Posted in Google by admin | 1 comment

A new UK law governing cookies will be enforced by the government from May 26th 2012. It has already been law for a year.

EU Cookie Law Advice

The new cookie legislation has implications for your website, your use of Google Analytics, and possibly your approach to email marketing.

This article explains everything you need to know. And, more importantly, clearly sets out what you need to do to comply.

The Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011 have been met with a strange silence on the part of major stakeholders, including Google. Incredibly, the new law has not even been mentioned on the Google Analytics blog yet. The UK government has also failed to provide practical advice, let alone leadership on the cookie issue.


What you need to do now to ensure compliance:

New EU Cookie Law - How To Comply

What are web cookies?

Web cookies are used by websites and emails to identify a user. They make it possible for a site to remember the person’s preferences and the contents of their shopping cart when they come back. Cookies are also used by web analytics systems like Google Analytics, which uses them to measure visits from different sources and track a user’s progress through a website. Analytics data, made possible by cookies, provides vital marketing intelligence that no online business would want to lose!

Google Analytics uses Cookies to measure user activity on a website

What you need to know:

The UK government has also failed to provide clear leadership on the new regulation – with no practical guidance available to concerned businesses operating e-commerce websites.

If your business operates a website then Digivate recommends taking legal advice on your position – just as a precaution, we do not believe there is any cause for concern.

It is still unclear precisely what the technical requirements will be – The Department for Culture, Media & Sport has responsibility and they have yet to decide how to implement the new regulations. The last update from them “confirms there will be no immediate changes to how UK websites operate.”


However, it is understood that eventually websites will basically be required to:

1. Be clear and comprehensive about what they are doing with people’s information and

2. Gain the user’s consent – giving them an opportunity to refuse (precisely how is yet to be decided).

It seems likely to us that either the user’s browser settings will be taken as consent, or that existing privacy policies will just need another paragraph added about cookies.

For Google Analytics purposes, no doubt Google will provide some sort of leadership eventually, and there should be lots of government information about what is required of EU businesses if any significant actions are required on their part. So far Google has been very quite on the subject and we believe that is because there is as yet insufficient information for anybody to determine exactly what will be required by law.

In the UK, the ICO will regulate and enforce the legislation. Here is their page on the subject:

The ICO has not yet indicated if email open tracking is governed by the new law, but we advise working on the assumption that it will be.

The ICO have implemented a strange, rather extreme solution to complying with the new cookie legislation on their own website:

The ICO's solution to cookie permission


We think the ICO implementation is extremely bad for the user experience and is sure to fail. More importantly, it is likely to cause serious concern for online businesses. Imagine if you had to tick a box and click “continue” every time you visited a new website!

A better approach to implementation can be found on here, with the “Privacy and cookie policy” link at the top right corner of

Econsultancy's implementation of EU cookie law

More advice about cookie law compliance from Econsultancy:

Official advice remains extremely sketchy – seemingly because, as yet, no firm decisions have been made about how implementation should work within the UK, or when measures must be implemented.

However, it seems likely that only minimal action will be required. In particular, we believe it to be highly unlikely that an explicit ICO-style opt-in will be required. Especially in the current European economic climate. That would damage the EU’s ability to compete globally. Even in the event that technical on-site changes are required, clearly it will take time for every website to implement the changes. I would be amazed if the UK government would be so unreasonable as to expect immediate implementation, even after they have provided firm guidance.

What you need to do now:

1. Identify all the ways in which you use cookies. Most likely your website, your analytics software and your marketing emails all use cookies.

2. Make sure the link to your website’s privacy policy is prominent on your website and emails. As yet it is not known if emails will be covered. We recommend assuming that they will be.

3. Update your privacy policy. Econsultancy’s privacy and cookie policy is a good template.

Mainly you need to explain:

  • What information you collect
  • How you collect it
  • Why you collect it – and how you use it.

It may also be beneficial to include a paragraph explicitly telling visitors not to use the website if they are not 100% happy with all your policies.

4. Follow us on Twitter for the latest advice:

Comments (1)

  1. Josh Nicholas -

    Nice work Ben and Toby…I think you’ve conveyed this in a nice digestible format for webmasters and business owners.

Leave Comment

* Required field