You are here

A taste of the new EU cookie laws

The deadline for the e-Privacy Directive which has been looming for some time, has finally arrived. You may be more familiar with the Directive under its more informal name – the EU cookie law.

The new regulations set out that websites must obtain consent from each UK visitor to store or retrieve any information on the user’s computer or device (this includes tablets, smartphones, or any device you may connect to the web with). This is bad news for websites that use cookies – which, unfortunately, turns out to be most of them.
Before those of you with sites outside the UK or EU start thinking this doesn’t apply to you, you still need to sit up and take notice. No matter where your site is based, you could still be breaking the law each time you use cookies on a UK user without their consent – and with the Information Commissioner’s Office (ICO) threatening fines of up to £50,000 per breach, this is no small matter for your business.

Why do we need cookies anyway?

Unlike their edible namesakes, browser cookies are not to everybody’s taste. We’ve probably all been bombarded at some point by online adverts for the thing we’ve just been searching for, whether it’s holidays, clothes or car insurance. These are caused by cookies designed to track online behavior and target ads to users. Although this is supposed to be helpful to users, it can prove irritating. In fact, a recent survey by Econsultancy revealed that 89% of UK consumers think the EU cookie law is a positive move.
So why not just ban cookies and have done with it? These behavioral ad trackers are not the only way in which cookies are used on sites. They are also used for handy features such as remembering sessions (fancy logging into sites like Hotmail several times a day when you want to check your email?) and for analytical purposes critical to running a successful site. In fact, if you use sites like Google Analytics to track your site’s visitor history, you’ll have a tough job finding out whether these services will be strictly legal come May 26th (but you can find a quick guide here).

Previously, cookies were used on most websites on an opt-out basis, meaning many site visitors undertook their web sessions with no idea that cookies were being used. The new regulations mean that users now need to opt-in to a cookie session – making it far less likely that they will be accepted. Surely, this openness can only be a good thing, but it’s likely that users will be put off from accepting perfectly harmless and useful cookies. It’s no wonder the same survey from Econsultancy found that 82% of digital marketers are against the directive.

Despite the natural aversion to being tracked on the web, I think cookies do have a lot of value. With the need for visible opt-in boxes on websites, there’s the potential for privacy fear mongering to web users who don’t fully understand the importance of cookies (although I’m sure designers will come up with a less glaringly obvious solution for opting-in than the ICO’s own website).

So, what do you think of the e-Privacy Directive, and how has it affected you?

This blog orignally appeared at