The EU Cookie Directive (
Directive 2009/136/EC) is an amendment of the
Directive 2002/58/EC, which concerns the protection of data and privacy on the web. The Article 5.3 states the following on the use of cookies:
Member States shall ensure that the storing of information, or the gaining of access to information already stored, in the terminal equipment of a subscriber or user is only allowed on condition that the subscriber or user concerned has given his or her consent, having been provided with clear and comprehensive information, in accordance with Directive 95/46/EC, inter alia, about the purposes of the processing. This shall not prevent any technical storage or access for the sole purpose of carrying out the transmission of a communication over an electronic communications network, or as strictly necessary in order for the provider of an information society service explicitly requested by the subscriber or user to provide the service.;
The new UK law based on the above Directive will become effective from tomorrow. As a live example, check out the
ico.gov.uk which displays a top banner asking for allowing cookies.
It's clear that the cookies used by CPG don't fall under the category of "strictly necessary" expect the login status. Settings options in a cookie, like album sortings, toggling of picture's info box, language,etc need a consent from the user. As of now CPG doesn't not ask my permission to set a cookie and is thus illegal in the EU.
Fixing this bug (I consider legal issues as bugs and not feature requests):
Investigate whether a cookie is really needed for non-login status related features, if:
- yes: need to add, as a core feature/plugin, a way to ask user's permission for the cookies
- not: limit the cookie to the login status only
Until this bug is fixed I need to ask my site's visitors' permission for the cookies just because of CPG, as all other software on my site is fixed or in the process of being fixed.
This Directive is a nightmare for web developers but the law is the law.