Hacker News new | ask | show | jobs
by deadbadger 5576 days ago
From para 66 of the Directive ( http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2... ):

"Exceptions to the obligation to provide information and offer the right to refuse should be limited to those situations where the technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user."

I would take this to mean that session cookies, shopping cart cookies and wotnot are exempted. But I'm a coder, not a lawyer, so pinch of salt 'n all that.

Edit: in fact reading it more closely, it would appear that this statement merely places a restriction on exemptions that individual nations implementing the Directive might carve out. If they make exceptions, they must be limited to the situations described, but they don't have to exempt all such uses. Which is a less-than-comforting thought.
1 comments
ZoFreX 5576 days ago
Paragraph 66 in full:

Third parties may wish to store information on the equip­ ment of a user, or gain access to information already stored, for a number of purposes, ranging from the legiti­ mate (such as certain types of cookies) to those involving unwarranted intrusion into the private sphere (such as spy­ ware or  viruses). It is therefore of paramount importance that users be provided with clear and comprehensive infor­ mation when engaging in any activity which could result in such storage or gaining of access. The methods of pro­ viding information and offering the right to refuse should be as user-friendly as possible. Exceptions to the obligation to provide information and offer the right to refuse should be limited to those situations where the technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user. Where it is technically possible and effective, in accordance with the relevant provisions of Directive 95/46/EC, the user’s consent to processing may be expressed by using the appropriate settings of a browser or other application. The enforcement of these require­ ments should be made more effective by way of enhanced powers granted to the relevant national authorities.

(apologies for linebreaks, PDF copy/paste fail)

This isn't nearly as bad as what the BBC are saying. In fact this seems perfectly reasonable.

link