Cookies … Not As Tasty As You Thought

By · Filed in Websites

We have been getting a growing number of questions from website owners about the EU’s “Cookie Law” and whether they need to do something about it or not.

Things we’ll cover

If you have not heard of the “Cookie Law” then let me start with what it is. Then let’s talk about how it affects you and what you need to do about it (because, yes, if you have a website that will be shown to people in the UK then you will need to do something about it).


However, before we get into too much depth on this, one thing we do want to make clear is that we are not lawyers! We will give you our opinions and views on the Law and how it affects you but we are not experts on this Law (or any other law!) and you need to be sure that you are happy with anything that you do with your website and if you are in any doubt whatsoever then please consult a lawyer for expert advice.

What is the Cookie Law?

The “Cookie Law” was introduced by the EU with the goal of helping a website’s visitors become aware of whether the website was potentially invading their privacy by tracking their activity. The, now aware, visitor could then decide what action to take. Sounds like a laudable aim, yes?

Many websites keep track of what you are doing. For instance, if you log in to a site to have access to members’ information, the site needs to know you have logged in and who you are so that it can give you the information you need. Or, if you are buying something online, the site needs to keep track of what you have put into the shopping basket. Usually, the way that a website will do these things is by storing a small piece of information stored on your computer. This snippet of information is called a cookie, hence the name of the law. So, cookies are not all bad. In fact, the majority are good and simply help a website to function in a more effective way for the visitor. Imagine trying to buy something online where you had to re-enter the details of anything you wanted to buy every time you clicked to go to a new page?

However, what about cookies that monitor which sites you visit and decide which adverts to show you based on your browsing pattern? Over time they could pick up a lot of information about you … what sites you visited, when, how long you spent on them, what pages on the sites you went to, etc. Maybe you’d want to know about that? Or what about a website that encourages other website owners to put a little piece of code on their website that links back and tracks your activity across millions of websites. Facebook does this with its “like” button. They say this is not to track your movements but to make life easier for you. The EU cookie law is aimed at helping you better understand what is happening so that you can make educated decisions.

And then there are cookies that are ok for some people and not for others. Your website probably has Google Analytics on it. This tracks visitor activity on the site so you can tell what brought them to your site, what they did on your site and where they were when they left. It does not allow you to identify individual users, just overall usage patterns. So that’s probably fine. But one option within Google Analytics is for this usage pattern to be shared with Google and not just used by the website owner. Is that ok?

As you can see this is a reasonably complicated topic and, while it might have started out as a good idea, its complications have turned it into a bit of a mess! Initially the EU dictated that all websites originating in the EU must get permission from all visitors before using any cookies and this had to be in place by mid 2011. The UK government (the Information Commissioner’s Office – the ICO) then said that websites in the UK could have an extra year to comply with the law. However, as time passed, the complications became more apparent … as well as the implications, as many feared website visitors would be too scared and confused to do anything!

So the ICO scaled down the extent and impact of the law in the UK. One of the key changes they made was to allow website owners to no longer insist on active consent for cookies from visitors. Instead, a form of “implied consent” was to be acceptable under certain circumstances. However, this needed to be “informed, implied consent”. While this was probably a sensible approach to take (as the original law was doubtless too draconian) it didn’t make it any simpler to implement! The EU seemed to recognise this too and they subsequently adjusted the EU-wide law. They went on to say that some cookies could be exempted from “informed, implied consent” if they are very benign. I’m sure they did this to help … but it sure did add another layer of confusion!

So, where does this leave things now?

Are you affected?

If your website does not use cookies then you do not need to do anything.

However, I’m sorry to say that the majority of websites DO use cookies and the chances are that will WILL need to do something.

If your website is built on a content management system (such as WordPress) then your site will almost certainly be using cookies. If your site uses “third-party” software (such as Google Analytics or Facebook Like buttons) then it will also, almost certainly use cookies. If your site attempts to “remember” something about your visitor (eg it has a shopping cart or remembers what language to display the site in) then again, it probably uses cookies.

If you are only using “benign” cookies then you do not need to achieve “implied, informed consent” so you need to do nothing. A benign cookie might simply recognise that you selected English as the language the last time you came to the site and it will automatically show the site in English when you next return.

However, for most of us, we use “normal” cookies too. For instance, if your site uses Google Analytics then you need “informed, implied consent” and, if you use Facebook like buttons or your Google Analytics data is shared with Google, then you possibly need more.

The challenge with all of this is determining how “intrusive” your cookies are and then deciphering the cookie law to decide what form of consent you need. Neither of these are particularly easy to determine. Therefore we have a  suggestion for you …

What to do?

Rather than an in-depth “cookie audit” (which we have seen some companies charging over £1,000 for!) plus custom site modifications that can be extensive (as cookies can be tucked away in the corners of your site and difficult to find and modify), we suggest the following as a minimum:

  • Check your Google Analytics settings to disable data sharing with Google.
  • Add a “cookie policy” statement to your website and, if you do not already have one, a privacy policy covering any visitor data you capture. Your cookie policy should allow for Google Analytics, Facebook “like” buttons and other information sharing services (such as AddThis and Sexybookmarks).
  • Read the privacy policies of these services and buttons and check to make sure that they are appropriate and reasonable. If not, remove the services from your site.
  • Update the data sharing buttons and services to the latest versions.
  • Add a link to this new cookie policy page to your site in a suitable location. This should not be difficult to find and it may be that this can go into the site’s sidebar or footer. Remember it needs to support the ICO’s goal of “informed, implied consent”, not “hidden, implied consent”!

You may be able to achieve this on your website without needing our assistance. However, if you would like us to do this for you then please get in touch (01554 775 738 or

If you are concerned about whether this might be enough for your site then we can talk about obtaining explicit visitor consent or more prominent solutions but our belief is that this simpler solution will enable most website owners to comply with the Cookie Law in a cost effective way.

The Information Commissioner’s Office

The ICO’s Cookie Law page is here:

Their Cookie Guidance document can be found on that page or opened directly here:

Leave a Comment

Learn how to grow your business by 25% or more in the next 12 months - get the book free now