Received: by 10.50.76.133 with SMTP id k5mr633602igw.2.1334827940147; Thu, 19 Apr 2012 02:32:20 -0700 (PDT) X-BeenThere: does-liverpool@googlegroups.com Received: by 10.231.80.134 with SMTP id t6ls2488433ibk.8.gmail; Thu, 19 Apr 2012 02:32:19 -0700 (PDT) Received: by 10.42.197.137 with SMTP id ek9mr655380icb.5.1334827939793; Thu, 19 Apr 2012 02:32:19 -0700 (PDT) Received: by 10.42.197.137 with SMTP id ek9mr655377icb.5.1334827939774; Thu, 19 Apr 2012 02:32:19 -0700 (PDT) Return-Path: Received: from mail-iy0-f175.google.com (mail-iy0-f175.google.com [209.85.210.175]) by gmr-mx.google.com with ESMTPS id t9si10386578igb.1.2012.04.19.02.32.18 (version=TLSv1/SSLv3 cipher=OTHER); Thu, 19 Apr 2012 02:32:18 -0700 (PDT) Received-SPF: neutral (google.com: 209.85.210.175 is neither permitted nor denied by best guess record for domain of a...@andy-powell.net) client-ip=209.85.210.175; Authentication-Results: gmr-mx.google.com; spf=neutral (google.com: 209.85.210.175 is neither permitted nor denied by best guess record for domain of a...@andy-powell.net) smtp.mail=a...@andy-powell.net Received: by mail-iy0-f175.google.com with SMTP id g37so12561927iaa.20 for ; Thu, 19 Apr 2012 02:32:18 -0700 (PDT) d=google.com; s=20120113; h=references:from:in-reply-to:mime-version:date:message-id:subject:to :content-type:x-gm-message-state; bh=uS1+jVjxBT0FKpD5lhWVJWsNhyA7XETw4obsvMpMwnU=; b=Szou1ZZyOIOOMwoc1CS+dg5Hj+IdqhV7hBkkwsb1omTyUwvGPec6MXpNnemqsRgf8A +kmlrfc1/lwd4zk/j6jAuaZdpYJrm5L2XBSM31OSMCcWxmVi9B9jP9yRgvIW75Tc0ieG ZBZf0jxYLFhZsyBCDcqlHxySqXHXNpWIIzojhR24H006feUE1h5eLhNENz8jIJ1hsPvv tzyPJ8dZLjqSeDyn2rnUcwmtyyZwRv5hZyJ6osN4q7gmiIX1TKRDUaMQ+L/vGslQPbpB BBJfpNc+9fFVjHyCF2aCzbyoooO1Au/QR3Szzohua0n8ifoT0bQ2mrLjbV3oY4Yoygiy c2vA== Received: by 10.50.191.200 with SMTP id ha8mr6724559igc.45.1334827938754; Thu, 19 Apr 2012 02:32:18 -0700 (PDT) References: <4F8EA7C4.1070...@gmail.com> <18838665.1191.1334779817444.JavaMail.geo-discussion-forums@vbvd13> From: Andy Powell In-Reply-To: Mime-Version: 1.0 (1.0) Date: Thu, 19 Apr 2012 10:32:15 +0100 Message-ID: <-5277527225820060650@unknownmsgid> Subject: Re: [DoES Liverpool] Re: google analytics and EU directive on cookies To: "does-liverpool@googlegroups.com" Content-Type: multipart/alternative; boundary=14dae9340fd92030e704be04d908 X-Gm-Message-State: ALoCoQmaBYLCtuwUEMaAwQEP4BJQ26UM3KFa4Olhy+uNF9lDbm5rSpcuSwxlle8p7jgU9ucfZOYV --14dae9340fd92030e704be04d908 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable I'm with Paul on this one, I've never heard of a site being prosecuted under the disability discrimination act or the company names act so I find it hard to imagine anything will come of this. Particularly with it being enforced by the ico, who in the main part take very little action against all but the most serious offenders. -- Regards Andy Powell Tel : 0151 3241007 | Mob :07904 765331 Skype : p0welly | Twitter : @p0welly On 19 Apr 2012, at 10:22, Paul Freeman wrote: Disclaimer: This shouldn't be taken as professional advice, but For now, I'm pretty much ignoring it to start with. Mostly I run some low traffic blogs and such, nothing that would constitue a business model, and I'm working on the basis that surely if I'm not complying with regulations and someone cares enough they have to issue some kind of first warning/notice and then I can fix it. I know it's stretching the interpretation, but I'd argue that Google Analytics can be essential. In particular I manage an e-commerce site for a client who uses Adwords, they *have* to know which customers are converting from which sources because it cost them money. Beyond that, I'm going to see what everyone else is doing, and how users respond. Currently the User Experience on sites implementing this is horrible, worse then early browsers that did ask before setting cookies the first time because each site does it differently. And above all, I don't believe the public at large are informed enough to understand what they are been asked and will confuse anonymous stats as some sort of personal interrogation and block them, and I really don't have the time to investigate server-side log analytics. If I was running a high profile site I'd address this more seriously, and for new sites I'll talk about it with clients, but for now I'm playing wait and see. On Wed, Apr 18, 2012 at 9:10 PM, Francis Davey wrote: > > > Le mercredi 18 avril 2012 12:38:44 UTC+1, Martin a =E9crit : > >> A lot of us are responsible for websites, and I assume quite a few of us >> are using google analytics to analyse visitors behaviour. >> >> You will be aware of the EU cookie laws that we will have to comply with >> very soon (some time in May this year). >> > Strictly speaking, in May last year, but the ICO has given everyone time > to work out what to do before starting to enforce. > > I am wondering what you are going to do about it? >> >> I was reading on a German google blog >> (http://conversionroom-de.**blogspot.co.uk/2011/09/** >> deutsche-datenschutzbehorden-**bestatigen.html) >> >> that they've come to an agreement with the German equivalent of the ICO >> that google analytics is compliant with the EU regulations if you follow >> these recommendations: >> >> - Mention in your Privacy Statement that you use google analytics (ga). >> - Implement the IP-Masking function that instructs ga not to store or >> process the full IP address of your users. >> - Explain in your data protection statement that it is possible to >> deactivate ga by using a browser add-on. >> >> I think these recommendations seem fair, are not too intrusive and won't >> require some inconvenient agreement to allow cookies for every visit. >> >> Yes. They seem to make sense. However, they may not strictly comply with > the directive or the regulations. Unfortunately for anyone who runs > websites, the regulations require consent if you want to store something = on > a visitor's computer unless that is strictly necessary for delivering you= r > service to them. Google analytics is, in most cases, quintessentially not > necessary. Useful to you, yes, necessary, alas no. > > So, that means that without express consent or some kind of yet to be > devised browser setting, you have to do things the hard way if you want t= o > strictly comply with the law. > > I advice my clients who want to do this to do what the ICO does: > > http://www.ico.gov.uk/ > http://www.ico.gov.uk/Global/privacy_statement.aspx > > Yes, its messy, but its also something that would be very easy to defend. > > Masking the IP address doesn't really help, although it might be relevant > to more general privacy law such as data protection. > > I think I will just add these recommendations to websites I maintain and >> hope that should be enough. >> >> What do others think? >> > Well, it depends what you are worried about. In practice most enforcement > activity is going to come from the ICO. If what you do doesn't upset the > regulator, then you may be safe. Even if you do something the regulator > thinks is wrong, if you are obviously making an effort and are not far ov= er > the line they may not take action other than telling you not to do it aga= in > - though there's no guarantee of that. > > I'd strongly recommend using something as clear as the ICO's explanation > of google analytics cookies on the ICO's site (and keep it up to date) > whatever you do. > > I realise this isn't welcome news and you might just decide to ignore it. > Almost everyone will, at least at first I expect. We shall wait and see > what the ICO actually does. > > Francis > >> --=20 -- Paul Freeman DoES Liverpool CIC --14dae9340fd92030e704be04d908 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable
I'm with Paul on this= one, I've never heard of a site being prosecuted under the disability = discrimination act or the company names act so I find it hard to imagine an= ything will come of this.

Particularly with it being enforced by the ico, who in = the main part take very little action against all but the most serious offe= nders.
=A0
--
=A0
Regards
=A0
Andy Powell
=A0
Tel : =A00151 324100= 7 | Mob :07904 765331
Skype : p0welly | Twitter : @p0welly
<= /div>

On 19 Apr 2012, at 10:22, Paul Freeman <p...@doesliverpool.com> wrote:

Disclaimer: This should= n't be taken as professional advice, but

For now, I&= #39;m pretty much ignoring it to start with.

Mostl= y I run some low traffic blogs and such, nothing that would constitue a bus= iness model, and I'm working on the basis that surely if I'm not=A0= complying=A0with regulations and someone cares enough they have to issue so= me kind of first warning/notice and then I can fix it.=A0

I know it's=A0stretching=A0the=A0interpretation, but I'd argue = that Google Analytics can be essential. In particular=A0I manage an e-comme= rce site for a client who uses Adwords, they *have* to know which customers= are converting from which sources because it cost them money.=A0

Beyond that, I'm going to see what everyone else is doing, and how = users respond. Currently the User Experience on sites=A0implementing=A0this= is horrible, worse then early browsers that did ask before setting cookies= the first time because each site does it differently. And above all, I don= 't believe the public at large are informed enough to understand what t= hey are been asked and will confuse anonymous stats as some sort of persona= l=A0interrogation and block them, and I really don't have the time to= =A0investigate=A0server-side=A0log analytics.

If I was running a high profile site I'd address th= is more seriously, and for new sites I'll talk about it with clients, b= ut for now I'm playing wait and see.

On Wed, Apr 18, 2012 at 9:10 PM, Francis Davey <fjm...@gmail.com> wrote:


Le mercredi 18 avril 2012 12:38:44 UTC+1, Martin a =E9crit=A0:
A lot of us are respon= sible for websites, and I assume quite a few of us
are using google analytics to analyse visitors behaviour.

You will be awa= re of the EU cookie laws that we will have to comply with
very soon (so= me time in May this year).

Strictly speaking, in= May last year, but the ICO has given everyone time to work out what to do = before starting to enforce.

I am wondering what you are going to do about it?

I was reading on a= German google blog
(http://conversionroom-de.<= u>blogspot.co.uk/2011/09/deutsche-datenschutzbehorden-bes= tatigen.html)
that they've come to an agreement with the German equivalent of the ICO=
that google analytics is compliant with the EU regulations if you foll= ow
these recommendations:

- Mention in your Privacy Statement tha= t you use google analytics (ga).
- Implement the IP-Masking function that instructs ga not to store or
p= rocess the full IP address of your users.
- Explain in your data protect= ion statement that it is possible to
deactivate ga by using a browser a= dd-on.

I think these recommendations seem fair, are not too intrusive and won&#= 39;t
require some inconvenient agreement to allow cookies for every vis= it.

Yes. They seem to make sense. However= , they may not strictly comply with the directive or the regulations. Unfor= tunately for anyone who runs websites, the regulations require consent if y= ou want to store something on a visitor's computer unless that is stric= tly necessary for delivering your service to them. Google analytics is, in = most cases, quintessentially not necessary. Useful to you, yes, necessary, = alas no.

So, that means that without express consent or some kin= d of yet to be devised browser setting, you have to do things the hard way = if you want to strictly comply with the law.

I advice my clients who want to do this to do what the ICO does:


Yes, its messy, but its also something that would= be very easy to defend.
=A0
Masking the IP address doe= sn't really help, although it might be relevant to more general privacy= law such as data protection.

I think I will just add these recommendations to websites I maintain and <= br> hope that should be enough.

What do others think?

Well, it depends what you are worried about. In practice most enfor= cement activity is going to come from the ICO. If what you do doesn't u= pset the regulator, then you may be safe. Even if you do something the regu= lator thinks is wrong, if you are obviously making an effort and are not fa= r over the line they may not take action other than telling you not to do i= t again - though there's no guarantee of that.

I'd strongly recommend using something as clear as = the ICO's explanation of google analytics cookies on the ICO's site= (and keep it up to date) whatever you do.

I reali= se this isn't welcome news and you might just decide to ignore it. Almo= st everyone will, at least at first I expect. We shall wait and see what th= e ICO actually does.

Francis=A0

=



--
--
Paul Freeman
=
DoES Liverpool CIC

--14dae9340fd92030e704be04d908--