ICO.gov (click on continue without agreeing to cookies)

Argh!<p>99% of people have no clue what a "cookie" is used for and just hear that it is "evil" and such. At the same time, these same people have no problem exhibiting themselves of Facebook or tracking their positions on Foursquare.<p>@gov: Just make something like this (<a href="http://www.networkadvertising.org/" rel="nofollow">http://www.networkadvertising.org/</a> &#62; "Conumer opt-out") legally binding for tracking networks (not for individual web sites!) and the whole "Cookie" paranoia is solved.

In their privacy policy they list the cookie that 'Is essential for their site to function'<p>"Essential site cookie|ASP.NET_SessionId|This cookie is essential for the online notification form to operate and is set upon your arrival to the ICO site. This cookie is deleted when you close your browser."<p>They also say that they've left it there because: "as we’re unable to remove it from one part of the site without affecting another"<p>So apparently incompetence is an excuse for leaving cookies in place. Problem solved!

websites had that coming for a long time.<p>It's a common industry pattern to overdo things and then get regulated.<p>take e.g german gas stations, they went from adjusting their prices occasionally (e.g. when the oil price changed) to price changes several times per day in order to gouge the most out of the customers. Now, they will get regulated and only be allowed to change their price once per day... they basically asked for it.<p>Same for international roaming fees in Europe, from insane to regulated..<p>Cookies were used to tracks people's shopping carts and that was fine, same for a site to recognize you. Nowadays they are used to identify and track you in global ad networks etc.. again, asking for it..

That's the same site that paid £585 for their favicon <a href="http://news.ycombinator.com/item?id=2175321" rel="nofollow">http://news.ycombinator.com/item?id=2175321</a>

From the linked page:<p>&#62; Currently our website contains one cookie that we do not use, but is essential for part of the site to operate. At present we have left this in place across the site, as we’re unable to remove it from one part of the site without affecting another. This session cookie is set on a user’s arrival to the site - at which time they’re informed that the cookie has been set - and is deleted when a user leaves the site.<p>I'm fairly sure the advice from the ICO that I read earlier was quite blunt about cookies that were not strictly necessary: you can't set them without consent just for your own convenience.<p>There is a silly box at the top of their page that asks you to accept cookies and tells you off if you click "Continue" without doing so, which seems entirely contrary to the principle of this new law to me, before you even get to this mysterious cookie they apparently set anyway.

Unfortunately this is another case of throwing the baby out with the bathwater, and incidentally not really solving the problem.<p>Firstly there are various kinds of cookies. There are ones that are stored on your hard-disk, and others which exist only in memory (for the life of the browser instance.)<p>There are ones used for marketing and tracking purposes, and others (notably session cookies) that allow the server to track the "state" - thus allowing for "web apps" as much as web-pages.<p>So their idea is to just "ban cookies". Or, as they have done, get all sites to have a "allow cookies" switch. Don't turn that on? well then you can't use any part of the site. And if you do turn it on, it's "all or nothing" - I can't allow say _just_ the session cookie, while banning the tracking cookies?<p>As to the possibility of enforcing this? Let's not even go there...

I'm so not looking forward to seeing jsessionid in my urls again.

I really want to know what there jurisdiction and who this effecting.<p>Does this apply to all EU traffic?<p>OR does this only apply to websites hosted within the EU?<p>OR does only apply to EU companies?<p>Plus how on earth do they plan to enforce this?

Couldn't a site just declare a single session ID as essential, and store everything else server side? Or is the problem that you usually don't keep server side session data indefinitely? I suppose you couldn't use client side JavaScript on your cookies in that case either.<p>Does this apply to HTML5 localstorage too?

This is exactly why we are currently cutting back on bloated Government departments in the UK. I can see this being repealed in 12 months, it's a ridiculous, unenforceable law.

If you block cookies on that website you don't see the message.<p>If you don't click 'accept cookies' or 'continue' but simply browse the site, you've apparently accepted some cookies.

Okay, so I don't really use cookies ever, the only one I use is for the PHP Session Identifier. Is this going to be allowed? D:<p>I'm guessing that it will be because ICO is allowed..

The Internet is a really big part of our current society; the concern of a lot of people. You'd expect that the advisory board of decision-makers of such important things would consist of the smartest and most knowledgable persons available - the persons who invented the web, the persons who are making it work and who are taking it forward.<p>I haven't done any research. Does anyone know who gives these guys advice?

"unless the cookie is strictly necessary to provide a service requested by the user"<p>Isn't this open to some interpretation? Seems like a pretty wide loop hole. Seems that this will allow a site to set/read it's own cookies no problem. Third-party ad-networks and trackers though, yeah, they would not fall within this definition I think. And isn't that a good thing?

But why? "[tick] I accept cookies from this site... what is a cookie?" a user may ask.

How do they check if you have cookies enabled without setting one? Aren't they breaking the law in the process?

Imagine millions of websites greeting you with a cookie acceptance dialog ...

unfortunately, that's not the regular clueless legislator.<p>That's an example of the shift of power happening in the web.<p>Remember when you started using firefox because of all the options and "about:config"?<p>Now, remember how you ditched it for Chrome, but have to start firefox to be able to use crazedlist.org because to disable cross-site referrer on chrome you have to recompile it? (they even removed the command line option!)<p>In a few chrome versions (what happens every 15min), I doubt you will be able to disable cookies.