EU cookie law compliance
"Where such devices, for instance cookies, are intended for a legitimate purpose, such as to facilitate the provision of information society services, their use should be allowed on condition that users are provided with clear and precise information in accordance with Directive 95/46/EC about the purposes of cookies or similar devices so as to ensure that users are made aware of information being placed on the terminal equipment they are using. Users should have the opportunity to refuse to have a cookie or similar device stored on their terminal equipment. This is particularly important where users other than the original user have access to the terminal equipment and thereby to any data containing privacy-sensitive information stored on such equipment. Information and the right to refuse may be offered once for the use of various devices to be installed on the user's terminal equipment during the same connection and also covering any further use that may be made of those devices during subsequent connections. The methods for giving information, offering a right to refuse or requesting consent should be made as user-friendly as possible. Access to specific website content may still be made conditional on the well-informed acceptance of a cookie or similar device, if it is used for a legitimate purpose." (Recital 25, Preamble)
"Member States shall ensure that the use of electronic communications networks to store information or to gain access to information stored in the terminal equipment of a subscriber or user is only allowed on condition that the subscriber or user concerned is provided with clear and comprehensive information in accordance with Directive 95/46/EC, inter alia about the purposes of the processing, and is offered the right to refuse such processing by the data controller. [...]" Article 5(3)
As of May 2011, EU Directive 2009/136/EC, which further requires consent to be obtained for the setting of any cookie that is used for tracking purposes, is binding on all EU member states:
"Third parties may wish to store information on the equipment of a user, or gain access to information already stored, for a number of purposes, ranging from the legitimate (such as certain types of cookies) to those involving unwarranted intrusion into the private sphere (such as spyware or viruses). It is therefore of paramount importance that users be provided with clear and comprehensive information when engaging in any activity which could result in such storage or gaining of access. The methods of providing information and offering the right to refuse should be as user-friendly as possible. Exceptions to the obligation to provide information and offer the right to refuse should be limited to those situations where the technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user." (Recital 66, Preamble)
As of revision 669, Smartest allows its users to comply with this law by showing a notification to users that cookies are used, and obtaining their consent.
How it works
When this functionality is enabled, it will check for a cookie called
SMARTEST_COOKIE_CONSENT, with a value of 1. If this cookie is found, a session will be initiated. If not, no cookies are set by Smartest, and user permission to set cookies is sought. In order to get user permission, Smartest will try to display one of the following templates:
Sites/CURRENT_SITE_NAME/Presentation/Special/eu_cookie_warning.tpl, or if this file does not exist,
If neither file exists, Smartest will display its own internal default template, containing the following:
We would like to place cookies on your machine to help make this website better. <a href="#cookie-warning-dismiss" id="sm-cookie-warning-dismiss">I understand.</a>
The only thing that Smartest needs in order to start setting cookies, is for a cookie to be set on the machine called
If you use your own template, how you communicate with the user about their consent to allow cookies on their machine is up to you, but you will still need to make sure that the cookie is correctly named.