The EU Cookie Law


In a little over a month, some major changes will be occuring in the European Union in regards to Internet privacy protection. On May 26, sites that fail to comply with the EU ePrivacy Directive disclosure requirements could be subject to fines up to £500,000.

These changes were outlined in the European Directive 2002/58/EC, primarily in article 5. The EU Cookie Law passed last year, and this required website proprietors to provide upfront information about what information they are recording and receive user consent. Sites across the EU, including SpeckyBoy (based in the UK), will have to adhere to these new privacy requirements.

The Cookie Law is a bit of misnomer–the bill is not just about cookies. Instead, it targets ways that websites have been identifying or profiling users by implanting something directly on their device. This means that any locally stored files (in Flash, HTML5, or even cached images) are equally restricted, if they impact privacy.

The Information Commissioner’s Office (ICO) website is an example of this, which has a pop-up that links to the website’s privacy disclosure notice and requires the user to acknowledge that the site will collect cookies. Some other sites, such as BT will have a small unobtrusive pop-up that asks if it can continue collecting information in the future.

It’s important to note that when the ICO asked visitors for their consent, they received a 90% fall in recorded site traffic.

The United Kingdom’s Government Digital Service recently highlighted an important point for EU-based web analytics in the Implementer Guide to Privacy & Electronic Communications Regulations. Quoting the ICO, as long as “clear information” is given about activities, the ICO is “unlikely to prioritize first-party cookies used only for analytical purposes in any consideration of regulatory action.”

Taking into consideration this guidance from the ICO and the fact that the vast majority of websites across the EU have yet to comply, the course of action many seem to be taking is wait-and-see.

Reception does not seem especially welcoming, as an Econsultancy survey of 700 EU marketers found that the majority (82%) believed that the e-Privacy Directive is not a good or positive development. A new Econsultancy guide focused on best practices for the new rules had an excellent five brief checks to work towards compliance with the new requirements:

  1. Carry out a cookie audit
  2. Evaluate the privacy impact of each cookie
  3. Carry out a business risk assessment
  4. Figure out how you can inform users about cookies
  5. Investigate methods for gaining consent

Does the EU Cookie Law Affect Your Site?

We would love to hear from you in the comments below about how this new cookie law will be affecting your site?
And please share any resources or solutions.

Related Topics

This page may contain affiliate links. At no extra cost to you, we may earn a commission from any purchase via the links on our site. You can read our Disclosure Policy at any time.