Forums

Home » Liferay Portal » English » 2. Using Liferay » General

Combination View Flat View Tree View
Threads [ Previous | Next ]
toggle
Roger Thomas
EU Cookie rules
September 11, 2012 9:18 AM
Answer

Roger Thomas

Rank: New Member

Posts: 11

Join Date: August 29, 2012

Recent Posts

Because of rules in the EU, web sites that target EU based users must allow the user to be able to opt out of the use of all or some of the cookies that maybe used by a site.

This video show how one vender has gone about the process, and shows the complexity involved.

http://www.youtube.com/watch?v=ccSMykN2qsI&feature=fvwp&NR=1

Is there anything in the works to add user level controls to the liferay platform? As I understand liferay it currently uses session based cookies for it's basic framework which are not an issue under the rules (as far as I can tell).

The problem that needs to be addressed can be seen in the following text used by Liferay for it's privacy and cookies T&Cs

Third Party Cookies

The use of cookies by our service providers is not covered by our privacy statement. We do not have access or control over these cookies. Our service providers use session ID cookies to make it easier for you to navigate our site, in order for you to use the shopping cart and to collect non-personally identifiable information about your activities on this Web Site.


Such things as Google Analytics generate cookies, which in the EU market can not be written out as the above text tries to do. Instead the Liferay engine would have to enable/disable Google Analytics Communities Portlet based on a user setting.


And if ayone whats to understand the current state of this law and it's value, this is a great video.

http://www.youtube.com/watch?v=loVjrNFJAik&NR=1
Mika Koivisto
RE: EU Cookie rules
September 11, 2012 4:04 PM
Answer

Mika Koivisto

LIFERAY STAFF

Rank: Liferay Legend

Posts: 1512

Join Date: August 7, 2006

Recent Posts

You can hook html/common/themes/top_js.jspf and add any logic you want to strip out the Google Analytics code. I for one have created a hook that doesn't add it to the page when the user is administrator as I don't want to track my own activities.
Roger Thomas
RE: EU Cookie rules
September 11, 2012 4:40 PM
Answer

Roger Thomas

Rank: New Member

Posts: 11

Join Date: August 29, 2012

Recent Posts

Google Analytics was just a simple example. These rules also cover the dropping in of the google adsense module and possibly many other items that can be added into a liferay driven site. Unless there is a central framework that can register both the user's choice (logged in and not logged in) regarding cookies and Liferay based modules that operate cookies there is no way that features can be dynamically displayed or removed based on their security selection.

To make the situation as clear as possible, if the liferay website has intergration with Google Analytics which involves cookies being placed on the end user's system, under this EU set of rules then the liferay site is in breach of the rules. If any of these were currently being enforced that would open Liferay up to a fine of no more that £500,000 in the UK. Even a simple poll that uses a cookie to track that someone/or a certain browser has voted needs to be something that the end user can disallow.

The whole thing is a stupid waste of everyone's time, but would anyone look at deploying a new project that can not be set up in such a way as to at least honour the idea of the rules - if not the miss-match of 'fine print' that makes up the rules.
Roger Thomas
RE: EU Cookie rules
January 4, 2013 6:35 AM
Answer

Roger Thomas

Rank: New Member

Posts: 11

Join Date: August 29, 2012

Recent Posts

Now that the Liferay site correctly handles the EEC rules regarding cookies, does this mean that there is work being done to make the Liferay portal more aware?