6

I have a web site to do with alcohol that needs to verify the age before letting them on to the web site. I do this with a HttpModule that checks for a cookie and if not set I redirect them to the validation page. I validate their age and store a cookie containing a boolean to whether they have been validated or not.

How would this fit into the cookie law, as I cannot find any examples like this out there?

Do I still need to get consent to store the cookie or is this kind of thing exempt?

I've done searches, I cannot find any thing that answers this sort of thing.

Thanks

Rob Levine
  • 40,328
  • 13
  • 85
  • 111
Base33
  • 3,167
  • 2
  • 27
  • 31
  • What cookie law is that? Do you have any links? I don't remember anyone ever asking for my consent to set cookies... – Thilo Mar 28 '12 at 11:34
  • Take a look. I can't seem to find examples of where this sort of thing is exempt. I know certain service cookies are exempt. Such a complex issue http://www.cookielaw.org/ – Base33 Mar 28 '12 at 11:37
  • 1
    @Thilo - this is an EU thing. Basically the EU Cookie Directive places some pretty heavy restrictions on how you can use cookies without first obtaining explicit consent. Each member state will implement the directive with their own laws and guidelines. For instance, although the directive came into force last year - the UK government have made it clear they won't enforce it until later this year and have released their own set of guidelines. – Rob Levine Mar 28 '12 at 12:22
  • @RobLevine: This really belongs on [Web Masters](http://webmasters.StackExchange.com), it's not really on-topic for SO. – Zhaph - Ben Duguid Apr 03 '12 at 14:15

1 Answers1

5

Taken from this guidelines PDF linked on this page from the UK Information commissions office...

There is an exception to the requirement to provide information about cookies and obtain consent where the use of the cookie is:

(a) for the sole purpose of carrying out the transmission of a communication over an electronic communications network; or

(b) where such storage or access is strictly necessary for the provision of an information society service requested by the subscriber or user.

I think your case would fall under (b) but this is of course open to interpretation.

Fishcake
  • 10,496
  • 7
  • 44
  • 72
  • Thats a very good point. But definately agree, it's down to interpretation until we start to see web sites getting prosecuted. – Base33 Mar 28 '12 at 14:14