How do I comply with the EU Cookie Directive?
EU Cookie Directive
EU Cookie DirectiveThe EU Cookie directive comes into force for UK-based websites on 25th May 2012. This directive came into force for some other countries in the EU a year ago, but the UK government gave website owners here an additional year to make their sites compliant, whilst at the same time hoping that the directive itself was clarified.
What does the EU Cookie Directive say?
Read the full EU Cookie Directive as published by the Information Commissioner’s Office (ICO).
What does the EU Cookie Directive mean in practical terms?
From 25th May, all websites must tell visitors if they employ non-essential cookies AND must get explicit permission from visitors to store those cookies on their computer. This clearly has implications for many thousands of website owners, given that the majority of websites use cookies.
The choice of how you deal with this directive is yours as website owners, but here are our thoughts :
- Implementing the directive is likely to adversely impact your website traffic, as more people will click away from your site rather than accept the cookies. This is irrational on the part of the visitor, because they are likely to be visiting many other websites that are operated outside the EU, or which don’t disclose their use of cookies, but nonetheless is likely to discourage some from entering your website;
- If you are using usage tracking systems, such as Google Analytics, your stats are in future likely to grossly under-report your real traffic. The reason for this is that website visitors that arrive at your site and don’t accept your cookies will not be tracked (that’s the whole point of the directive). Anecdotal evidence from other website owners suggests that your reported Google Analytics traffic might fall by as much as 80%-90%;
- The directive will put those that comply with it at a disadvantage to those who don’t… although they may avoid a fine!
- Most website owners will not implement the directive, either through ignorance, or defiance, or simply because they don’t know how to implement the changes (or think they will cost too much);
- A few website owners will have action taken against them;
Is your website affected by the new EU Cookie Directive?
Most websites use cookies. However, some cookie use is exempt from the directive, such as cookies that are used to provide a user function that would not be possible without the use of the cookies. For example, a shopping cart system would be expected to use cookies to store the contents of the cart while the visitor was shopping, and to ensure that when they went to checkout the contents of the cart were available.
However, the use of 3rd-party cookies such as those that track visitor usage of the site, are caught by the directive. This means, for example, that if your site uses Google Analytics, Adwords or Adsense code, the directive applies to you.
If you want to comply with the directive, what should you do?
Based on our current understanding, to properly comply with the directive, you need to either :
or
In any case, it might be prudent to involve your website developer or to get an independent audit of the cookies in use on your website. Implementing the changes on your website to comply with these directives might just take an hour or two to assess and complete.
We can do this for you
We are not happy that this directive is coming into force. It creates additional work for us which, unfortunately, has to be paid for by our clients. If our clients want us to audit their site for cookie usage, and subsequently to change the website to comply, then we will need to charge for this work.
Our expectation is for a typical cookie audit to cost no more than £20+vat, and making appropriate compliance changes to your website will cost in the region of £40+vat – £80+vat. For larger, or more complex sites, this may be higher, but we will always discuss the costs and implications with you first.
Bear in mind that it’s not necessarily just a case of installing a plugin or other supplied code into your website. To do the job properly we think you need to :
- Ensure you have a prominent notification on every page of your website to let your visitors know that you store cookies on their computer;
- Give visitors the opportunity to understand which cookies you use and how you use them. We do this in the example site by pointing them to our privacy policy;
- Allow visitors to confirm that they are happy to accept your cookies… and make sure you only store the cookies if they have accepted them – this might mean adding a little extra code to ‘wrap around’ your cookie creation process;
- If your site allows login or commenting ability (and this process generates cookies), add a short bit of text at the login stage or above the comments area just to gently advise your visitors that this will generate a cookie;
very helpful, thank you
The major problem with all of this is that it creates bad user experience. Try visiting the Telegraph website on an iPad to get an idea of what I mean. Another example of poorly thought out EU legislation putting EU hosted websites at a disadvantage compared to websites hosted outside the EU which don’t have to comply. Rant over : )
I completely agree Graham. The genuine sites that comply with the EU directive put themselves at a disadvantage by getting less traffic and user engagement compared to the real problem sites that will carry on regardless (whether they are in the EU or not).
Thanks for taking the time to comment.