IMPORTANT : How the new EU cookie law affects your websites

What is this EU cookie law I keep hearing about?

Last May a law was passed stating that all websites dropping non-essential cookies on visitors’ devices have to declare it publicly and ensure visitors acknowledge and agree with them to continue browsing the website. If you/your business resides within the EU, you have until the 26th May 2012 to implement your solution on your website(s). The most important thing to know is that if your website doesn’t comply with the new law, you can potentially be fined up to £500,000.

Is the law associated with me or the location of my web host?

The law is linked to you/your business, so even if you have a .com website with an American audience, you still need to comply with regulations if you/your business is based within the EU. The law applies to all domain name extensions regardless of their association with a particular country or region.

My website is a personal site, do I still need to comply?

Even if your website is non-commercial, you should still comply with the EU cookie law if you drop non-essential cookies.

Where can I find out more about the law and how websites are implementing it?


What are the exceptions to the new law?

Pretty much every site drops cookies of some description. If you have Google Analytics installed, your website drops cookies. If you have any affiliate links or use Google Adsense or any other advertising networks, your website drops cookies.

The law only applies to ‘non-essential’ cookies that aren’t required for your website to function. So, for example, if you run an online store and cookies are used so your customers can add products to their basket and checkout, you don’t need to conform to the new EU cookie law regulations. However, if you track visitors via a tool like Google Analytics as well, you will need to explicitly tell your visitors that cookies are in use on your site.

Some of the likely exceptions to cookie compliance are provided below:

Taken from ICO’s Guidance on the New Cookies Regulations PDF.

So, what steps do I need to take for my websites?

There’s no one solution to comply and the guidelines that are provided are quite vague, causing a lot of confusion and more difficulties for website owners who want to comply but are unsure what to do. Because there are so many types of websites using unlimited combinations of cookies, there’s no one size fits all solution. It all comes down to what kind of website you have and what cookies are in place.

It’s not enough to simply update your privacy policy or terms and conditions. A user must explicitly accept cookies in order for you to legally use non-essential cookies on your website.

1. Check the cookies in use on your website

If you aren’t sure about the cookies you use on your website, check out the detailed information provided in ICO’s PDF or use one of the many third party tools available, such as:

Please be aware that you should check every page of your website and that not all third party tools are completely accurate.

2. Implement a solution

There are plenty of solutions on offer; we’ve done the work for you and found several easy to use free solutions:

Cookie Control: One of the easiest options we’ve found is a little widget called Cookie Control (there’s also aWordPress version). You simply add the code to your website and it shows up as a noticeable but unobtrusive triangle in the bottom corner of your website.

Whether you implement one of these solutions or opt for another one entirely, the message should appear on every page of your website. If you have a static website that isn’t run on a template or CMS, you may want to look into adding it via a PHP include.

In addition to these methods, you may also want to update your privacy policy and/or terms and conditions. Tint Network has an easy to read privacy and cookies policy which they are happy for people to use as a template.