You may have heard about a new EU directive issued last year that officially becomes enforceable law as of the 26th of May 2012. Referred to as the ‘Cookie Law’, it seeks to enforce tighter control and transparency on the use of cookies on any websites hosted and run within the EU.

What is a cookie?

Cookies are small pieces of information that are stored on your computer when you visit a website. They can be used for a variety of purposes ranging from the very functional – for example storing the contents of a basket on a shopping site, or producing analytics counting how many times you’ve visited a site. There are more sinister uses for cookies though including monitoring what other sites you are looking at.

What does this law seek to achieve?

Due to concerns about privacy online, the law seeks to enforce transparency about cookies being stored on a user’s computer and what they do. However it looks to achieve this through requiring that users must actively understand and register their consent BEFORE a site stores any cookies on their machine. In practical terms this means every user will have terms and conditions to read and agree to whenever they reach a new site.

Why does this matter to me?

As a site owner you are responsible for your site complying with this law. However you also currently benefit from using cookies to track visitors to your site and provide the type of user experience that has become expected from modern sites. From a user’s perspective sites that greet them with terms and conditions to read and agree to will suffer a drop off in traffic. This is where the conflict lies.

What happens if I don’t comply?

The maximum penalty for failing to comply is £500,000 – HOWEVER, that is designed for “the most serious of cases” and “if the contravention was of a kind likely to cause substantial damage or substantial distress”, and if it was deliberate, or if reasonable steps to encourage compliance had been ignored.

Current opinion

We continue to monitor official guidance and industry comment. Our view is not a legal recommendation. We have reviewed our own site cookies, but we won’t be taking active steps just yet to force users to agree to them. We strongly feel that blocking the user from interacting with our site before they have agreed to terms and conditions disrupts user experience thereby impacting traffic to our site, a view shared by the UK Government Digital Service in their “Implementer Guide to (PECRs) for public sector websites” guidance. As we are not using cookies to monitor users’ browsing behaviour outside our site, we feel justified that simply informing users about the cookies we do store is sufficient.

Our opinion will be regularly reviewed as technology and enforcements start to appear.

Related insights

See more insights