Who needs to comply to the new EU Cookie Regulations

Don't forget to share

EU Cookie Regulations

I know many people are confused about the EU cookie regulations, you are not alone. We are all confused and amazed that it is even a law.   I will try to keep this short and simple as I know you guys get bored with lots of text, however, it won’t be easy.

Some still think it’s not a real law – this is because the media has not made much noise about the Cookie regulations so here are a few links that might help BBC –  The Telegraph – <- Information from here will be in blue text.

We can only hope and pray that this ridiculous law is overturned, but as it stands – it IS a law already.

Firstly can I say cookies are not viruses – there is nothing wrong with cookies, we all use them, most websites store them for one reason or another, I will explain more further down.

The Cookie law came from The Privacy and Electronic Communication Regulations, PECR –  which were changed on 26 May 2011 to include Regulation 6 which are the new regulations.

Who has to comply with the EU Cookie Regulations. 

If you are in Europe which includes the UK (oddly) and have a website or blog – even if it is hosted somewhere else then you are liable.

Even though this is my main self-hosted WordPress website – I have many more that I use that I am concerned about. Which include Blogspot, Blogger, WordPress, Posterous. Tumblr. I hoped that I wouldn’t need to comply on the free hosted non-business blogs as for a start I don’t actually own them – but I read this on the Ico.gov.uk website.

The Regulations do not define who should be responsible for providing the information and obtaining consent. Where a person operates an online service and any use of a cookie type device will be for their purposes only, it is clear that that person will be responsible for complying with this Regulation.

Make up your own mind on that, to me that looks like I am liable, but as yet I have not found any plug-ins for blogger or similar sites to use, it seems the American companies are saying its not their problem. But we are in the UK and have a UK audience..

What are the EU cookie regulations?

The new EU cookie law was brought into effect May 2011 but it was clear that the UK was not ready – So the government had no choice but to give us all another year to sort ourselves out.  Now that time has come. Doesn’t a year go by fast?

The whole reason for this law is that they think that consumers have a limited understanding of cookies and how to manage them. So it was decided that we have to…

  • Inform readers that there are cookies on the website
  • Inform readers what those cookies are
  • Allow readers to acknowledge cookie use before using the website.

The main problem here is that a small disclaimer is not enough – the cookie regulations do not state it has to be a pop-up or a message bar, but you need to adhere to the above stipulations.

Something like we have on this site here http://digitalbusinessuk.com/

What are cookies

A cookie is a small file, typically of letters and numbers, downloaded on to a device when the user accesses certain websites. Cookies allow a website to recognize a user’s device.
This information is taken from for more see: http://www.allaboutcookies.org/

There are many types of cookies…

Session cookies – allow websites to link the actions of a user during a browser session. They may be used for a variety of purposes remembering what a user has put in their shopping basket as they browse around a site. They could also be used for security when a user is accessing internet banking or to facilitate the use of webmail. These session cookies expire after a browser session so would not be stored longer term. For this reason, session cookies may sometimes be considered less privacy intrusive than persistent cookies.

Persistent cookies – are stored on a user’s device in between browser sessions which allows the preferences or actions of the user across a site (or in some cases across different websites) to be remembered. Persistent cookies may be used for a variety of purposes including remembering users’ preferences and choices when using a site or to target advertising.

First and third-party cookies – Whether a cookie is ‘first’ or ‘third’ party refers to the website or domain placing the cookie. First party cookies in basic terms are cookies set by a website visited by the user – the website displayed in the URL window. Third-party cookies are cookies that are set by a domain other than the one being visited by the user. If a user visits a website and a separate company sets a cookie through that website this would be a third party cookie.

It all sounds very confusing right, ok – simply, these are the types of cookies that need to comply.

  • If you are using social buttons – say for Facebook – twitter – google+
  • If you have a login system
  • If you have any Ads
  • If you use Analytics like – Stat counter or Google Analytics
  • If you use a comment system as I do – Discus.

Since 2003 anyone using cookies has been required to provide clear information about those cookies. In May 2011 the existing rules were amended. Under the revised Regulations the requirement is not just to provide clear information about the cookies but also to obtain consent from users or subscribers to store a cookie on their device.

What to do next

  • Check what cookies you use
  • Decide where you need consent
  • Decide how to obtain consent

How do I know what cookies I use?

In Chrome…

Click the Spanner – Click Tools – Click Developer Tools.

A box comes up at the bottom – Click resources – and Cookies.  Here you will see a list of what cookies you store.

Once you know what you do, how you do it and for what purpose, you need to think about the best method for gaining consent. The more privacy intrusive your activity, the more you will need to do to get meaningful consent.

 You need to provide information about cookies and obtain consent before a cookie is set for the first time. Provided you get consent at that point you do not need to do so again for the same person each time you use the same cookie (for the same purpose) in future.

There are some solutions becoming available now but – make sure that it can list your cookies – show your terms – and let the reader click something to say that they have accepted before they use the website.

Mick Say explains this with much more depth – he has a good understanding of the requirements and says that there are some solutions around which don’t, in fact, meet the regulations – such as you need the user to physically accept the cookies – The online marketing academy offers a solution for small and large businesses and even for self-hosted bloggers here -> Eu Cookie Law 

I will keep looking for a solution for the blogger – Blogspot problem in the meantime maybe the best thing you can do is put a disclaimer and although this does not comply with the regulations, at least you are trying to conform which might help until there is a plug-in or a gadget available, that is up to you obviously I can’t really advise you on that.

Photo by Oksay


EU Cookie Regulations