UK On Cookie Compliance: Website Owners “Must Try Harder”

Web Privacy and SecurityThis week, the UK’s Information Commissioner’s Office (ICO), published the Guidance on the rules on use of cookies and similar technologies (link to pdf). The ICO is the UK’s authority “set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.”

According to the document:

The rules in this area are essentially designed to protect the privacy of internet users – even where the information being collected about them is not directly personally identifiable. The changes to the Directive in 2009 were prompted in part by concerns about online tracking of individuals and the use of spyware. These are not rules designed to restrict the use of particular technologies as such, they are intended to prevent information being stored on people’s computers, and used to recognise them via the device they are using, without their knowledge and agreement.

In the announcement post, Information Commissioner Christopher Graham, calm website owners with the following statement”

“But, come 26 May next year, when our 12 month grace period ends, there will not be a wave of knee-jerk formal enforcement actions taken against those who are not yet compliant but are trying to get there.”

The Law

A person shall not store or gain access to information stored, in the terminal equipment of a subscriber or user unless the requirements of paragraph (2) are met.

(2) The requirements are that the subscriber or user of that terminal equipment-

  1. is provided with clear and comprehensive information about the purposes of the storage of, or access to, that information; and
  2. has given his or her consent.

There is an exception to the requirement to provide information about cookies and obtain consent where the use of the cookie is:

  1. for the sole purpose of carrying out the transmission of a communication over an electronic communications network; or
  2. where such storage or access is strictly necessary for the provision of an information society service requested by the subscriber or user.

Guidance on the rules on use of cookies and similar technologies

The guidance document is well written and they use simple language to explain the reasons behind the law as well as a clear explanation of what a cookie is. They also provide the results of a research conducted by PriceWaterhouseCoopers LLP that analyzed consumer understanding and management of internet cookies and the potential impact of the EU Electronic Communications Framework (link to pdf); basically, the results show that consumers have a very limited understanding of cookies and how to manage them.

In the document you will also find practical advice for complying. For example, here is a screenshot of how you can ask for the permission of your users to use cookies on the site: Eu cookies compliance

Google Analytics Users

According to the Guidance on the rules on use of cookies and similar technologies:

You will often collect information about how people access and use your site. This work is often done ‘in the background’ and not at the request of the user. A first party analytic cookie might not appear to be as intrusive as others that might track a user across multiple sites but you still need consent.

This means that Google Analytics users, even the ones that do not collect any additional data besides the standard code, will have to ask for user permission in order to track visitors. This sounds quite extreme and hard to enforce.

The Winners and The Losers

In a recent interview with Vicky Brock, owner of Highland Business Research (a UK based consultancy) and member of the Board of Directors of the Web Analytics Association, she discusses Google Analytics and Privacy Laws in Europe. According to her (starting at min 08:35) the law is extremely complicated, and instead of aiming at doing good, it aims at limiting the technology, which cannot not work.

It gets worse when a website is used across countries in Europe, with each country dealing with with the law in its own unique way. Vicky also notes that there is a problem as to which law should a website follow: is it according to its offices or according to the user location.

According to Vicky:

“It doesn’t help my data be any more private; in fact it encourages creative people to come up with technology that just scours around the issue. In addition, only the people that follow the rules will suffer.”

The biggest consequence of this privacy law is that European websites will find themselves in an extreme uncompetitive position as they have a limited tracking capability. It might also incentivate good companies to become sneakier as they have to be craftier to get the data.

If you manage a website and are not sure whether you need to take further action based on it, I warmly recommend you read it, here is a link to the pdf. I also recommend reading through this Econsultancy analysis, it discusses some interesting points such as third party cookies, mobile phones, and other grey areas.

Opinions expressed in the article are those of the guest author and not necessarily Marketing Land.

Related Topics: Analytics | Channel: Analytics | Google: Analytics | Legal: Privacy | Top News


About The Author: is the Founder of Conversion Journey, a Google Analytics Certified Partner. He is also the founder of Online Behavior, a Marketing Measurement & Optimization website. You can follow him on Google+ or Twitter.

Connect with the author via: Email | Twitter | Google+ | LinkedIn

Marketing Day:

Get the top marketing stories daily!  


Other ways to share:

Read before commenting! We welcome constructive comments and allow any that meet our common sense criteria. This means being respectful and polite to others. It means providing helpful information that contributes to a story or discussion. It means leaving links only that substantially add further to a discussion. Comments using foul language, being disrespectful to others or otherwise violating what we believe are common sense standards of discussion will be deleted. You can read more about our comments policy here.
  • Jelly Jim

    Ah, that’ll be our ‘vital’ membership of the European Union, then.

  • bigbreasts

    I totally agreed with you!You have a great point!Great technology of google analytics for internet users.Amazing and greatest ever membership!How to potty train dogs
    Training your dog to sit
    how to naturally enhance breast size

  • lalantour ОБМЕН ССЫЛКАМИ

  • Wolf Software

    At Wolf Software we have provided 2 solutions for cookie opt-in compliance.

    One specifically for Google Analytics :

    and the other is a universal cookie opt-in solution :

    Hope these help

  • George Mitges

    Are you looking for professionals who can help you outline, plan, execute, organize, re-organize and manage your business or its different processes? If yes, then George Mitges and Associates Inc. has the right strategic guidance you need.George Mitges agri food industry consulting provides a wide-ranging expertise in agribusiness and personalized consulting service to the production agricultural community over 30 years

Get Our News, Everywhere!

Daily Email:

Follow Marketing Land on Twitter @marketingland Like Marketing Land on Facebook Follow Marketing Land on Google+ Subscribe to Our Feed! Join our LinkedIn Group Check out our Tumblr! See us on Pinterest


Click to watch SMX conference video

Join us at one of our SMX or MarTech events:

United States


Australia & China

Learn more about: SMX | MarTech

Free Daily Marketing News!

Marketing Day is a once-per-day newsletter update - sign up below and get the news delivered to you!