Websites must comply with new cookie law

Cookie LawsOn 26th May 2011, the UK government updated its Privacy and Electronic Communications Regulations in response to the EU’s Privacy and Communications Directive, and has given websites until May 25th 2012 to comply.

The law has come into force in response to the industry’s failure to self-regulate the tracking of individuals and their data.

This new law, dubbed ‘The Privacy and Electronic Communications Regulations’, is being regulated by the Information Commissioner’s Office (ICO).  The fine for non-compliance has been set at £500,000.


What are cookies?

“Also known as browser cookies or tracking cookies, cookies are small, often encrypted text files, located in browser directories. They are used by web developers to help users navigate their websites efficiently and perform certain functions.” –


What the law states

At present, the wording of the law and guidelines set out by the ICO state that visitors to a website must explicitly consent to having cookies stored on their computers.  Virtually all web analytics tools (including Google Analytics, which you are using) rely on cookies for visitor tracking.


The impact on Google Analytics

Tracked visits to ICO website prior and post explicit cookie opt-in


For many businesses, the ability to anonymously track the volume of visitors, as well as how those visitors use and found the site , is an essential means of measuring site performance, without which it would be difficult to make improvements. However, when handled incorrectly, adherence to the new legislation can be destructive and impractical. For example, the ICO’s own effort at compliance saw a 90% drop in recorded traffic to their site.

Avinash Kaushik - Google Analytics evangelist on YouTube

Avinash Kaushik, a Google Analytics evangelist and expert, has stated that Google is still in the process of working with web analytics companies and various entities in the EU, in order to ascertain the full implications of the new law, as well as how to tackle it. , One solution may be a new form of web analytics that is not dependent on cookies.


Effect of complying rigidly to the law

Paul Carpenter provides an amusing take on what could possibly happen, should websites rigidly conform to the law as it stands.  If this is the case for the UK, it may negatively impact upon the number of international users visiting your site, at least until the wider online community becomes au fait with the new regulations.


What action should I take?

We believe it is vital for website owners to take action, in light of the new legislation.  Websites should have a ‘cookie audit’ performed, in order to determine how intrusive they are.  Based on the findings of the audit, website’s privacy policies should be updated to outline which cookies are created, their purpose and how they can be disabled if desired.

If you would like us to perform a cookie audit and guide you through the process of compliance, or if you have any questions regarding the new legislation, please do not hesitate to get in touch.

Comments: 2

  • Mark Steven
    January 17, 2012 10:00 am

    Nice article @theonetruebaron!

    Those stats from the ICO tell as startling tale. We’ve also identified analytics as the biggest headache for most webmasters. There’s no pretty solution for this: server side solutions are much less accurate and functional than cookie based analytics.

    I suspect in practice we’ll adopt both solutions and run them in tandem.

    In case you’ve not checked it out already there’s a natty little solution for gaining user-consent over at We’ve designed it to make consent that bit easier to give… in the hope that we can push the ICO’s 10% opt-in rate up beyond 50%.

Post a Comment