Feedback needed - Cookie law
There are some new laws about user privacy out there that make all our lives a little more complicated. We would like to cover that somehow so we need to hear your expertise on it ...
From May 26th, there is a new law in the UK that says:
"the website owners need to get consent in order to store or access information (including cookies) on users’ computers – unless the cookie is strictly necessary to provide a service requested by the user"
This seems quite general so we are not sure how to handle that so it is feasible to everyone.
State of Kentico CMS
We clearly have some cookies that are required to provide the service, such as preferred culture, authentication and session cookies, and some other that are used to control the admin UI context. We do not see any problems with these.
On the other hand, we have some cookies that are not neccessary to provide the service and serve more to track users and maintain web analytics of the web site and will also track contacts in our new Online marketing solution. These are probably the ones that this law targets. Also, it for sure targets the "hacks" that identify users through other storages such as flash.
Here you can find the list of cookies that are currently used:
Cookies in Kentico CMS
The thing is it may be different in each country (and in some countries we see this law being discussed or planned). So we need to hear your stories and thoughs on how we can help you provide something that would give you the power to fight this, and easily allow users to provide their consent.
Our current thoughs
Here is one solution that we could imagine:
There would be a system setting whether the users need to confirm cookies or not (if disabled, then all users will have cookies (the extra ones for tracking and personalization) automatically enabled.
We would provide a web part „Confirm cookies“, that would popup a dialog where a user chooses whether or not he or she accepts the cookies. This dialog would be displayed on their first visit to the site and store the decision into a cookie (this one can be considered as one that is neccesary to provide the service). Also, authenticated users could change this setting in their profile.
Anonymous users with cookies disabled in their browser would not get this dialog at all.
Now your feedback is required
Let us know via comments what are the plans around this law in your country, how strict the law will be, and what would be the ideal solution that you would like to have on your websites in case you need to obey those laws.
Looking forward to your feedback ...