phpBB and the EU cookie law - the cookie opt-in regulation

Do not post support requests, bug reports or feature requests. Discuss phpBB here. Non-phpBB related discussion goes in General Discussion!
Anti-Spam Guide
User avatar
DutchToxophilite
Registered User
Posts: 175
Joined: Fri Dec 14, 2007 9:59 pm
Location: Venlo - The Netherlands

phpBB and the EU cookie law - the cookie opt-in regulation

Post by DutchToxophilite »

Hi.

My question is for the development team.

Any thoughts yet on the upcoming EU cookie opt-in regulation?
http://www.out-law.com/page-10021
I have not found any better link yet.

This could have some major consequenses for sites hosted in the EU.

As the cookies are handled by the phpbb3 core, the core should also handle the cookies opt-in.

grtz,
Twan
You are never to old to be stubern.....
User avatar
stevemaury
Support Team Member
Support Team Member
Posts: 52797
Joined: Thu Nov 02, 2006 12:21 am
Location: The U.P.
Name: Steve

Re: regarding the cookie opt-in regulation

Post by stevemaury »

As far as registered users are concerned, this would seem to be an exemption to the opt-in in the case of phpbb:
This shall not prevent any technical storage or access for the sole purpose of carrying out the transmission of a communication over an electronic communications network, or as strictly necessary in order for the provider of an information society service explicitly requested by the subscriber or user to provide the service.
Moving to Discussion.
I can stop all your spam. I can upgrade or update your Board. PM or email me. (Paid support)
User avatar
DutchToxophilite
Registered User
Posts: 175
Joined: Fri Dec 14, 2007 9:59 pm
Location: Venlo - The Netherlands

Re: regarding the cookie opt-in regulation

Post by DutchToxophilite »

So basically you say, that the users allready except the cookies as they register for the site?

grtz,
Twan
You are never to old to be stubern.....
User avatar
Eelke
Registered User
Posts: 2903
Joined: Thu Dec 20, 2001 8:00 am
Location: NL, Bussum
Name: Eelke Blok

Re: regarding the cookie opt-in regulation

Post by Eelke »

Actually, it would appear that the sole action of opening the site (which could be considered "explicitly requesting a service") is enough consent to use cookies to store session information. Such cookies are "necessary in order for the provider of an information society service [...] to provide the service". Only if the cookies are not required to provide the service (i.e. tracking cookies) would it be required to get explicit consent.

If I am wrong, this is a far wider problem than unique to phpBB, there are many, many websites that rely on cookies for their session management. You should be able to find a lot more information on sites that have a wider scope that just phpBB. (Maybe you already did and you can point us to resources explaining that this really is a concern).
Last edited by Eelke on Tue Nov 17, 2009 6:43 pm, edited 1 time in total.
User avatar
stevemaury
Support Team Member
Support Team Member
Posts: 52797
Joined: Thu Nov 02, 2006 12:21 am
Location: The U.P.
Name: Steve

Re: regarding the cookie opt-in regulation

Post by stevemaury »

Yes, as I read that again, any cookies necessary to provide a requested service (i.e. the content of the site you opened) are not covered by this law. I agree with Eelke.
I can stop all your spam. I can upgrade or update your Board. PM or email me. (Paid support)
User avatar
DutchToxophilite
Registered User
Posts: 175
Joined: Fri Dec 14, 2007 9:59 pm
Location: Venlo - The Netherlands

Re: regarding the cookie opt-in regulation

Post by DutchToxophilite »

Hi Eelke.

I can not find any sites, at this moment, regarding this topic.
But I see you should be able to read Dutch.
Webwereld - Cookies aan banden

This is the original article that got me thinking.

And indeed, the problems could be much larger.
Google analytics which is an very good tool for Admins is much "bigger shit" as you might say.

Still I am not sure how this would translate completely to community sites like the ones running phpbb.

grtz,
Twan
You are never to old to be stubern.....
User avatar
Eelke
Registered User
Posts: 2903
Joined: Thu Dec 20, 2001 8:00 am
Location: NL, Bussum
Name: Eelke Blok

Re: regarding the cookie opt-in regulation

Post by Eelke »

Reading between the lines in that article I still think that phpBB does not have a problem. Google Analytics is something I did realize may be a different matter. It sure would suck having to ask users whether they will allow the site to track their ways (although I expect Google to provide a solution for the actual technical implementation).
ToonArmy
Former Team Member
Posts: 4608
Joined: Sat Mar 06, 2004 5:29 pm
Location: Worcestershire, UK
Name: Chris Smith

Re: regarding the cookie opt-in regulation

Post by ToonArmy »

I really do see this as been totally crazy, we'll see how things pan out. In it's current implementation it's the site owners responsibility to ensure this policy is adhered to, I expect phpBB's cookie use is fine. We'll see.
Eelke wrote:Google Analytics is something I did realize may be a different matter.
Considering this is to try and cripple ad providers tracking of visits around the web and Analytics uses the same sorts of methods its bound to fall foul. Ironic really as the Information Society and Media Directorate-General uses Google Analytics.
Chris SmithGitHub
User avatar
drathbun
Former Team Member
Posts: 12204
Joined: Thu Jun 06, 2002 3:51 pm
Location: TOPICS_TABLE

Re: regarding the cookie opt-in regulation

Post by drathbun »

So host your own statistics package instead of donating all of your data to google. :P

From what I understand, google's package is based on urchin. My host offers urchin as a self-hosted option, meaning there's no need to use google or any third party tracking software.
I blog about phpBB: phpBBDoctor blog
Still using phpbb2? So am I! Click below for details
Image
ToonArmy
Former Team Member
Posts: 4608
Joined: Sat Mar 06, 2004 5:29 pm
Location: Worcestershire, UK
Name: Chris Smith

Re: regarding the cookie opt-in regulation

Post by ToonArmy »

drathbun wrote:So host your own statistics package instead of donating all of your data to google. :P

From what I understand, google's package is based on urchin. My host offers urchin as a self-hosted option, meaning there's no need to use google or any third party tracking software.
From my understanding you'd still need users to opt in to receive those cookies.
Chris SmithGitHub
User avatar
Eelke
Registered User
Posts: 2903
Joined: Thu Dec 20, 2001 8:00 am
Location: NL, Bussum
Name: Eelke Blok

Re: regarding the cookie opt-in regulation

Post by Eelke »

Considering this is to try and cripple ad providers tracking of visits around the web and Analytics uses the same sorts of methods its bound to fall foul.
True. You could even remove the capital A from Analytics. If you want to track stuff like returning visitors and tie together individual page views to see how long people reside on your site, any analytics package would have to use some sort of tracking cookie. Essential to be able to provide the service? That's a stretch.

This very much sounds like something that has (as so often) been devised by people who don't really understand the technology. Yes, the technology can be used for some foul stuff. So, I suggest we ban all letter boxes in order to prevent any more paper spam.
User avatar
drathbun
Former Team Member
Posts: 12204
Joined: Thu Jun 06, 2002 3:51 pm
Location: TOPICS_TABLE

Re: regarding the cookie opt-in regulation

Post by drathbun »

ToonArmy wrote:
drathbun wrote:So host your own statistics package instead of donating all of your data to google. :P

From what I understand, google's package is based on urchin. My host offers urchin as a self-hosted option, meaning there's no need to use google or any third party tracking software.
From my understanding you'd still need users to opt in to receive those cookies.
Urchin does not use cookies. It does not track individual visitors, instead it tracks something it calls "sessions" which are an approximation.
Visitor tracking methods include either Javascript tracking similar to Google Analytics with the UTM (Urchin Traffic Monitor) or IP+UserAgent tracking
The latter case does not require cookies and is what I use.
I blog about phpBB: phpBBDoctor blog
Still using phpbb2? So am I! Click below for details
Image
ToonArmy
Former Team Member
Posts: 4608
Joined: Sat Mar 06, 2004 5:29 pm
Location: Worcestershire, UK
Name: Chris Smith

Re: regarding the cookie opt-in regulation

Post by ToonArmy »

There is a write up here: http://www.theregister.co.uk/2009/11/25/cookie_law/ and http://www.out-law.com/page-10021. I really don't see how it can work, the website doesn't actually store any content, it asks the browser to store the content which the browser can refuse. What's more the website doesn't read the cookie, it's sent by the browser if it exists not something the site can control.
Chris SmithGitHub
littleheadspin
Registered User
Posts: 35
Joined: Mon Dec 20, 2010 1:37 pm

New EU Cookie Laws. Do we need to worry?

Post by littleheadspin »

The EU will bring in new cookie laws. The EU has given websites 1 year to adopt to the laws

here is the full document outlineing the new laws and rules
ICO guidance

I havent read it all but some of the bits I have quoted some bits from news sources:

"The ICO guidance says websites cannot rely on browser settings to decide whether a user consents to having his or her online activity tracked, and that, in most cases, sites should seek explicit consent from the visitor."

What will this mean for PHPbb3's cookies, are they fine? or will there be a future update?
Last edited by tbackoff on Sat May 28, 2011 5:47 am, edited 1 time in total.
Reason: moved from Support to phpBB Discussion
User avatar
tbackoff
Former Team Member
Posts: 7068
Joined: Thu Jun 04, 2009 1:41 am
Location: cheerleading practice
Name: Tabitha Backoff

Re: New EU Cookie Laws. Do we need to worry?

Post by tbackoff »

Anyway, I think Kevin said it best:
Kevin Clark wrote:The privacy policy, which all of your users have agreed to through clicking 'yes' on the T&C page on registration, clearly states cookies are collected and what they're used for. That policy is also freely available on the login page.
The new requirement is essentially that cookies can only be placed on machines where the user or subscriber has given their consent.
They've done that.
Flying is the second best thrill to cheerleaders; being caught is the first.

Return to “phpBB Discussion”