Menu
I am just looking for some advice on the new UK Cookie Law and how it affects PHP sessions. I understand that you do not need the users to opt in when a cookie is "strictly necessary" and the example given is adding an item to a shopping cart.
I am using similar functionality that remembers what you have stored in a contact form, which I feel is strictly necessary use of a session and therefore no opt in is required.
However the confusion for me arises because I have a session_start(); at the top of each page, which means the cookie is set straight away. Some users will not then go to use the contact form, so this means that the cookie is not strictly necessary for them.
I could remove session_start(); from the top of each page, but this functionality is used throughout a number of websites and it would be preferable if we could leave it in.
Could anyone shed any more light on this?
399
Therefore, session cookies are GDPR compliant. Strictly necessary cookies are essential to navigate a website and use its features and functionalities. Without them, you wouldn't be able to use basic services like logging in on a website or adding items to a shopping cart etc.
Yes. Although cookies that process personal data give rise to greater privacy and security risks than those that process anonymous data, PECR apply to all cookies. If your cookie data is not anonymous, note that you will also need to comply with the Data Protection Act and the UK GDPR.
Yes, if your website uses cookies. GDPR and most other privacy laws require that you disclose to visitors what information you collect from them, such as their personal data and what you do with this information. If you use cookies to collect data from your site users, then you must have a cookie policy.
A cookie is often used to identify a user. A cookie is a small file that the server embeds on the user's computer. Each time the same computer requests a page with a browser, it will send the cookie too. With PHP, you can both create and retrieve cookie values.
The simple answer is that you're probably going to be okay, the extent to which this law will even be enforced is massively up for debate anyway.
We will enforce the law proportionately. We’ll look at the risks if and when customers complain to us. If a websites’ cookie and privacy is a risk to many people, we may then take action.
There is a balance to be struck though, as not all cookies are equal, and our enforcement approach will bear this in mind.
For example, someone may complain about a cookie placed without their consent, but if it was just used to remember essential details rather than to gather information to be used for marketing purposes, then it may not be appropriate to act.
(Source: The ICO's Dave Evans on EU cookie law compliance)
135
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
