EU Cookie Laws - Latest update

Following on from our earlier cookies newsletter, informing you of the EU Cookie Law changes, we wanted to give you further sensible advice on how to approach the new requirements and make sure your website doesn’t become an obvious target for the Information Commissioner’s Office (ICO), when they begin investigating compliance after May the 26th.

This law arrived in May 2011 but any enforcement was pushed back to May 2012 (See our previous newsletter on the cookie update).  Of course, May 26th 2012 isn’t really very far away so please read on to see what’s expected and some of the options that are available to you.

A reminder about what’s changing

From May 26th, most cookies can only be placed on machines where the user or subscriber has explicitly given their consent. It’s no longer enough to simply state that your site uses cookies as part of a privacy statement - your users must now consent to the use of cookies. In addition to this, the consent must be ‘informed consent’, meaning that the user should be given information on the type of cookies being used and what they are used for.

What different types of cookies are there?

There are many types of cookies available and different sites will use different cookies; however, the majority will fall into the following broad categories:

  • Strictly Necessary Cookies

    These cookies are essential to the main function of the site you are browsing. For example, on an e-commerce site, cookies are used to remember items in your shopping basket and transfer security data to allow you to pass from one secure area of a site to another. i.e. from the shopping cart to the payment page.

  • Performance or Analytics Cookies

    These cookies collect anonymous information such as the number of visitors to a site, the time spent on pages and where people go on a site. The do not collect personal user information or machine details. Examples include Analytics or affiliate tracking.

  • Functional Cookies

    These cookies remember information to enhance your visit. They might store information such as your location, custom settings on a site such as layout, text size etc. They can be anonymous and will most likely be served from the website which you are visiting (these are therefore often referred to as 1st Party Cookies – differentiating them from 3rd party Cookies. See below).

  • Targeting, Advertising or 3rd Party Cookies

    These cookies are normally 3rd Party cookies used to control the display of relevant advertising to users and/or monitor the effectiveness of advertising campaigns. The adverts are usually placed on the site with the permission of the website owner and information is often shared with advertisers and other organisations.

What options are available for ensuring compliance?

  1. You do nothing and rely on your users’ browser settings as a sign of compliance. For example, if your user’s browser settings are configured to allow all cookies, this is can be seen as compliance; however, this must also be done in conjunction with the provision of more information to your users about the cookies being used.

  2. Adding a header bar or pop-up on your website to advise users that your site uses specific types of cookies. Whatever method used will bring user attention to inform users of the cookies being used on the site and request consent in the most appropriate fashion before the user can use the site to its full extent.

    You can see examples of various approaches at the following sites:

    A straightforward banner on the The Information Commissioner’s Office Website


    BT's site offers a pop-up choice and cookie settings at the bottom of their site

    Delia Online shows a pop-up to advise that the work is in progress and directs users to more information on cookies used by the site.


  3. We perform a site audit of all cookies used on your site to establish whether technical workarounds can be put in place to avoid use of cookies by use of other methods or technology. If we cannot utilise other methods for your site, we will use the detailed information from the audit to implement one of the methods suggested in point 2.


This is a lot of information to absorb; however, we’d certainly rather everyone avoids the prospect of a phone call from the ICO asking why nothing is being done to advertise the cookies used or gain necessary consent. Opinions differ as to how the ICO might go about their investigations but these are speculative, and so, even if you are not fully compliant on the 26th, you should at least have begun to make the move towards compliance.

The above is based upon our understanding of the new regulations; however, as with any legislation, we would recommend you seek your own legal advice.


Want to know more?

Find out about our website design and development services.

Speak with one of our experts


www.mercurytide.co.uk would like to store information (cookies) on your computer. By continuing to use this site, you consent to this.
More info