Complying to the EU cookie law
Development and Programming
I think we will need some kind of EE specific module to handle this - theres 3 cookies that EE drops by default (as listed on our privacy policy http://moogaloo.com/privacy/#useofcookies) that I dont think can be turned off and none are essential (just basic user tracking for sessions / activity). There’s other non essential ones that can be set to do with commenting, 3rd party modules etc… But I have no way of preventing any of these. Something that can block cookies, even if just like the GA code using JS would be great, but it would need to be broad enough to catch all EE related cookies including 3rd party addons. I guess by default it would need to block any cookie starting exp_ and ideally have an exclude=”” parameter so essential cookies related to eCommerce for eg can be kept regardless of opt in/out. I’m not that person tho. I can’t write a line of JS or PHP to save my life!
There isn’t a way of globally blocking all cookies. You need to engineer application level cookies out from the top down. Someone in the EE community will know what to do…
Maybe this might help, in the short term at least: from the EE Control Panel go to Admin > Security and Privacy > Security and Sessions
Second item down is User Session Type which can be set to Cookie, Session ID or both. Haven’t tested if setting this to Session ID only stops EE writing all cookies and I’m too tired to look any more into it tonight but will report back after testing.
As far as I can see there’s nothing in the regulations that prevents site-functionality cookies from being used without user consent. The core functionality cookies aren’t used for tracking or data mining.
It’s useful to look at the interpretation info provided by the ICO for UK usage. Note pages 9&10;.
http://www.ico.gov.uk/for_organisations/privacy_and_electronic_communications/the_guide/~/media/documents/library/Privacy_and_electronic/Practical_application/guidance_on_the_new_cookies_regulations.ashx