Call today:
t: 01376 322782 or Email

The UK Cookie Law is Definitely not Dead

16th March 2013

Last May, EU legislation came into place meaning that any website using cookies to store information about its visitors, had to both make it clear on their website’s privacy statement and ask for the user’s consent before they were allowed to use the website. If they didn’t, further action would be taken, and legal proceedings and monetary fines were mentioned.

This news was major enough to be covered by TV and the papers, and a lot of us remember the panic followed into what exactly cookies are used for on websites (a lot) and the excessive work that followed websites basically covering their hides so no one got sued.

Luckily just before this legislation came into force, a small change was made by the UK Information Commissioner. Indicating that websites can assume that the user has given “implied consent”. As quoted in the Guardian’s article:

“In an updated version of its advice for websites on how to use cookies – small text files that are stored on the user’s computer and can identify them – the Information Commissioner’s Office (ICO) has said that websites can assume that users have consented to their use of them.”

This made life a bit easier for the average business website, but there was a new twist in January when the ICO published on their website that they were changing how cookies were run on their own website:

“We’ve made a change to way we use cookies on our website, including setting cookies from the time users arrive. For those who don’t want cookies, we’re providing an easy way to remove them.
The aim is to help us collect reliable information to make our website better, while remaining compliant with the rules on cookies and our own guidance.”

There were a couple of articles that followed this development, both courtesy from Silktide MD, Oliver Emberton. Oliver, known for his Cookie Law Protest Site blogged about his take on the development and went on to talk to .Net magazine that this meant the cookie law is at long last dead.

I feel I must emphasise this here and now: The cookie law is not dead. The cookie law is just not as terrible as it was originally made out to be:  Websites still must outline on their privacy policy what cookies are used for, and it is still good practice to include a clear banner on a prominent area of the website outlining that cookies are used, and giving the user the ability to read more or clear instructions on how to disable these if they choose to.

Implied consent banner

A banner using implied consent

Cookies banner asking for users permission to proceed

Cookies banner asking for users permission to proceed

If you haven’t already, it is worth watching the video at ICO or if you have the time and patience, download the 31 page Cookies Guidance PDF (available on the same page as the video). It does contain some interesting points, but can be a bit long-winded.

Another proof that the cookie law is still in force is the quarterly review also on ICO website. This is an ongoing report summarising both reports and concerns over websites failing to comply and what they are doing about it. From this guide it is clear that the ICO is working with the companies that they have concerns over . Their summary quotes:

“We are considering 14 websites for further investigation. In these cases we will contact them to discuss their compliance, and require them to take steps as necessary. We have passed details of five websites to our International team, who have told the relevant European authorities about the concerns we received.

We will continue to contact every site we receive a concern about to ensure they know what steps they need to take.”

So there is no need to panic. If it gets to the stage that further action is taken on a website, it’s because of the failure to comply with the ICO or sheer ignorance on the company’s part.

On a separate note, I did check out two international companies not mentioned in the list on ICO’s quarterly report: One does clearly indicate on the first page what cookies are used for and gives the user the option to opt out and the other does not mention it at all. Will the ICO catch up with them? I will certainly be keeping posted.


Leave a Reply

Your email address will not be published. Required fields are marked *

© 2000-2019 DVH Design. All rights reserved.