[RFC] Cookie notice

Note: We are moving the topics of this forum and it will be deleted at some point

Publish your own request for comments/change or patches for the next version of phpBB. Discuss the contributions and proposals of others. Upcoming releases are 3.2/Rhea and 3.3.
User avatar
imkingdavid
Registered User
Posts: 1050
Joined: Thu Jul 30, 2009 12:06 pm

[RFC] Cookie notice

Post by imkingdavid »

Due to the recent proposed laws from various countries that aim to further restrict the placement of cookies, I think it would be a good idea to be safe and display a cookie notice somewhere not too obtrusive, and allow it to be hidden using a combination of jQuery and (you guessed it) a cookie. Basically, we just need to let the user know that for best performance, the board will need to place one or more cookies on their computer in order to store session data.

Something like this, perhaps?
This board uses cookies to store session data and to improve your user experience. Your continued use of this board grants permission for such cookies to be stored on your computer. Cookies created by this board can be cleared at any time by clicking "Delete all board cookies" in the board footer. If you do not wish to allow websites to place cookies on your computer, you may disable them in your web browser. Cookies placed by this board are not used for tracking your web browsing habits or any other malicious purpose. To hide this message, click the X (hiding this uses a cookie as well).
Having not read all of the different laws from all of the different countries, I am not sure to what extent this satisfies the legal requirement, but I think it is a step in the right direction. Thoughts?
I do custom MODs. PM for a quote!
View My: MODs | Portfolio
Please do NOT contact for support via PM or email.
Remember, the enemy's gate is down.

User avatar
MichaelC
Development Team
Development Team
Posts: 889
Joined: Thu Jan 28, 2010 6:29 pm

Re: [RFC] Cookie notice

Post by MichaelC »

This seems to be what the major websites are doing and seems to satisfy most laws.

The website team would be willing to develop this.
Formerly known as Unknown Bliss
psoTFX wrote: I went with Olympus because as I said to the teams ... "It's been one hell of a hill to climb"
No unsolicited PMs please except for quotes.

User avatar
EXreaction
Registered User
Posts: 1555
Joined: Sat Sep 10, 2005 2:15 am

Re: [RFC] Cookie notice

Post by EXreaction »

Please make it an option configurable in the ACP (to display/not display the message)

User avatar
MichaelC
Development Team
Development Team
Posts: 889
Joined: Thu Jan 28, 2010 6:29 pm

Re: [RFC] Cookie notice

Post by MichaelC »

Like COPPA?
Formerly known as Unknown Bliss
psoTFX wrote: I went with Olympus because as I said to the teams ... "It's been one hell of a hill to climb"
No unsolicited PMs please except for quotes.

User avatar
EXreaction
Registered User
Posts: 1555
Joined: Sat Sep 10, 2005 2:15 am

Re: [RFC] Cookie notice

Post by EXreaction »

Yes

User avatar
callumacrae
Former Team Member
Posts: 1046
Joined: Tue Apr 27, 2010 9:37 am
Location: England
Contact:

Re: [RFC] Cookie notice

Post by callumacrae »

If it is going to be that invasive and long, please have this option disabled by default.
Made by developers, for developers!
My blog

User avatar
EXreaction
Registered User
Posts: 1555
Joined: Sat Sep 10, 2005 2:15 am

Re: [RFC] Cookie notice

Post by EXreaction »

Yes, like COPPA settings, it should be disabled as it is specific to certain countries.

User avatar
Pony99CA
Registered User
Posts: 986
Joined: Sun Feb 08, 2009 2:35 am
Location: Hollister, CA
Contact:

Re: [RFC] Cookie notice

Post by Pony99CA »

Being "unobtrusive" might not satisfy the European law that prompted this; it's supposed to be obvious.

Also, remember that it doesn't apply just to cookies but to any files stored on the users PC not necessary for basic site functioning. That would include Flash cookies (I know, phpBB doesn't use those) and any other garbage that might be downloaded (I hope that doesn't include CSS and JavaScript :D).

It also might apply to other places your site loads files from, so it would be good if there was a place to list other files from third-party sites (or include those sites' cookie messages).

Here's one of the first topics that I saw discussing this: phpBB and the EU cookie law - the cookie opt-in regulation

And, yes, it should be disabled by default like COPPA.

Steve

P.S. Should we tie in something for the German "impressum" law (maybe in a new Legal settings page)?
Silicon Valley Pocket PC (http://www.svpocketpc.com)
Creator of manage_bots and spoof_user (ask me)
Need hosting for a small forum with full cPanel & MySQL access? Contact me or PM me.

User avatar
callumacrae
Former Team Member
Posts: 1046
Joined: Tue Apr 27, 2010 9:37 am
Location: England
Contact:

Re: [RFC] Cookie notice

Post by callumacrae »

It satisfies the laws (at least, it does in the UK), according to the lawyer of the UK-based company I am doing work for right now :-)
Made by developers, for developers!
My blog

Senky
Extension Customisations
Extension Customisations
Posts: 315
Joined: Thu Jul 16, 2009 4:41 pm

Re: [RFC] Cookie notice

Post by Senky »

+1, also for dsiabled by default, but I would recommend adding this option also to installation process (you know, a lot of boards are located in EU ...).

Post Reply