Complying with EU Cookie Legislation

Posted: Monday 23rd April 2012 in eCommerce Technology, Thought Leadership.

Complying with EU Cookie Legislation

On 26 May 2012, the amended Privacy and Electronic Communications regulation comes into force in the UK and EU.  It has been designed to protect online privacy by making consumers aware of how information about them is collected when they visit a website. The new rules require that websites using cookies must inform users that they exist on their site, explain their role and use specific measures to obtain consent in order to store cookies on their computer or similar device.

These are not rules designed to restrict the use of cookies and similar technologies. However, they are intended to prevent information being stored on people’s computers – and used to recognise them via the device they are using – without their knowledge and permission. There is, however, limited customer awareness and understanding of the purpose of cookies.


Previous privacy legislation required websites to give users information on how to opt-out of cookies and this was often buried in a Privacy Policy. Now, site visitors are required to opt-in to sites which use cookies. All websites will have to block cookies until visitors have given their agreement for cookies to be used. All EU member states have done the same thing and, although they all have their own approach, the basic requirements of the directive remain the same.

The ICO have indicated to us that they are looking for website owners to take a responsible attitude towards the new law and are unlikely to take action as long as there is evidence of a plan within the organisation to address and comply with the law within a reasonable timescale post 26 May. We also believe they are waiting to see how the public and businesses respond before becoming particularly litigious. The message we received was, ‘respect and respond to the new law in a sensible timeframe and have evidence of a plan if challenged’.

Our CEO, Hedley Aylott says, “From discussions with the ICO and IMRG it is clear that this legislation is going to be very difficult to ‘practically’ enforce and the ICO have clearly said that they will take a pragmatic approach to its implementation. They are looking for retailers to show a willingness to understand the law and comply as best as possible. Cleary a range of workarounds will emerge and it remains to see how customers respond to the changes. Personally I think they will be more upset if their shopping experience gets worse.”

It is essential that companies prepare for the change in legislation and are in a position to take action to comply with the directive from 26 May.  Implementing these rules requires extra work in the short term but we expect that compliance will become significantly easier over time.

We can help companies to achieve compliance now by auditing all secure and non-secure pages and supporting companies in the development of their privacy statements, where all tags need to be listed. Please call us for our short guide to the new legislation and the actions you should take to ensure compliance.