Latest Posts

EU Cookie Law

EU Cookie Law

The European Union has changed the law covering how websites should work, and this affects all website owners.

Please take a few minutes to read through this post. It deals with some technical issues, but we’ve tried to explain them in a non-technical way. If you have any questions – which we expect you will – please call us after you’ve read what follows.

The “cookie law” – everything you need to know

The so-called “cookie law” was passed by the European Union last year, but the UK government allowed an extra year’s grace before treating it as law here. That period of grace ceases at the end of this month (May 2012).

The new law affects millions of websites across the EU. To find out how it affects yours, read on.

First of all: what is a cookie?

“Cookie” is geek-speak for a tiny text file left on your computer by websites you visit.

If you know where to look, you’ll find hundreds, perhaps thousands of cookies stored on your computer’s hard disk. Each one is unique, and relates to a specific website.

Cookies are useful. When you do an online shop with your favourite supermarket and it greets you by name, that’s because it detected the cookie stored on your computer from your last visit.

When you click the “Like this on Facebook” button on another website, and your Facebook account automatically opens up showing your profile, that’s because of the Facebook cookies on your computer.

Cookies are used all over the place, for all sorts of reasons. They’re used routinely by web developers everywhere (including us).

Your website uses cookies too. That’s why the new law affects you.

Why did the European Union change the law?

Because they were worried about privacy. Cookies can be used to track people’s movements on the web. Advertising companies, for example, often use cookies to monitor which websites a person visits. If they see that you visit a lot of websites about cars, they’ll use that information to show you more adverts about cars.

How has the law changed, exactly?

In simple terms, the new law says that website visitors must CHOOSE to accept cookies. Instead of simply saving them automatically, every website they visit has to offer them a choice of accepting or rejecting cookies.

That doesn’t sound too difficult

Unfortunately, it’s more complicated than you might think. Almost every website that uses cookies right now was built long before this European legislation was even thought of – as a result, millions of sites have to be altered to comply with the law.

To comply, the code of the each and every one of those sites now has to include:

  • a way of asking visitors whether or not they wish to accept cookies from the website,


  • code that keeps the site working no matter what choice the visitor makes. If someone decides not to accept cookies, we need to re-code the site to make it possible for them to continue using the site without them. (Although for some things, like online shops, cookies are essential – in which case we will have to explain to visitors that by rejecting cookies, they are also effectively choosing to disable certain features of the website.)

On the plus side, the new law says that “essential” cookies can be saved without the user’s permission. The definition of what “essential” actually means isn’t precise, but as we understand it, it refers to cookies without which the site would just stop working. Even so, the new law requires your site to tell visitors that those cookies exist, even if it doesn’t ask for permission to save them.

Also, if a web user decides they don’t want cookies, there’s only one way for a website to remember that choice – yes, you guessed it, by saving a cookie!

That’s one reason why many web developers are unhappy about this law. We understand the need to protect user privacy, but the new law, as it stands, poses enormous problems for website developers like us, and owners like you.

Another problem is communicating the issue to users. Most web users have no idea what cookies are, and will be perplexed when asked if they want them or not.

What’s more, cookies are so widespread, that people will very quickly get fed up of being asked to grant permission for them on website after website.

The situation is messy. But it’s now the law, so we have to deal with it.

What are other companies doing about it?

Rather surprisingly, most companies haven’t done a thing. Millions of them, all over the EU, are breaking the law right now as a result.

Even worse, the UK government’s own websites are in the same boat. They use cookies too. Most of them are not complying with the new law.

What are the options?

We’d like to stress at this point: we are not lawyers. We are web developers, and we’re trying to make the best of a bad situation. We do not advocate or condone any of the options listed here: we are simply listing them as possible options.

1.       Comply with the law as it stands. This will require parts of your website to be re-coded. Please call us to discuss this.

2.       Re-code your website to remove cookies completely. This might mean losing some features. Again, call us to talk about this.

3.       Wait. Since even the government hasn’t got its act together on this, some degree of consensus may emerge in the coming months, and we can take action then. The situation may change or become clearer, but we cannot guarantee this.

4.       Ignore the new law. This may leave you open to prosecution.

Our advice is: Don’t Panic!. We’re optimistic that a sensible and pragmatic solution will be possible, especially once larger companies and government departments start taking steps to make their websites compliant.

The fact that essential cookies are considered OK is a big mitigating factor. For some sites, an audit of cookies used might be a good idea, to see what’s essential for the site’s function and what isn’t. Another thing to do is check your website’s published privacy policy – and if you don’t have one, get one drafted. We can help with this.

In summary

1.       Cookies are useful snippets of text that help websites work better

2.       The law about cookies has changed

3.       Your website uses cookies

4.       The situation is messy, and even government websites are not all complying as we would have expected them to

5.       You need to decide what to do about it

We hope we have explained everything clearly. If you have any questions, please don’t hesitate to get in touch.

We will be working with all of our clients websites over the coming months to ensure all comply with the new law.

 Further reading