New EU rules and guidelines for websites and -shops in 2018

Post Reply
User avatar
Dutch Mountain
Posts: 1432
Joined: Wed May 12, 2010 5:20 pm

New EU rules and guidelines for websites and -shops in 2018

Post by Dutch Mountain » Sat Dec 02, 2017 1:07 pm

WORK TO DO ! On websites and webshops.

As of May 25 – 2018, all entrepreneurs, including freelancers and sole traders, have to comply with the new European rules on privacy through online media and data files.

The privacy on the Internet in all its forms is regulated through the EU-Privacy Directive, while the General Data Protection Regulation ( GDPR ) applies to the way data files are used and managed.

Full details in the last blog on my site ( News / blog page )
READ IT !
FIX IT !
BE PREPARED !
The fines on violation will be huge..........

peterswebsafety.com ( link on my profile page ).

User avatar
A440
Posts: 2287
Joined: Sat Nov 20, 2010 1:56 am

RE: New EU rules and guidelines for websites and -shops in 2018

Post by A440 » Sun Dec 03, 2017 2:07 am

Wow, this is news!. . . If you use cookies then it should be possible for the visitor to turn them off, after which he or she can still visit the website or webshop or use the app. Again, the exception for functional cookies applies. For websites and web shops this has to be done via a new and simple function in the browsers, which must be added by the browser developers. But if you use apps, you’ll have to adjust this yourself.

User avatar
Dutch Mountain
Posts: 1432
Joined: Wed May 12, 2010 5:20 pm

RE: New EU rules and guidelines for websites and -shops in 2018

Post by Dutch Mountain » Sun Dec 03, 2017 8:33 am


Wow, this is news!

Yeah, you're right. Work to do.
I've already implemented it on my 4 websites.
Better fixed, than wait until the last moment ( with the risk of forgetting it ).
peterswebsafety.com ( link on my profile page ).

User avatar
Myxt
Posts: 2010
Joined: Sat Mar 05, 2011 6:18 am

RE: New EU rules and guidelines for websites and -shops in 2018

Post by Myxt » Sun Dec 03, 2017 9:43 am

Does your website use cookies – and every webshop does that – then you are obliged to report it. This is NOT applicable for the so-called functional cookies that are necessary for the website or webshop to properly function. The cookies required for the general visit statistics are also excluded.

Without considerably honing this edge, I foresee clever tricksters making it into a 4-lane highway:
"Oh, yes! We totally need those cookies (that store all possible identifying data) to adjust the layout of our gotcha page."

User avatar
Dutch Mountain
Posts: 1432
Joined: Wed May 12, 2010 5:20 pm

RE: New EU rules and guidelines for websites and -shops in 2018

Post by Dutch Mountain » Mon Dec 04, 2017 7:02 pm


Without considerably honing this edge, I foresee clever tricksters making it into a 4-lane highway:
"Oh, yes! We totally need those cookies (that store all possible identifying data) to adjust the layout of our gotcha page."

In a later comment I've read that the national authorities have the obligation to control that.
If this is going to happen properly in all EU countries is something we can only hope.
Unfortunately some countries have a bad reputation in matters like this.
But when you're a "big player" and the EU itself puts you under a magnifying glass............

peterswebsafety.com ( link on my profile page ).

User avatar
Myxt
Posts: 2010
Joined: Sat Mar 05, 2011 6:18 am

RE: New EU rules and guidelines for websites and -shops in 2018

Post by Myxt » Wed Dec 06, 2017 8:13 am

The focus on cookies always seems excessive; they are static storage, not executable, and modern browsers readily offer to block or delete them per session. Of course cookies can store PII, but that can be directly transmitted anywhere without cookies. By contrast I've never seen this much emphasis upon methods such as, "You must inform visitors that you transmit their PII encoded in URL parameters", but it's one of the most common methods.

Example base64 chunks:
_http://pii.vacuum.con/?em=eW91ci5uYW1lQGhvdG1haWwuY29t&ph=KDEyMyktNDU2LTc4OTA&bd=MTk3Ny8wNC8wMQ
decode to:
_http://pii.vacuum.con/?em=your.name(at)hotmail.com&ph=(123)-456-7890&bd=1977/04/01

Sometimes they don't even bother to encode it:
_https://arstechnica.com/information-technology/2013/10/healthcare-gov-deferred-final-security-check-could-leak-personal-data/

Then there are the interstitial tracking sites that get pinged between what appear to be safe pages.

The best use of cookies is functional: to inform an app or page of how it should continue between sessions. If you want to steal data, there is no need to leave the evidence in plain sight in the victim's machine.

Site-rater
Posts: 2841
Joined: Tue Sep 15, 2009 7:48 pm

RE: New EU rules and guidelines for websites and -shops in 2018

Post by Site-rater » Sat Dec 09, 2017 5:56 am

It should be worth mentioning that when cookies are used on a non-HTTPS site their contents can be skimmed by anyone monitoring the connection. This is because cookies are transmitted with every HTTP request for the domain they are valid on.
By setting the "secure" flag it can hint to the web browser that it be sent only via HTTPS.

User avatar
Dutch Mountain
Posts: 1432
Joined: Wed May 12, 2010 5:20 pm

RE: New EU rules and guidelines for websites and -shops in 2018

Post by Dutch Mountain » Mon Dec 11, 2017 6:44 am


It should be worth mentioning that when cookies are used on a non-HTTPS site their contents can be skimmed by anyone monitoring the connection. This is because cookies are transmitted with every HTTP request for the domain they are valid on.
By setting the "secure" flag it can hint to the web browser that it be sent only via HTTPS.


One of the reasons to change to HTTPS in stead of HTTP.
Note : Another one is that Google and other search engines prefer HTTPS websites and rank them higher.
And that trend is a good contribution to internet safety. Just a thought........
peterswebsafety.com ( link on my profile page ).

User avatar
Dutch Mountain
Posts: 1432
Joined: Wed May 12, 2010 5:20 pm

Re: New EU rules and guidelines for websites and -shops in 2018

Post by Dutch Mountain » Sun Feb 04, 2018 8:37 pm

Last news :
1 - These EU rules are a follow up of domestic French and German rules on privacy, which are already strict.
The EU now wants to create a European standard, applicable in all nations.
That has advantages in Easten and Southern Europe where nowadays rules aren't available or hardly controlled.

2 - The fines will be adjusted to the size of a company.
Data collectors like Facebook, Google, Microsoft and such can expect huge fines when breaking the rules.
The local soccer or whiskey tasting club may only be warned or receive a small punishment.

But one thing is sure..... from big to small, everyone is involved in a way and has to commit to the new rules.
And btw not only on the www, but e.g. a sportsclub has to destroy data of a member when that one ends his/her membership.
For webshops this means a big change and an awful lot of work.
peterswebsafety.com ( link on my profile page ).

Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest