Follow us on Twitter
Follow us on Twitter
Follow us on FaceBook
Follow us on FaceBook
Get A Quote

Blog: article

That's the way the cookie crumbles: advice and comments for website owners on the new cookie law.

07 2012

by Nigel Harding


On 26 May 2012 the new UK cookie law was introduced, intended to give greater transparency and protect the privacy of visitors’ data on websites.

A cookie is…

For those who are not aware, a cookie is a very small text file placed on your hard drive by a Web Page server. Cookies provide capabilities that make the Web much easier to navigate. The designers of almost every major site use them because they provide a better user experience and make it much easier to gather accurate information about the site’s visitors. Cookies allow websites to remember visitors’ choices and track visitor behaviour. Websites such as Google, Amazon, Microsoft and the BBC all use cookies. If you use Google Analytics to track visitors to your website then you use cookies. If you have a Facebook “like“ button on your site then you use cookies.

A new law

Here is a useful summary by the BBC:

In summary, the EU is now “requiring” websites to declare upfront if they are using cookies to store any information and to obtain “explicit consent” for their use’. This law came into effect on 25 May 2011 and businesses were given 12 months to take steps to comply. The law was intended to give some flexibility with the solutions applied but as a result website owners have been unsure exactly how the law is to be applied with much discussion about whether the “opt-in“ to use cookies could be implied.

So all eyes have been on some of the big players to see how they will comply with the new law. The concern for website owners is finding the balance in protecting the privacy of their visitors, making them aware of the site’s cookie policy but being aware that cumbersome popups or landing pages created to obtain permission to use cookies will put off potential visitors.

Don’t Panic!

The Information Commission, setters of the law, have indicated that they will not be jumping straight in to make prosecution cases against companies that do not immediately comply. Their compliance policy, which seems a little laid back, is outlined here:

If your website does not comply, you are likely to be given a warning in the first instance with some advice on how you should comply. In my view it would be better to take some steps towards compliance as soon as you can.

Examples of Cookie Law compliance

The BBC initially chose to display a box with consent buttons the first time that a visitor arrives at the site. Unfortunately you need to use a cookie to detect whether someone has previously visited the site and so this is a rather paradoxical solution. Since then the BBC has adopted a “softer” approach and visitors are shown a statement in which cookie use is explained and it is assumed that the visitor is happy with this unless they wish to opt out. In my view this is a sensible approach.

cookie compliance - bbc

When I visited my bank’s website I noticed that they have adopted a similar approach. Though with less emphasis on opting out or changing settings:

cookie compliance - hsbc

My recommendations

With the caveat that I am not a lawyer and that there have been no legal compliance test cases yet, I suggest that it is perfectly acceptable to inform your visitors that you use cookies and give them information on how they can either disable cookies in their browser or otherwise opt-out. If you haven’t defined a privacy policy of your own then I suggest using Business Link’s example policy as a template ( I suggest that you also provide some advice on how visitors can disable cookies in their browsers if they wish (see

The future?

Internet Explorer 10 will make a new assumption, it will have cookies disabled by default and users will have to change their preferences in order to enable use of cookies. It will be interesting to see if other browsers follow suit.