IIRC ICO had rather strongly indicated that this would be the case. I'm not surprised, but let's face it -- even if they did enforce a fine it would almost certainly be so laughably small as to make it useless as a deterrent.
"Do Not Track" looks totally insane to me. First, why is it desinged to be an opt-out system?! Second, why does its correct implementation depend on the mercy of the respective website?
Well, the latter might be working if enforced by every legislation in the world. But the former ensures it will never solve the problem: "Oh, this user explicitly asked us not to track her, so it might be especially interesting to track that one."
In other words: More work for white hats, less work for black hats.
I'd rather see this issue solved on client side. For instance, by improving the "incognito" mode of Chromium, combined with a law that protects operators of Tor end nodes.
I too would like to see the issue addressed on the client. A user should be able to configure their tracking settings in the browser, which should be respected by sites. Legislation would require sites to adhere to these settings. DNT is one such standard to achieve this.
Also, global legislation is not necessary to effect change. Laws affecting one region can effect changes in all. For example; EU based companies are required to comply with EU law. They in-turn require their product suppliers to comply, wherever they are based, or risk losing their business.
If nothing else, the 'cookie law' has demonstrated this. Google, Yahoo & Disqus (among others) have changed their products in response to the law.
> I too would like to see the issue addressed on the client. A user should be able to configure their tracking settings in the browser, which should be respected by sites.
No, that would be addressing the problem at the server side, which is not quite what I had in mind.
Solving this on the client side means: The browser should make it as hard as possible for websites to track the user. Unless, of course, the user explicitly opts in to be recognized and tracked by this site (e.g. by registering and logging in).
The technologies used to track users across sites are the same as those used for 'regular' browsing. Are you suggesting crippling web browsers as a solution?
I'm suggesting that the current law, while well intentioned, offers us in the industry little explanation of how we are supposed to comply. And thanks to the indifference of the ICO, changes nothing.
DNT puts forward a solution, that with the backing of legislators and browser vendors, has a chance of educating and empowering web user about online privacy.
This legislation makes me die a little inside each time it comes up, utterly futile crap that will be ignored or worked around via more nefarious means by those that abuse tracking methods anyway.
Why they didnt legislate that it be baked into the browser, where the problem should be solved, I will never know.
The UK can't legislate that anything be baked into browser because, because they would have a lot of trouble enforcing it. If Firefox decides they won't put the feature in what can the UK do? Also, in all likelihoods this feature would have an off button that most site would require to work anyways so it would be very pointless.
My understanding is that it depends what you are using them for. Keeping items in a shopping cart is fine, remembering a name in a comment form is not (strictly).
Once again, this is non-news, only made into news because of the ongoing anti-EU FUD.
The basis of the EU directive is sound. Actually turning it into (enforceable) legislation is the hard part. Most regulatory bodies in the EU consider it an iterative process to be figured out in cooperation with the industry, and nobody is planning to start doling out fines in the near future.
However, the industry's arrogant attitude of doing fuck-all until the law comes down on them is not going to help. Lack of self-regulation and blatantly ignoring the principles of existing privacy laws is what triggered EU intervention in the first place.
Basically this whole scare mongering about bureaucratic "anti-cookie" laws is just a self-fulfilling prophecy.
19 comments
[ 3.6 ms ] story [ 52.5 ms ] threadICO are useless. They bend over and take it every time.
http://www.gov.uk/ will eventually replace all the UK government websites. (Thank God...)
Also, the design principles are pretty good.
(https://www.gov.uk/designprinciples)
(EDIT was this before, <strike> What's wrong with it? It's a lot better than the fucking god-awful mess that is DirectGov.</strike>)
I was implying it is better than the messes that are the other UK government websites.
Well, the latter might be working if enforced by every legislation in the world. But the former ensures it will never solve the problem: "Oh, this user explicitly asked us not to track her, so it might be especially interesting to track that one."
In other words: More work for white hats, less work for black hats.
I'd rather see this issue solved on client side. For instance, by improving the "incognito" mode of Chromium, combined with a law that protects operators of Tor end nodes.
Also, global legislation is not necessary to effect change. Laws affecting one region can effect changes in all. For example; EU based companies are required to comply with EU law. They in-turn require their product suppliers to comply, wherever they are based, or risk losing their business.
If nothing else, the 'cookie law' has demonstrated this. Google, Yahoo & Disqus (among others) have changed their products in response to the law.
No, that would be addressing the problem at the server side, which is not quite what I had in mind.
Solving this on the client side means: The browser should make it as hard as possible for websites to track the user. Unless, of course, the user explicitly opts in to be recognized and tracked by this site (e.g. by registering and logging in).
What's next? donotrob.us to opt-out of burglaries?
Tracking without permission is an illegal violation of privacy. You do not "opt-out" of crime with the criminals.
DNT puts forward a solution, that with the backing of legislators and browser vendors, has a chance of educating and empowering web user about online privacy.
Why they didnt legislate that it be baked into the browser, where the problem should be solved, I will never know.
Are session cookies OK are under this law?
The basis of the EU directive is sound. Actually turning it into (enforceable) legislation is the hard part. Most regulatory bodies in the EU consider it an iterative process to be figured out in cooperation with the industry, and nobody is planning to start doling out fines in the near future.
However, the industry's arrogant attitude of doing fuck-all until the law comes down on them is not going to help. Lack of self-regulation and blatantly ignoring the principles of existing privacy laws is what triggered EU intervention in the first place.
Basically this whole scare mongering about bureaucratic "anti-cookie" laws is just a self-fulfilling prophecy.