User Tools

Site Tools


cookies:start

Cookie Statutory Obligations


Relaxation of Cookies Implied Consent.
UTM Tags simple explanation
Here's the Urchin FAQ - it has been discontinued in deferrence to Google Analytics.Yup!
Google Analytics explain their use of Cookies, what cookies are set, How to audit what cookies have been set, viz:

Doing an audit

Inspect the cookies via your browser's menu

Firefox on Windows

Select Tools → Options from the menu and click on the Show Cookies button to see a listing of all cookies set on your browser, by domain.

Firefox on Linux

Edit→Preferences→Privacy→Remove individual cookies, will give you the same listing.

Once you select a domain from the list, click on a cookie by name to see its attribute settings. If you frequently visit various Google properties, try selecting google.com from the domain listing.
See also: Tracking Code: Domains and Directories

Where are they stored?

Windows

Cookies on WinPCs are stored somewhere like C:\Documents and Settings\YOUR USER NAME\Application Data\Microsoft\Internet Explorer

Linux

LINUX it's a bit more complex for Firefox: In somewhere similar to (it varies in Linux) /home/<username>/.mozilla/firefox/6o7qsizr.default/ you will find the DB file cookies.sqlite
Read it with SQlite Manager Add-on Directory→Select Profile Database Drop-down→Cookies.sqlite, Then..
go to “Execute SQL” tab and enter the SQL SELECT * FROM moz_cookies;
Result is nicely formatted.
For command-line, Linux systems also generally have sqlite3 installed - but you will have to read its helpfile to figure out what to do with it. Something like:
sqlite3 cookies.sqlite .table then select * from moz_cookies > cookies.txt which didn't work for me - I think my sqlite version wsa too old.

Suggested Method 1

Thus, set up a virtual Linux machine with Firefox and the latest version of SQLlite Manager - surf your website comprehensively, then examine the resultant cookie table - you will have a listing of all the cookies which you can export in CSV (Excel) format if required. NB - they have introduced an “implied consent clause into the legislation.
Result - An Excel sheet with the results of the first 38 sites visited

Suggested Method 2

I am still working on this - using libCURL to automate the website traversal - i.e. write a spider that records the cookies in a format of your choice.
This is a “Don't hold your breath” scenario.

Even more on UTM
More on Urchin Tracking Module (UTM)
LiveHttpHeaders - a handy add-on for Firefox.
Logging Cookies in Apache.
Thoughts about cookies - Brian Kelly's Blog “UK Web Focus”
<div style="position:absolute; left:430px;">

The Law

</div>
Precedent on Cookie Law
DIRECTIVE 2009/136/EC OF THE EUROPEAN PARLIAMENT
AND OF THE COUNCIL of 25 November 2009
<div style="width:400px; font-weight:bold; margin-bottom:30px;">amending Directive 2002/22/EC on universal service and users' rights relating to electronic communications networks and services, Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector and Regulation (EC) No 2006/2004 on cooperation between national authorities responsible for the enforcement of consumer protection laws.**</div> <div style="position:relative; left:50px; width:400px; font-weight:bold;" >Item(66)</div> <div style="position:relative; left:50px; width:350px; padding-bottom: 8px; border-bottom: solid 1px black;">Third parties may wish to store information on the equipment of a user, or gain access to information already stored, for a number of purposes, ranging from the legitimate (such as certain types of cookies) to those involving unwarranted intrusion into the private sphere (such as spyware or viruses). It is therefore of paramount importance that users be provided with clear and comprehensive information when engaging in any activity which could result in such storage or gaining of access. The methods of providing information and offering the right to refuse should be as user-friendly as possible. Exceptions to the obligation to provide information and offer the right to refuse should be limited to those situations where the technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user. Where it is technically possible and effective, in accordance with the relevant provisions of Directive 95/46/EC, the user's consent to processing may be expressed by using the appropriate settings of a browser or other application. The enforcement of these requirements should be made more effective by way of enhanced powers granted to the relevant national authorities.</div>

Information Commissioner's Office Response With the EU e-Privacy Directive's compliance 'deadline' just a month away, many businesses are wondering not only what they should do about it, but also how the law will be enforced by the ICO. Some good comments after the article
Number 10 - Cookies in simple language.
Cookie permissions widget.
JISC Article on requirements
Internet Advertising Bureau UK Is a good working example of what a privacay policy should cover.
(PDF) International Chamber of Commerce Recommendations
Social Networking Cookies example
Cookie Declaration and Privacy Policy This is comprhensive form the Association of Online Publishers.
Twitter Privacy Statement.


From Edinburgh Uni.

We've been monitoring the whole situation since last year but didn't
do an awful lot in 2011 because everything still seemed so woolly.
These are the things we've been up to since February:

*	Significantly enhanced information on website privacy and cookies,
	including a revised privacy policy developed and ratified by
	University lawyers
*	Cookies list created for Polopoly-driven website with processes put
	in place for ongoing management and upkeep.
*	Scoping of consent mechanism for Polopoly-driven website outlined,
	consulted on with the user group, and estimated for development.
*	Strategy for removal of all privacy invasive cookies from the
	Polopoly-driven website, replacing functionality where possible.
*	An initial audit of the ed.ac.uk domain running to around 220,000
	web pages with the 20,000 cookies found made available to the
	University via a search interface.
*	A deeper audit of the Polopoly-driven website (pages in the form
	www.ed.ac.uk/something) identifying cookies placed by 3rd parties.
	o	Ongoing 6 monthly audits scheduled.
*	Guidance to all web managers on compliance with the legislation,
	including full details of plans for the Polopoly-driven website,
	progress updates and ongoing amendments as greater clarity emerged
	o	Distributed to all relevant web and tech email communities, and to
	all heads of schools and units and their senior administrators (390
	unique views of the guidance from initial emails sent in early
	March).


Polopoly is our centrally supported CMS used by about 600 people
across 80ish units. There is a template available which basically
allows HTML to be pasted in and then integrated into other pages. Lots
of people have used this to pull in You Tube videos, Twitter feeds
etc. These third party integrations have turned out to be our highest
risk area - we've been inadvertently placing privacy invasive cookies
on behalf of all these "free" service providers. Turns out nothing's
ever really free... ;)

Cheers

N

*********************************
Neil Allison
University Website Programme
The University of Edinburgh

Edinburgh University are being draconian and pulling uneccessary cookies.
I like BBC Solution
Off topic As an interesting aside - recently passed Eu legislation - You cannot copyright computer functionality or languages.
See: the Law.

cookies/start.txt · Last modified: 2020/04/08 00:22 (external edit)