Hi Rick,

We use cookies only for login and roles (which can be considered part of login). According to the article you posted this is ok:

The law allows an exception for "strictly necessary" cookies, such as those used to remember when something has been added to a shopping basket. These cookies would be expected by the user implicitly for the action they requested to be carried out. Another example would be login.

The article also state that the law only applies to organizations that have a business presence in the legal jurisdiction of the EU.

Unless you are using cookies for other purposes in custom features I would say that organizations using mojoPortal will be in compliance with the law.

The only things that might bear further scrutiny is 3rd party services that may also set cookies, google ads may use cookies I'm not sure. The add this button does use cookies so people may have to choose not to use that. Facebook like button requires users to be logged into facebook to like something, that requires a cookie I'm sure but also falls into the login category that is allowed without a prompt.

The coming release of mojoPortal will also have a new feature for putting extra content on the login page so the overzealous worriers could put a message there indicating that logging in does require use of cookies.

Best,

Joe

Hey Joe,

From this article it sounds like it may be sufficient to just have an information page and not prompt for consent for analytics.

I think this prompt will be very onerous for user experience and if one really has to do that maybe its better not to use Analytics at all and just use some other tool to measure traffic using server log analysis. Most users are going to say no if you prompt them and the majority won't understand what you are asking for and probably it will cause a large percent of vistors to just leave your site when you prompt them for something that they don't even understand.

I'm glad I'm not in the EU but if I was and I believed the only way to be in compliance was to prompt I would opt to not use Google Analytics and look into buying something for traffic analysis using server logs. It would be a real shame to lose the use of Google analytics but better than than losing visitors.

There is also some irony in that if you do prompt you are going to need to store the response in a cookie so you don't have to prompt again on every request, so I guess you have to also mention that cookie in the prompt.

Anyway that is just more food for thought on this issue.

Best,

Joe

I admit their prompt is unobtrusive in that it isn't a popup and the message is not scary but it takes up a good deal of real estate in their design and I bet less than 10% of people will click to agree to it making GA basically worthless and given the small percent that will likely opt in I think I would just live without GA for the small percent of traffic that I could track by having this prompt taking up so much prominent screen real estate. I think other than a few orgs like ones that deal with government most eu sites are going to ignore this law (at least in terms of analytics) and wait and see if they ever get a warning. This law puts sites that comply with it at a competitive disadvantage.

But then as browsers provide do not track mechanisms that GA will honor, GA may become less and less useful to all of us to the extent that people enable do not track and log file analysis is probably going to be the best solution again as it once was. It is a shame though.

Best,

Joe