MyBB Community Forums

Well with the new EU law about cookies becoming in effect in about 3 days (on the 26th ) i thought, after the discussion in General support, it might be a good idea to change the way the cookies work for guest.

What i mean by this is change them so that you ask users to agree to letting you set cookies for them similar to how

http://www.ico.gov.uk/

Does this looking at the bar that is at the top of the page:



Which means , if a guest visits your page he doesnt instantly get a cookie anymore but instead has the option to not use them. While browsing your site as guest.

The moment this person would register it should be crystal clear in the registration thing that cookies are going to be used. With a link to for example a new help document detailing exactly what each and every one of these cookies does.

While it states that only non technical and non mandatory cookies have to be listed. I still think it might be a good idea to add an option for users or in this case Guest to not allow cookies. And adjust the registration message to be up to par with providing information about every Cookie MyBB uses.

Good example is this as template:

http://www.ico.gov.uk/Global/privacy_statement.aspx

I disagree actually. US-based sites don't really need this by my understanding. But I could be wrong.

I'm not against the idea because EU admins will need something like this. Although, as Josh H said, sites in the US (or outside of EU for that matter) won't need to do this at all.

Also, the law came into affect last year on May 26th.

This is up to forum admins, not the software.

(2012-05-23, 01:34 AM)Solidus Wrote: [ -> ]This is up to forum admins, not the software.

I have a huge problem with this argument. Because then you need to by default include a plugin in the package that does this for you.

In some form or shape. Since its a law not just some recommendation honestly..

Quote:I disagree actually. US-based sites don't really need this by my understanding. But I could be wrong.

While it might not be mandatory for US sites and all this doesnt take away the fact there are more people on this world then only in that country. I think there are quite a few people from the EU who all will be facing the same problem then. And if there isnt much information about it most wont even know/ bother with it.

Would it maybe then be an option (just like the hello world plugin/askimet) to have this included as a plugin in the default package of MyBB? if this even would be possible to be made into a plugin.

Quote:Also, the law came into affect last year on May 26th.

We officialy had a year to sort this out true. But from this 26th of may the law will be in full affect and everybody then had a year the time to sort everything out. Big companies are getting an exception like always but the rest isnt. For example i in the netherlands have untill the 1st of july to sort it out.

I understand that there are a large chunk of EU forums, but whatever needs to be added should not be an extra thing for an unaffected admin to need to do, you know?

The cookie thing is just plain intrusive for non-EU sites, IMO. Keep it simple.

I'll have to wait until some definitive answer arrives from my questions to the ICO but as far as the guidance goes you do not need to gain consent from users to add cookies by default. This is probably as near to official as it's going to get:

Quote:

• Regardless of where your site is hosted the European Commission (EC) requests that you offer the opportunity for EU visitors to opt in/out of receiving cookies
  
• No cookie set by MyBB contains any personally identifable information (neither un-encoded or encoded) and are essential for the software to function and therefore exempt from requiring opt in
  
• The only cookie that is technically not exempt is the guest forum/thread read tracking cookie; although again contains no personal information
  

The following are potential changes to MyBB:

• Creation of a generic privacy policy of which administrators can alter to ensure compliance to local law (and includes a list of all cookies MyBB could set on a connected device)
  
• Alterations to the registration message making it clear that cookies may be used other than to save login information (with a link to the privacy policy)
  
• A setting that disables lightbulbs for guests
  
• Make the forum/thread read cookie a session cookie (and therefore destroyed once the browser window closes)
  
• Making all cookies that do not set an expiry date (a persistant cookie) a session cookie
  

Please remember that if you place adverts on your website or use analytic services such as Google Analytics then you need to write a detailed privacy policy explaining such and that information gathered by these services may be shared across parties outside of your control. By default, MyBB cookies are not shared with any third parties.

Personally, this law is almost impractical to police across the internet. With the possible changes to MyBB the software will probably meet the minimum requirements.

The most important thing here is a clear, defined privacy policy that dictates the use of information. If you site does not have one - make one.

So for now Tom, I assume all we need to do is change:

• The registration agreements listing the "How we use cookies" along with a link to privacy policy of the site.
  
• Make a sophisticated and well defined privacy policy stating how we use information stored as cookies, terms can change anytime, we are in compliance with the new EU cookie law, etc?

That's it for now I assume?

Really, government these days are framing vigorous internet laws and minimizing what a website can do.

For now, updating (or creating) the privacy policy for your site should be your highest priority; especially if you have advertising or analytics. It should be enough to meet the bear minimum for the new laws. Adding it to the registration agreement will enforce it on new users but maybe an announcement or banner notifying current users of the changes would be good too.

MyBB 1.6.8 is due out soon so I will change the guest light bulbs to a session cookie for it.

This isn't really a place for political discussion; ultimately the law makers of the EU are trying to protect the privacy of the citizens of the group and we need to make sure our software helps users comply with that.

How long you assume till 1.6.8 is out?

Would be doing that.