EU Cookie Law – What does it mean to me?

What is this EU cookie law I keep hearing about?

In May 2011 a law was passed stating that all websites dropping non-essential cookies on visitors’ devices have to declare it publicly and visitors should agree to let the cookies be used. The most important thing to know is that if your website doesn’t comply with the new law, you can potentially be fined up to £500,000.

Recent reports suggest that 95% of UK internet companies are yet to comply with the new law [1] with less than a month to go before the deadline. Time is running out.


Who does it apply to?

If you or your business resides within the EU, you have until the 26th May 2012 to implement your solution on your website(s).


What are ‘Cookies’?

Besides from being a nice tasty snack, Cookies are the name given to a very small file that is left on a visitors computer after visiting a website – this often contains details about the visit. Cookies are used by the vast majority of the world’s websites to recognise a user’s device so that it can perform analytics page tracking, remarketing, personalisation, adding products to shopping baskets, language preferences and user logins.


So whats the problem?

The problem is that very few websites currently ask users to consent to cookies being stored before going ahead and storing them. So users are not accustomed to seeing any consent requests. Imagine if you were browsing the internet and something like this popped up?


If you had no idea what a cookie was and how it could help, you are going to click no arn’t you? Asking users for their consent for something they may not even fully understand will be an interruption to the user experience and could even make them question the trustworthiness of the website.


Does this mean that I can’t use Google Analtyics legally without getting the visitors permission?

Correct. Google Analytics uses cookies to define user sessions, as well as to provide a number of key features in the Google Analytics reports. Google Analytics set 4 cookies in total as default.

Although in a recent interview between the company ‘Econsultancy’ and the Information Commissioner [2] it has been said that they will only look at cases where complaints have been made to them (rather than going out looking for breaches of the law) and these will be resolved by providing advice and negotiation with the website rather than legal action. Although he confirms that although analytics cookies fall under the law, this “doesn’t mean a strict opt-in is necessary” and “it is unlikely (though not impossible) that we would take action just for analytics cookies”.

This confirms that from the Information Commissioner’s point of view, for most site owners the new cookie law will be like driving at 71mph on the motorway – technically illegal, but highly unlikely to result in any legal action being taken.


 What do we do about it?

Unfortunately the guidelines that are provided are pretty vague, causing a lot of confusion for website owners who want to comply but are unsure what to do. Because there are so many types of websites using unlimited combinations of cookies, there’s no one size fits all solution. It all comes down to what kind of website you have and what cookies are in place.

It’s not enough to simply update your privacy policy or terms and conditions. A user must explicitly accept cookies in order for you to legally use non-essential cookies on your website.

First things first, you need to look at the cookies that are currently being dropped by your website, you then need to determine what each one of those actually do and whether they are essential or not -the chances are unless you run an ecommerce store they will not be essential. If you are dropping cookies (and there are not many sites that don’t mainly due to some kind of Analytics) then you have 3 options:

Remove the script/tool that is dropping the cookies

Simple and easiest option is to remove the script that is dropping the cookies, such as removing Google Analytics. You will of course then loose the analtyics on your website if you rely on Google Analytics.

Place an opt-in option onto your website

There are a number of tools that are available to allow you to get permission from the visitor to store cookies on their machine such as Civic’s “Cookie Control” that will display a notification at the bottom of the page asking for permission. See screenshot below:

Although this would comply with the new legislation how many people do you think will click to agree?

Leave it all on there and hope for the best

As I mentioned it is highly unlikely that action agaisnt cookies related to Analytics will actually be enforced – so you could try your luck and leave your Analytics code on there. It’s highly unlikely any action would be taken agaisn’t you, but it’s not impossible. Your call.


If I have an opt-in for my Analytics, how much data would I loose?

Good question. It’s impossible to tell and it will probably vary depending on the visitors to your site – more tech savvy visitors may agree, less tech savvy visitors may decline.

The ICO (Information Commisioner’s Office) released staticstics on their Analtyics before and after they implemented an opt-in cookie solution on their website:

This shows a fall in stats by 90% since their explicit cookie opt in request – many of the people visiting the website will be looking for information on the cookie law and may well actually know about cookies, so this number may be higher than it would be normally.


I want to comply, but I don’t know how to do it?

Don’t know where to start? TheStudio4 can help you comply with the upcoming EU law, you can contact us on 01952 234004.


[other sources]

IMPORTANT NOTICE: Any orders accepted by us will be subject to our standard terms and conditions a copy of which can be accessed [here]. No other terms and conditions will be accepted by us, unless agreed to in writing