I'm trying to understand my obligations regarding the new EEC cookie law but it isn't that clear. Work for lawyers must be thin on the ground at the moment :)
I'm guessing that .net ID cookie is strictly necessary as it pertains to the running of the site, but what about an ID cookie that is simply used for persistent identification between the users PC and the database?
I'm thinking, data rather than settings. For instance if a user wants to save a product to a list and return to the same list 1 day later.
We couldn’t send cookie to the visitors’ machine until they have consented. It is a provision in the EU cookie law. However, if the cookie is strictly necessary and has explicitly requested by the user we can take the user from the page without the user’s
agreement. You can give a choice to the user before you store ID cookie in the user PC. Then you won’t break the EU cookie law. You can refer to the below link about the EU cookie law.
I'm thinking, data rather than settings. For instance if a user wants to save a product to a list and return to the same list 1 day later.
You can effectively gain consent for cookies like this at the moment of interaction.
For example - consent is implied when someone adds something to a shopping basket, and you don't need an additional consent because the cookie is essential to the core functionality of your site.
The functionality you describe may be reasonably covered by the notion of implied consent, but if you wanted to be on the safe side you could add a little help text near the relevant button saying something like "your selections will be saved to a cookie".
For everything else - the non-essential stuff, you may want to remove cookie dropping scripts all together or apply a global consent solution like
Cookie Control.
sephiroth100
Participant
1118 Points
1001 Posts
EEC Cookie law
Apr 17, 2012 08:44 AM|LINK
Hi,
I'm trying to understand my obligations regarding the new EEC cookie law but it isn't that clear. Work for lawyers must be thin on the ground at the moment :)
I'm guessing that .net ID cookie is strictly necessary as it pertains to the running of the site, but what about an ID cookie that is simply used for persistent identification between the users PC and the database?
I'm thinking, data rather than settings. For instance if a user wants to save a product to a list and return to the same list 1 day later.
Has anyone had experience of this yet?
Thanks.
John
Qi Wu - MSFT
Contributor
5794 Points
677 Posts
Re: EEC Cookie law
Apr 19, 2012 06:15 AM|LINK
Hi,
We couldn’t send cookie to the visitors’ machine until they have consented. It is a provision in the EU cookie law. However, if the cookie is strictly necessary and has explicitly requested by the user we can take the user from the page without the user’s agreement. You can give a choice to the user before you store ID cookie in the user PC. Then you won’t break the EU cookie law. You can refer to the below link about the EU cookie law.
http://www.zdnet.co.uk/news/regulation/2010/06/28/dont-overbake-fear-of-eu-cookie-law-40089367/
If you have any feedback about my replies, please contact msdnmg@microsoft.com
Microsoft One Code Framework
Mark Steven
Member
14 Points
2 Posts
Re: EEC Cookie law
Apr 20, 2012 01:17 PM|LINK
You can effectively gain consent for cookies like this at the moment of interaction.
For example - consent is implied when someone adds something to a shopping basket, and you don't need an additional consent because the cookie is essential to the core functionality of your site.
The functionality you describe may be reasonably covered by the notion of implied consent, but if you wanted to be on the safe side you could add a little help text near the relevant button saying something like "your selections will be saved to a cookie".
For everything else - the non-essential stuff, you may want to remove cookie dropping scripts all together or apply a global consent solution like Cookie Control.