New Cookies For Everyone!

The new Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011 took effect last weekend. This is a brief run-down of what it is, how it might affect you and what it means you’re your business.

“What’s so special about a cookie?”

Cookies are simple pieces of code necessary to make a things like internet shopping work properly. Many simple cookies (“session cookies”) delete themselves after the transaction is concluded. Others collect the data you input and pass it to third parties you have no knowledge of. These ‘third party’ cookies are used to drive behavioural advertising and often remain on your computer even if you try to delete them and are ‘resurrected’ each time you go online. It is these so-called “zombie” cookies that the new law is designed to address. The law also applies equally to flash cookies, bugs and web beacons.

“Why has the law changed?”

The reason is privacy and giving consumers a choice about whether your data can be collected and stored for future use. The UK Information Commissioner acknowledges that a staggeringly low 13% of consumers actually know what cookies are and what they do. The new legislation requires website owners to get active consent from site users for the use of cookies which store and retrieve data. This law applies irrespective of the device used to connect to the internet, whether it’s your iPhone, iPad or PC.

“How do We Comply?”

The law requires that a data subject must give free and informed consent to the use of cookies. If your site only uses cookies for functional purposes (like Google Analytics or social networking links) a simple cookie pop up like “We use cookies – accept” should be enough to comply.

If your site uses lots of external advertising and so is likely to be using third party cookies, the “informed consent” part of the law becomes more onerous and you should describe the cookies in use and ask users to opt-in via a check box or similar.

“Ah, but we just design websites….”

The Information Commissioners guidance says “Companies who design and develop websites or other technologies for other people, must also carefully consider the requirements of these Regulations and make sure the systems they design allow their clients to comply with the law.” So no get-outs, no excuses. New websites must comply and existing sites must be made to.


The Information Commissioner has indicated that he will give a grace period for compliance, but this is not an reason for inaction. If you haven’t already done so, you must make your site compliant – this is not a zombie law, it will not go away and it will not self-destruct!

The Information Commissioner’s website has lots of information on the changes and Richard Beaumont of the Cookie Collective has published a useful article on this and cookie audits in the July issue of .Net magazine

For more legal advice on the use and storage of cookies contact Joanne Frears on



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s