The EU Cookie Law: Problematic to say the least

Today I was posed the question, by a prospective new client, of whether their new web site would breach the May 2011 UK cookie law. Although aware of the new law, I will admit I had not yet looked at the actual legislative requirements, lets take a look.

Where are cookies used?

Cookies are used by nearly all web sites to remember information about visitors in between pages and sessions. In most cases, this information is stored server side, not in the actual cookie, the cookie simply acts as a key.

Common use of a cookie – Analytic software

Probably the most common use of cookies are those used by web site analytic software. This type of software enables the site owner to obtain information on visitors to their web sites. Most (if not all) these pieces of software store technical information about the browser (screen size, version, etc), pages visited by the user, time spent on pages, etc. They do not store any personal information about you such as your name, address, etc.

These statistics help site owners determine content that is popular, which browsers people are using and a variety of other useful information to help owners deliver better experiences to their users.

When you first came to this blog, my analytics software ( issued you with one of these cookies, all the cookie contains is a unique string / numeric identifier.


Other uses of cookies

A slightly more privacy invading example of cookie use is Google Adsense. They monitor what you look at (on participating web sites) and then show you advertising related to this. For example, if you go to KLM’s website ( and search for a flight, then go to any web site with Google Ads on it. I guarantee somewhere you will see an advert for KLM.

So what does the law say?

Member States shall ensure that the storing of information, or the gaining of access to information already stored, in the terminal equipment of a subscriber or user is only allowed on condition that the subscriber or user concerned has given his or her consent, having been provided with clear and comprehensive information, in accordance with Directive 95/46/EC, inter alia about the purposes of the processing. This shall not prevent any technical storage or access for the sole purpose of carrying out the transmission of a communication over an electronic communications network, or as strictly necessary in order for the provider of an information society service explicitly requested by the subscriber or user to provide the service. – Quoted from

The quote above is extracted from the EU Directive in October 2009, which the UK went on to copy into law effective as of  May 2011.

However, the law allows for cookies that are “strictly necessary for a service requested by a user”, the exact definition of this remains very vague.

So in a nut shell, if a UK web site wants to send you any cookies, legally, it should ask you before it does so.

Why it’s problematic

This law, in my opinion, is nearly as ludicrous as the law that was held up until 1976 for UK taxis to carry a bail of hay in their boot. This is for multiple reasons, to name a few:

  • Lack of alternative options currently available to web developers to easily accomplish common
    goals and abide by the law
  • Cost to UK businesses to implement these alternatives
  • Competitive advantages handed to business based in other geographical areas
  • The impracticability of asking every user whether they would like to accept cookies

A superb resource regarding this matter with fuller detail of the law and it’s implications can be found here at

Update: I’ve made a follow up post on EU Cookie Law: UK Government ‘break’ the law they imposed

2 thoughts on “The EU Cookie Law: Problematic to say the least”

  1. Steve_Wright says:

    We are also using GetClicky with our websites.
    Does this therefore mean that we’re going to have to ask our users permission before we can use the analytics software?
    This is a pretty ludicrous law.

    1. olsgreen says:

       @Steve_Wright Technically yes, I can’t envisage it being enforced unless things change.

Leave a Reply

Your email address will not be published. Required fields are marked *