UK Legislation and Cookies?

[tsrplatelayer]

A law requiring websites to request the user's permission before storing cookies was due to be introduce in May 2011. Companies were given 1 year's grace to comply. Thus we may 5 months left.

Has anyone any input on how to make Zen compliant with this legislation?

See http://www.bbc.co.uk/news/technology-13541250

Advice appreciated.

Thanks

[DrByte]

http://www.zen-cart.com/forum/showthread.php?t=179776

[tsrplatelayer]

Thanks - that didnt come up when I searched

6 months later - Is there any update?

[Kim]

What is there to update? Zen Cart does not store any sensitive information in the cookie.

[schoolboy]

I understand that the introduction of this legislation has been suspended. Like most crap coming out of the EU at Brussels, there is a belated realisation that it makes little or no sense to enact it.

[tsrplatelayer]

What update - well...

Schoolboy says he believes it is suspended - does anyone have a specific reference to show tht is the case?

The guidelines published 6 months ago were draft - have they been updated?
Page 2 of http://www.ico.gov.uk/~/media/docume...egulations.pdf states explicitly that 'the new requirement is essentially that cookies can only be placed on machines where the user or subscriber has given their consent' - there is no allowance for the type of data stored in those cookies just - dont do it without consent.

Page 3 refers to services that have been 'explicitly requested' - but then lists an exception where the cokkie is 'strictly necessary for a service requested by the user' - this sounds like Zen may be exempt - but does anyone have a definitive opinion from a 'leagal eagle' to state that that is indeed the case?

[Kim]

Not trying to be rude here, but getting a legal opinion is up to you.

[tsrplatelayer]

Agreed - but if someone has already asked the question it would be nice to know the anwer they were given

[tsrplatelayer]

http://www.ico.gov.uk/news/blog/2011...ompliance.aspx dated 13 Dec 2011 suggests that it has not been suspended and that new guidelines are available at http://www.ico.gov.uk/news/blog/2011/~/media/documents/library/Privacy_and_electronic/Practical_application/guidance_on_the_new_cookies_regulations.ashx

The new guidelines (see link in above) says
Page 5 states

Consent
The Regulations require that users or subscribers consent. Directive 95/46/EC (the Data Protection Directive on which the UK Data Protection Act 1998 (the DPA) is based) defines ‘the data subject’s consent’ as:
‘any freely given specific and informed indication of his wishes by which the data subject signifies his agreement to personal data relating to him being processed’.
Consent must involve some form of communication where the individual knowingly indicates their acceptance. This may involve clicking an icon, sending
an email or subscribing to a service. The crucial consideration is that the individual must fully understand that by the action in question they will be giving consent.

Pages 8-10 have some indicators to exceptions
Page 14 has an example text
Page 16 has a sample ‘get consent’
Page 18 seems to relate to accessibility settings
Page 23 says the regulations do not just apply where personal data is being processed

[dw08gm]

What is there to update?

While I am aware of the existence of cookies, I know very little about their structure or the way they work.

Since you have asked, I consider the following would be most helpful:

i) A definitive statement from the Zen Cart team of which cookies do what in a default ZenCart installation. Better still if such statement could be inserted directly into the Privacy Policy or similar document of a default Zen Cart store, subject to modification by the store owner.

ii) A definitive statement from the Zen Cart team listing which existing mods have altered the default cookie and/or have introduced new cookies.

iii) A requirement placed upon future Mod authors that they state whether they have altered the default cookie in any way, and whether any new cookies have been introduced by them via the mod.

Cheers