Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

EU Cookie Law

edited May 2012 in Vanilla 2.0 - 2.8


I am wondering if anyone know how to make vanilla forum compliant with the new EU cookie law.


  • can you put a link to the law.

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

  • edited May 2012

    Hi peregrine, The guidance I am working is from the UK ICO

    An other useful site is;

    This is the actual EU directive. But it covers a lot more than internet cookies.

    From what I understand, you need to ask an use permission to store any cookies on their machine, and you to asked that question every time they visit the website.

  • 422422 Developer MVP
  • x00x00 MVP
    edited May 2012

    this is a the dumbest law brought by people who have no clue what they are talking about, and it won't be enforced in the UK IMO.

    the irony is that there are much bigger privacy and security concerns than cookies. It is just the legislators have no clue about them.

    grep is your friend.

  • 422422 Developer MVP

    They are using scare tactics of up to fifty grand fines...

    There was an error rendering this rich post.

  • Besides it much easier to get browser to warn people, which is what they shoudl be doing, since they accept the cookies, and handle storage on the user behalf.

    At the end of the day people need to stop begin idiots and actually take responsibility for themselves for once.

    grep is your friend.

  • 422422 Developer MVP

    Wont be long before the EU is taxing you on your cookies.

    There was an error rendering this rich post.

  • edited May 2012

    If it was my own personal site, I would not worry about it, the ICO got far richer companies to go after and if the government cant be brothered to sort out there own websites how can they expect private companies and individual to do it.

    However it a client site and they are demanding it be fixed and signed of by there legal person by the end of next week or certainly sometime in the near future.

    Hopefully the ICO will announce a further delay sometime this week, they have hinted at it. The bloke that lead the department statements certainly hinted that he does not intend to enforce the law in foreseeable future, my client just not willing to take the risk through.

    Thanks for the link 422, I will spend tomorrow sorting out my site. An if there is not already a wiki document/tutorial, I will type one up for the wiki.

  • I read nothing that said you have to warn them every visit. Please refer me to that.

    You have to warn them when the cookies are placed. In the case of the session cookies you can do that on sign in.

    I would disable, google analytics, etc, any third party ads, social media connections.

    The NoMobile cookie from my interpretation falls under an exemption, they select that state and it is the only way of maintaining, and it is for the sole purpose of maintaining the user preference. You could argue the session cookies fall under an exemption, being the only viable way to persist the session, but they need something to waste money on.

    The irony is that passing the sessionid via url is make more of a concern, becuase you can hijack through referrer. You could say if that page was cached that is storing. But how they going enforce this?

    vanilla statistics provides analytics sending to an external site without any persistent storage, instead it constantly send info. But none of that information is individualised.

    From facebook today I learn that an associate uses a chiropractor, I bet they had not clue that sort of information would be shared, and I don't even go on facebook . There are much bigger fish than just cookies.

    grep is your friend.

  • ToddTodd Chief Product Officer Vanilla Staff

    I think you just need to put information about what cookies are stored in your terms of service. If a user doesn't want cookies to be stored on their site then they can opt out of joining your site.

    If you also look at the actual government site they use google analytics. Looking at their privacy notice you'll notice they just list the cookies tracked and give you links to opt out.

    So it looks like you just need a page that lists the cookies you track and give a way to opt out.

  • actually the opt out system. was the old directive, the new directive is stronger than this according the their own information, just they don't follow their own advice. I think this would be useful information to cite when they try to prosecute.

    grep is your friend.

  • BTW if they opt out on session cookies, then there is no reason to cater to them, the EU directive can't force you to take on users you don't want.

    grep is your friend.

  • 422422 Developer MVP

    I think if they opt out, all text shouLd become comic sans and lots of animated gifs should display.

    There was an error rendering this rich post.

  • hbfhbf wiki guy? MVP

    422 said:
    I think if they opt out, all text shouLd become comic sans and lots of animated gifs should display.


Sign In or Register to comment.