Our advice (opinion) on The EU Cookie Law

  —   18 May 2012   —   Code & Drupal

We recently published our current thoughts on 'The EU Cookie Law' that is due to come into effect on May 26th 2012 following a 12 month grace period. We outlined what the options are for complying with the law, including some technical solutions that could be used on your website code.

Although we have presented the options for what can be done to comply, a number of clients have asked our advice and what we recommend. Although this is a legal issue (and we're not legal people) we can offer an opinion based on the consensus of a number of sources, including the ICO.

What are the options?

  1. Comply with the law as it stands. This will require parts of your website to be re-coded. (Please call us to discuss this)
  2. Re-code your website to remove cookies completely. This might mean losing some features. (Not something we recommend)
  3. Wait. Since even the government hasn't got its act together on this, some degree of consensus may emerge in the coming months, and we can take action then. (Something we do recommend)
  4. Ignore the new law. This may leave you open to prosecution. (We have to tell you this)

What are other companies doing about it?

Most companies haven't done a thing. Millions of them, all over the EU, are breaking the law right now as a result.

Even worse, the UK government's own websites are in the same boat. They use cookies too. Most of them are not complying with the new law.

The main point to remember is that although the grace period ends next week, the ICO has assured website owners it won't be issuing any fines.

"Please don't read that as suddenly the ICO is going to launch a torrent of enforcement action," said deputy commissioner Dave Smith, at a media briefing.

"Sites will generally only be investigated by the ICO after users report them via a yet-to-launch tool on the watchdog's site. Only the most intrusive cookies will lead to the ICO using its enforcement powers", Smith said, which includes fines up to $500,000 or notices requiring companies to take action to fix data protection flaws."

Our advice - Don't Panic!

We're optimistic that a sensible and pragmatic solution will be possible, especially once larger companies and government departments start taking steps to make their websites compliant.

The fact that essential cookies are considered OK is a big mitigating factor. For some sites, an audit of cookies used might be a good idea, to see what's essential for the site's function and what isn't. Another thing to do is check your website's published privacy policy - and if you don't have one, get one drafted. We can help with this.

In summary

  1. Cookies are useful snippets of text that help websites work better
  2. The law about cookies has changed
  3. Your website uses cookies
  4. The situation is messy, and even government websites are not all complying as we would have expected them to
  5. You need to decide what to do about it (and that might be 'do nothing' for now)

I hope our stance on this is now clear - why risk disrupting a website, features and usability until clear guidance has been given.

If you have any questions, please don't hesitate to get in touch.

Further reading



Our Partners / Accreditations / Networks

0161 872 3455

Sign up to our newsletter