EU cookie law – is it crunch time?

The new EU cookie law is proving to be a ‘monster’ for businesses big and small. But what should you be doing to comply? We share our best-practice advice…

Chances are you’ll have heard about the new European e-Privacy directive. And, if you have, chances are you’ll be as confused about it as the rest of the business world!

From today – 25 May 2012 – this new law states that a website must get ‘informed consent’ from visitors before the site can store or retrieve information from the user’s computer or web-connected device through a text file called a ‘cookie’.

Cookies are used to collect information about users and their computer/device. A typical example of a cookie used by a site would be to store usernames and passwords, or information on what a visitor last browsed or bought on an e-commerce site. They seek to enhance the user’s experience next time they visit.

But cookies are many and varied things, so it’s not yet clear how this law will be implemented in practical terms – despite today being deadline day! It might mean more pop-up windows and dialogue boxes asking users to consent to a site collecting their data. But it might not, because the fear is that this is excessive and could put people off. At the time of writing, a handful of sites have implemented ‘best-practice’ approaches; for example, BBC,, Mirror online and other major players have published individual, varied solutions. But it‘s important to understand these are interpretive solutions.

We, as an agency, are naturally being asked by clients and contacts what steps they need to take to ensure their websites conform. But the honest answer is: we don’t yet know for sure – and neither do the powers that be!

The Department for Culture, Media and Sport (DCMS) is implementing the new measures in the UK, while the Information Commissioner’s Office (ICO) will be responsible for regulation – namely by imposing fines on those who flout the law. But neither has released guidelines on how the directive should be implemented and so confusion is rife.

Here’s what Ed Vaizey, minister for Culture, Communication and the Creative Industries, had to say in a recent statement: “We recognise that work will not be complete by the implementation deadline. The government is clear that it will take time for meaningful solutions to be developed, evaluated and rolled out. We recognise this could cause uncertainty for businesses… Therefore we do not expect the ICO to take enforcement action in the short term against businesses.”

Or, in the words of information commissioner Christopher Graham: “I cannot bark at the industry at the moment because I have not got the regulations.”

So our best advice at present is not to panic. We’re keeping a weather eye on the big names on the web, but until the government publishes official guidance and/or big business thrashes out a common blueprint we can all build upon, businesses of our size can sit tight.

But things are changing all the time. So why not get the latest (ahem!) crumbs of information on the directive by calling your regular contact or, for non-clients, new business development manager Carl Willimott 01603 252555. We know businesses are worried and there are some things we can do now, such as checking your privacy policy, to help set your mind at rest.

That said, please beware of digital companies trying to sell you a compliance solution in these early days of the directive. If even the likes of the government and Google aren’t up to speed yet, it’s unlikely your site needs the help of such companies.