What does the EU Cookie Law mean for your business?

The EU Cookie Law

 The cookie law and internet privacy

So you’ve heard something ominous about your website not being legal because of the EU cookie law? Well, you’re right. The new Privacy and Electronic Communications Regulations (PECR) came into force on 26 May 2011. Why the fuss now, a year on? Well, the Information Commissioner’s Office (ICO) gave businesses one year’s grace to comply with the law. From 26 May 2012, the ICO will be seeking to enforce the law.

First some basics – what are cookies?

Most of you will know what a cookie is by now, but for those of you who missed it, essentially cookies are text files (often encrypted) that are installed on a surfer’s computer. Cookies help remember specific information about the surfer relating to that site – like passwords, user ID’s, start page preferences or, as with many retail websites like Amazon, what a visitor has put into their online shopping cart.

The purpose of cookies is to make browsing faster, to remember user preferences and to provide businesses that use cookies with detailed profiles of a user’s browsing habits and browsing history so that content can be tailored to meet an individual’s needs or browsing preferences.

So, what’s with the EU and their anti-cookie legislation?

According to the European Directive, websites that do not openly inform people that their web servers will save cookies to a user’s browser, is a breach of privacy. In lieu of this fact, the ICO has been given permission to ‘serve a monetary penalty’ of up to £500,000 for organisations in serious breach of the new rules.

What does the new law require?

This legislation requires you to obtain consent from users before using cookies on your website. If a user declines, then you may not use cookies in displaying your website to that user. If they accept, then you may use cookies on your website as normal. You will also have to provide clear information explaining what the cookies do.

What to do, what to do, what to do…

Because the due date for cookie compliancy for all UK websites is May 26th 2012, here’s what you need to do to make sure you’re in the clear:

  1. Perform an audit of your website to assess what cookies you have on the site and whether they are essential to the operation of the site or not
  2. Having conducted the audit, you then need to decide what you will do with non-essential cookies – there are two options:
  • Remove the non-essential cookies. The problem with this is the site may not work as well.
  • Provide a notice at the entry to the site giving visitors the option to accept or reject the cookies. If they reject the cookies, then the site must run without the cookies.


The main problem with asking visitors to either accept or reject cookies, is that traffic to your website may be seriously reduced. A recent survey conducted by Econsultancy confirmed that only 23% of respondents said they would be happy to say yes to cookies. This means that most users will either be backtracking when they hit a site that requires cookies, or they will simply decline the cookies.

It will be interesting to see what businesses do and whether their sales will be affected!

Because Xanthos digital marketing has teamed up with an Information Security and Compliance specialist, we can provide a cookie audit for anyone who is interested.