On Mon, Mar 10, 2014 at 8:46 AM, Manuel Schneider < [email protected]> wrote:
> Dear all, > > not sure if this discussion already happens somewhere else, I couldn't > find it on MediaWiki.org or by googling. > > The issue at hand is: EU privacy policy 95/46/EG[1] allows usage of > cookies only if > * the user has been informed beforehand in detail > * the user has accepted the cookie > * this acceptance was given freely, without doubt and through by action > (This is the summary by the Article 29 Working Party issued in a Working > Document 02/2013[2] on October 2nd, 2013.) > > An example how this is being implemented can be seen on sourceforge.org > or here: > * http://ec.europa.eu/justice/cookies/index_en.htm > > I checked MediaWiki: > * anonymous users don't get a cookie, unless the site owner added > something (eg. Google Analytics, Piwik or content served by another site > using cookies) > -> this is fine > > * as soon as I click the "Login" button on the wiki, a cookie is being set > -> here we need to work, we need to ask first > > So I see two possibilities: > > 1) catch the click on the "Login" link to show a banner first to ask for > the users consent, on acceptance forward the user to the login page > > 2) modify the login process to set the cookie after the actual login and > put an additional text on the login page like "by logging in I accept > the usage of cookies by this website" > The cookie on the login page is for the anti-csrf (and captcha if needed) validation, so getting rid of it would be problematic from a technical perspective (or would require a second click on the login page). > -> as the login is an action which implies the consent, if we inform > properly on the login form already > > Any thoughts about this? > > This issue also concerns all our Wikimedia websites, basically every > MediaWiki out there where people may log into. > > The Austrian Communication Law (§ 96 Abs. 3 TKG) defines a penalty of > 37.000 EUR. > > /Manuel > > [1] > > http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31995L0046:en:html > > [2] > > http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2013/wp208_en.pdf > -- > Wikimedia CH - Verein zur Förderung Freien Wissens > Lausanne, +41 (21) 34066-22 - www.wikimedia.ch > > _______________________________________________ > Wikitech-l mailing list > [email protected] > https://lists.wikimedia.org/mailman/listinfo/wikitech-l _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
