World Class Web Design for Kent
Call us on: 0845 006 3313
Email us at:

EU Privacy Directive (Cookie Law) – Does It Apply To You?

Written on April 30, 2012 by admin in Analytics, Browsers, UK Website Law, Web Design Kent

In simple terms the law affects any website which does business in the UK and uses ‘non essential’ cookies.

UK Cookie Law

So what do we mean by “non-essential”? The Information Commissioner’s Office (ICO) who are the body responsible for upholding the EU Privacy Directive say “all cookies that do not facilitate the transmission of communication, or are not strictly necessary for a service requested by a user need to be consented to or removed”.

The UK government has given website owners until May 26, 2012 to make the necessary changes to comply.

What is a “Cookie”?

A cookie is a small file, typically of letters and numbers, downloaded on to a device when the user accesses certain websites. Cookies are then sent back to originating website on each subsequent visit. Cookies are useful because they allow a website to recognise a user’s device.

For more information see: http://www.allaboutcookies.org/

Research into consumers’ understanding of the internet and cookies demonstrates that current levels of awareness of the way cookies are used and the options available to manage them is limited. An online survey[1] of over 1000 individuals in February 2011 illustrates that significant percentages of  ‘internet savvy’ consumers have limited understanding of cookies and how to manage them:

  • 41% of those surveyed were unaware of any of the different types of cookies (first party, third-party, Flash / Local Storage). Only 50% were aware of first party cookies.
  • Only 13% of respondents indicated that they fully understood how cookies work, 37% had heard of internet cookies but did not understand how they work and 2% of people had not heard of internet cookies before participating in the survey.
  • 37% said they did not know how to manage cookies on their computer.
  • The survey tested respondents’ knowledge of cookies, asking them to confirm if a number of statements about cookies were correct or not. Out of the sixteen statements only one was answered correctly by the majority of respondents.

Can’t People Just Turn Off Cookies in Their Browser?

Unfortunately this is not enough.

Although all modern browsers allow users to change their cookie settings to block websites from storing cookies on their computers the new Cookie Law says consent must be explicit.

ICO have said:

At present, most browser settings are not sophisticated enough to allow you to assume that the user has given their consent to allow your website to set a cookie. Also, not everyone who visits your site will do so using a browser. They may, for example, have used an application on their mobile device. So, for now we are advising organisations which use cookies or other means of storing information on a user’s equipment that they have to gain consent some other way.

This means for now it’s up to the owner of the website to ask for the user’s consent when they visit their website.

What Are The Penalties?

Penalties of up to £500,000 can be served to organisations that seriously breach the law. Details are still being defined and are likely to be tested in court.

What Should I Do Next?

There are only two real options for website owners:

  • Stop using cookies.
  • Start asking for permission for those cookies not deemed essential.

Steps To Take

  • Check what type of cookies and similar technologies you use and how you use them.
    • Cookie Name – The name used in implementation (e.g. UID).
    • Cookie Friendly Name (e.g. Username).
    • Description – The description should provide as much detail about the purpose of the cookie as possible.
  • Assess how intrusive your use of cookies is.
    • Potential Intrusiveness to User – Each cookie should be rated for its intrusiveness.
    • Expiry – The number of days it takes for the cookie to expire.
  • Where you need consent. Decide the best solution to obtain consent, otherwise remove non-essential cookies.
  • Update your Privacy Policy. Make sure that your privacy policy has a clear section on cookies and how your site uses them. Be 100% transparent. See https://www.gov.uk/help/cookies as an example.

“Necessary” or “Non-Essential” Cookies (Seek Advice)

Some cookie’s are required for a site to work e.g. if a user adds an item to their shopping basket, that would be considered necessary – a cookie is technically required to remember that user and retain their shopping cart contents. Similarly, a cookie may be necessary to log into a website.

However a cookie which was set to welcome a user back to a website, or to record what pages they view would not be strictly necessary. In particular, this means you can’t use traditional analytics without permission.

  • Analytics (prohibited).
  • Behavioural ads (prohibited).
  • Conversion tracking cookies for marketing e.g. affiliate links (open to question).
  • Social media plugins e.g. Facebook Like button (prohibited).
  • Welcome back “name” message (prohibited).
  • User Preferences e.g. to allow larger text for visually impaired users (open to question – depends on circumstances).
  • Add to basket (allowed).
  • Login (remember me tick boxes) (allowed?)
  • Remembering whether cookies are allowed (noting whether a user has said yes or no to allowing a cookie on your site) (allowed?)

More Information

Contact Us

If you are concerned about whether you have cookies on your site and whether they comply with the new law contact us for advice.

[1] The Department for Culture, Media and Sport | PricewaterhouseCoopers LLP (PWC)

2 Comments - Leave a comment!
« Older Posts
Member of WSG, GAWDS, UKWDA, AWDP, IWA-HWG, IWDP, FSB, Kent Invicta Chamber of Commerce, Thanet & East Kent Chamber. Business Link Kent Service Provider.
SiteMap | Kent Web Site Design | Links | Resources | Accessible CMS | eCommerce Shopping Cart | CSS | XHTML
Kent Based Web Designer | Accessible Web Design Kent.