Please share this blog if  you think others would benefit and follow @tombowdenCRO on twitter and join him in the crusade to Shoot the HIPPO


In response to the EU Cookie Directive the UK has updated the law. The UK Cookie Legislation became law on the 25th May 2011 and it is believed will begin to be enforced from the 25th May 2012. It’s intended to protect people’s personal data, but, I am not convinced.


Please could everyone watch this short video that explains what it’s all about (2 ½ mins):



What the law says:

In short on the 26th May 2012 it will become law that in order to use cookies you must:

  1.  tell people that the cookies are there,
  2. explain what the cookies are doing, and
  3. obtain their consent to store a cookie on their device.


What Google says:

“We’re working on it. Once we have more information we will share it with you guys!”


What the UK Government says:

“The UK Government has made it clear that enforcement action will not be taken until appropriate technical solutions are available.”


What Jepson @bandertron says:

“It’s the most retarded law I’ve ever heard of. It really winds me up. It’s created by stupid idiots that have no idea what they’re suggesting. If anything I think it will make people complacent as it will just become second nature to click on links. It will actually make you more vulnerable. They should invest the money that was put into that into a website that helps people learn about privacy on the net.”


Ben Milleare @bmilleare

“Anyone that is concerned about cookies should just turn them off in their browser and see how they get on”


What happened in Sweden:

The directive is law in Sweden since May, but has not had any practical implications yet. Pretty much the only one that has tried to comply with the law is the government offices of Sweden. There has not been a single court ruling yet. So far it’s business as usual.


What about Google Analytics:

It seems like there is unlikely to be an issue with google analytics. Google Analytics uses 3rd party cookies meaning that they do not hold uniquely identifiable information about an individual user and therefore are unlikely to be chased.

eConsultancy Article:

The “Google Analytics Exemption”? The final page of the report contains guidance on the use of analytical cookies. Whilst it is clear that analytical cookies (for many this means Google Analytics) are covered by the directives, the wording here suggests that if you are using such cookies in a “non-intrusive” way (and Google have always been *very careful* not to associate Google Analytics with any personally identifiable information – indeed you are not allowed to under GA’s terms of use) then “.. it is highly unlikely that priority for any formal action would be given…”.  I read that as “we’ve got better things to do than go after people using web analytics”’.


What should we do?

 We probably should add something like the following to our sites:

EU Directive

EU Directive


But, to be honest, it seems like it’s going to be nearly impossible to enforce so like everyone else we might do just as well to do the following:


Ostrich Head In Sand

Ignore the EU Cookie Directive - Hopefully it will go away