a problem with what constitutes "strictly necessary". I've argued successfully in the past that this can include statistics as long as the data collected is processed in accordance with the data privacy regulations of the website owner: this excludes Google Analytics, which Google provides as a "free" service in order to track people across websites.

      Of course, in a "post-truth" world privacy can be considered as at best optional and, at worst, dangerous.

  13. Anonymous Coward
    Anonymous Coward

    Slightly off at a tangent. Today I went to the Just Giving site to make a large-ish donation to a seasonal appeal.

    Going through several steps they started to ask for all sorts of personal information. Basically it was mandatory to create a login "account" even for a one-off donation. I read their long privacy statement. It appeared to say they would assume they could do anything they liked with my personal information.

    So no donation to the charity - at least by the published online route.

    https://www.justgiving.com/info/privacy

    1. Anonymous Coward
      Anonymous Coward

      "So no donation to the charity - at least by the published online route."

      JustGiving are JustTaxing charities, taking a fairly substantial take of all donations.

  14. my fingers stuck

    i live cookiez

    me no bothered. i always clear history and cookies after every session..

  15. codejunky Silver badge

    Hmm

    So is the EU trying to win people back after ignoring them? Is the EU trying to feel important while impotent of their real problems? Or is this some bored tinkering?

  16. happy but not clappy
    Thumb Up

    Wait till the GDPR kicks in

    It's brilliant. No more re-targetting without explicit opt-in/opt-out. Mmmmm. Feel that goodness.

  17. Anonymous Coward
    Anonymous Coward

    Self-hosted versus dodgy third parties

    It is possible to act ethically with regard to web statistics cookies (such as using a self-hosted Piwik installation), but unfortunately most site developers just follow the crowd and give away visitor privacy pretty much without even thinking about it: Google Analytics, Google APIs, Google Fonts, CDN networks, which I'm sure must also be tracking usage, embedded unavoidable social network files and scripts, etc. It wouldn't be hard to replace most of these with safe locally hosted files that only load any external content (if needed) once actively triggered by the visitor, but unfortunately these are all designed to be as intrusive as possible.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon