phpBB and the EU cookie law - the cookie opt-in regulation

Do not post support requests, bug reports or feature requests. Discuss phpBB here. Non-phpBB related discussion goes in General Discussion!
Ideas Centre
Post Reply
User avatar
DutchToxophilite
Registered User
Posts: 175
Joined: Fri Dec 14, 2007 9:59 pm
Location: Venlo - The Netherlands
Contact:

phpBB and the EU cookie law - the cookie opt-in regulation

Post by DutchToxophilite » Tue Nov 17, 2009 2:16 pm

Hi.

My question is for the development team.

Any thoughts yet on the upcoming EU cookie opt-in regulation?
http://www.out-law.com/page-10021
I have not found any better link yet.

This could have some major consequenses for sites hosted in the EU.

As the cookies are handled by the phpbb3 core, the core should also handle the cookies opt-in.

grtz,
Twan
You are never to old to be stubern.....

User avatar
stevemaury
Support Team Member
Support Team Member
Posts: 50916
Joined: Thu Nov 02, 2006 12:21 am
Location: The U.P.
Name: Steve
Contact:

Re: regarding the cookie opt-in regulation

Post by stevemaury » Tue Nov 17, 2009 4:38 pm

As far as registered users are concerned, this would seem to be an exemption to the opt-in in the case of phpbb:
This shall not prevent any technical storage or access for the sole purpose of carrying out the transmission of a communication over an electronic communications network, or as strictly necessary in order for the provider of an information society service explicitly requested by the subscriber or user to provide the service.
Moving to Discussion.
For REALLY good and VERY inexpensive hosting CLICK HERE

I can stop all your spam. I can upgrade or update your Board. PM or email me. (Paid support)

User avatar
DutchToxophilite
Registered User
Posts: 175
Joined: Fri Dec 14, 2007 9:59 pm
Location: Venlo - The Netherlands
Contact:

Re: regarding the cookie opt-in regulation

Post by DutchToxophilite » Tue Nov 17, 2009 4:58 pm

So basically you say, that the users allready except the cookies as they register for the site?

grtz,
Twan
You are never to old to be stubern.....

User avatar
Eelke
QA Team
Posts: 2903
Joined: Thu Dec 20, 2001 8:00 am
Location: NL, Bussum
Name: Eelke Blok
Contact:

Re: regarding the cookie opt-in regulation

Post by Eelke » Tue Nov 17, 2009 6:39 pm

Actually, it would appear that the sole action of opening the site (which could be considered "explicitly requesting a service") is enough consent to use cookies to store session information. Such cookies are "necessary in order for the provider of an information society service [...] to provide the service". Only if the cookies are not required to provide the service (i.e. tracking cookies) would it be required to get explicit consent.

If I am wrong, this is a far wider problem than unique to phpBB, there are many, many websites that rely on cookies for their session management. You should be able to find a lot more information on sites that have a wider scope that just phpBB. (Maybe you already did and you can point us to resources explaining that this really is a concern).
Last edited by Eelke on Tue Nov 17, 2009 6:43 pm, edited 1 time in total.

User avatar
stevemaury
Support Team Member
Support Team Member
Posts: 50916
Joined: Thu Nov 02, 2006 12:21 am
Location: The U.P.
Name: Steve
Contact:

Re: regarding the cookie opt-in regulation

Post by stevemaury » Tue Nov 17, 2009 6:42 pm

Yes, as I read that again, any cookies necessary to provide a requested service (i.e. the content of the site you opened) are not covered by this law. I agree with Eelke.
For REALLY good and VERY inexpensive hosting CLICK HERE

I can stop all your spam. I can upgrade or update your Board. PM or email me. (Paid support)

User avatar
DutchToxophilite
Registered User
Posts: 175
Joined: Fri Dec 14, 2007 9:59 pm
Location: Venlo - The Netherlands
Contact:

Re: regarding the cookie opt-in regulation

Post by DutchToxophilite » Tue Nov 17, 2009 6:50 pm

Hi Eelke.

I can not find any sites, at this moment, regarding this topic.
But I see you should be able to read Dutch.
Webwereld - Cookies aan banden

This is the original article that got me thinking.

And indeed, the problems could be much larger.
Google analytics which is an very good tool for Admins is much "bigger shit" as you might say.

Still I am not sure how this would translate completely to community sites like the ones running phpbb.

grtz,
Twan
You are never to old to be stubern.....

User avatar
Eelke
QA Team
Posts: 2903
Joined: Thu Dec 20, 2001 8:00 am
Location: NL, Bussum
Name: Eelke Blok
Contact:

Re: regarding the cookie opt-in regulation

Post by Eelke » Tue Nov 17, 2009 6:56 pm

Reading between the lines in that article I still think that phpBB does not have a problem. Google Analytics is something I did realize may be a different matter. It sure would suck having to ask users whether they will allow the site to track their ways (although I expect Google to provide a solution for the actual technical implementation).

ToonArmy
Former Team Member
Posts: 4608
Joined: Sat Mar 06, 2004 5:29 pm
Location: Worcestershire, UK
Name: Chris Smith
Contact:

Re: regarding the cookie opt-in regulation

Post by ToonArmy » Tue Nov 17, 2009 8:56 pm

I really do see this as been totally crazy, we'll see how things pan out. In it's current implementation it's the site owners responsibility to ensure this policy is adhered to, I expect phpBB's cookie use is fine. We'll see.
Eelke wrote:Google Analytics is something I did realize may be a different matter.
Considering this is to try and cripple ad providers tracking of visits around the web and Analytics uses the same sorts of methods its bound to fall foul. Ironic really as the Information Society and Media Directorate-General uses Google Analytics.
Chris SmithGitHub

User avatar
drathbun
Former Team Member
Posts: 12204
Joined: Thu Jun 06, 2002 3:51 pm
Location: TOPICS_TABLE
Contact:

Re: regarding the cookie opt-in regulation

Post by drathbun » Tue Nov 17, 2009 11:03 pm

So host your own statistics package instead of donating all of your data to google. :P

From what I understand, google's package is based on urchin. My host offers urchin as a self-hosted option, meaning there's no need to use google or any third party tracking software.
I blog about phpBB: phpBBDoctor blog
Still using phpbb2? So am I! Click below for details
Image

ToonArmy
Former Team Member
Posts: 4608
Joined: Sat Mar 06, 2004 5:29 pm
Location: Worcestershire, UK
Name: Chris Smith
Contact:

Re: regarding the cookie opt-in regulation

Post by ToonArmy » Wed Nov 18, 2009 6:38 am

drathbun wrote:So host your own statistics package instead of donating all of your data to google. :P

From what I understand, google's package is based on urchin. My host offers urchin as a self-hosted option, meaning there's no need to use google or any third party tracking software.
From my understanding you'd still need users to opt in to receive those cookies.
Chris SmithGitHub

User avatar
Eelke
QA Team
Posts: 2903
Joined: Thu Dec 20, 2001 8:00 am
Location: NL, Bussum
Name: Eelke Blok
Contact:

Re: regarding the cookie opt-in regulation

Post by Eelke » Wed Nov 18, 2009 7:19 am

Considering this is to try and cripple ad providers tracking of visits around the web and Analytics uses the same sorts of methods its bound to fall foul.
True. You could even remove the capital A from Analytics. If you want to track stuff like returning visitors and tie together individual page views to see how long people reside on your site, any analytics package would have to use some sort of tracking cookie. Essential to be able to provide the service? That's a stretch.

This very much sounds like something that has (as so often) been devised by people who don't really understand the technology. Yes, the technology can be used for some foul stuff. So, I suggest we ban all letter boxes in order to prevent any more paper spam.

User avatar
drathbun
Former Team Member
Posts: 12204
Joined: Thu Jun 06, 2002 3:51 pm
Location: TOPICS_TABLE
Contact:

Re: regarding the cookie opt-in regulation

Post by drathbun » Wed Nov 18, 2009 2:57 pm

ToonArmy wrote:
drathbun wrote:So host your own statistics package instead of donating all of your data to google. :P

From what I understand, google's package is based on urchin. My host offers urchin as a self-hosted option, meaning there's no need to use google or any third party tracking software.
From my understanding you'd still need users to opt in to receive those cookies.
Urchin does not use cookies. It does not track individual visitors, instead it tracks something it calls "sessions" which are an approximation.
Visitor tracking methods include either Javascript tracking similar to Google Analytics with the UTM (Urchin Traffic Monitor) or IP+UserAgent tracking
The latter case does not require cookies and is what I use.
I blog about phpBB: phpBBDoctor blog
Still using phpbb2? So am I! Click below for details
Image

ToonArmy
Former Team Member
Posts: 4608
Joined: Sat Mar 06, 2004 5:29 pm
Location: Worcestershire, UK
Name: Chris Smith
Contact:

Re: regarding the cookie opt-in regulation

Post by ToonArmy » Sun Nov 29, 2009 3:25 pm

There is a write up here: http://www.theregister.co.uk/2009/11/25/cookie_law/ and http://www.out-law.com/page-10021. I really don't see how it can work, the website doesn't actually store any content, it asks the browser to store the content which the browser can refuse. What's more the website doesn't read the cookie, it's sent by the browser if it exists not something the site can control.
Chris SmithGitHub

littleheadspin
Registered User
Posts: 35
Joined: Mon Dec 20, 2010 1:37 pm

New EU Cookie Laws. Do we need to worry?

Post by littleheadspin » Fri May 27, 2011 10:55 pm

The EU will bring in new cookie laws. The EU has given websites 1 year to adopt to the laws

here is the full document outlineing the new laws and rules
ICO guidance

I havent read it all but some of the bits I have quoted some bits from news sources:

"The ICO guidance says websites cannot rely on browser settings to decide whether a user consents to having his or her online activity tracked, and that, in most cases, sites should seek explicit consent from the visitor."

What will this mean for PHPbb3's cookies, are they fine? or will there be a future update?
Last edited by tbackoff on Sat May 28, 2011 5:47 am, edited 1 time in total.
Reason: moved from Support to phpBB Discussion

User avatar
tbackoff
Former Team Member
Posts: 7022
Joined: Thu Jun 04, 2009 1:41 am
Location: cheerleading practice
Name: Tabitha Backoff

Re: New EU Cookie Laws. Do we need to worry?

Post by tbackoff » Sat May 28, 2011 6:32 am

Anyway, I think Kevin said it best:
Kevin Clark wrote:The privacy policy, which all of your users have agreed to through clicking 'yes' on the T&C page on registration, clearly states cookies are collected and what they're used for. That policy is also freely available on the login page.
The new requirement is essentially that cookies can only be placed on machines where the user or subscriber has given their consent.
They've done that.
Flying is the second best thrill to cheerleaders; being caught is the first.

Post Reply

Return to “phpBB Discussion”