EU Cookie law – is your website compliant?

It’s not long now until the EU cookie law, the EU Directive on Privacy and Electronic Communications, comes into effect.

On 26th May 2012, all UK websites will need to comply with the new directive. According to a report by consultancy KPMG, issued this week, 95% of UK companies have yet to comply.

That’s a pretty poor show really, seeing as the directive came into force in May 2011 (even if the Information Commissioner’s Office did give us all a year’s grace to sort things out!)

But it’s more worrying when you realise that these companies are therefore risking fines of up to £500,000.

What do you need to do?

For you to comply, it’s no longer enough to just state whether or not your site uses cookies and how you use the information you collect – if indeed you are even doing that anyway – many websites aren’t and didn’t even have a privacy policy!

So now, to ensure that you’re compliant, you need to:

  • Undertake an audit of the cookies that your site places on your users’ computers – you can do this for free using Attacat’s free Chrome toolbar extension; and
  • Find out what information is taken from users of your website and decide whether it falls within or without the directive.

If you’re using cookies that are affected by the directive, you will then need to:

  • Tell people that the cookies are there;
  • Explain what the cookies are doing – this is the hard bit, but I love Attacat’s cookie policy wording, which they say you can use; and
  • Obtain their consent to store a cookie on their device.

Some solutions for your website

If you’re using a CMS like WordPress, Drupal or Joomla, then your site will almost certainly be using a number of plugins or modules that will be storing cookies on your users’ computers.

Here are some solutions for you to consider:

  • CookieCert Cookie Consent Tag: this comes as a WordPress plugin or as some code you can add to your site.  It places a consent bar at the top of your site and also provides a link to your site’s unique page on which details the cookies found during a cookie audit of your site, which in turn allows you to demonstrate your compliance. It looks good so I tried the plugin, but it wouldn’t work for me. Configuring the code-only option is simple, but I didn’t add it to my site because I couldn’t find any instructions about exactly where to put it. I wasn’t sure if it had to be on each page, or if it should go in header.php or footer.php, or somewhere else. And I couldn’t be bothered to faff around testing it or trying to figure it out.  I also couldn’t find any contact details for this company, and they offer “certification” for $195, so all things considered, I decided to steer clear.
  • Cookie Control is a neat little icon device that sits on your site – at bottom left or bottom right – and then pops up to ask the user for consent, along with giving links to your privacy policy and to details about how a user can change their browser settings.  You can download some code, and there’s also a WordPress plugin, a Drupal module (and a Magento plugin “coming soon”).  I have installed the WordPress plugin on a couple of my sites (including this one – did you spot it?) and it works well. [Edit: 24th May 2012 – I’ve since removed it after two of my clients complained they didn’t like it popping up! Not sure what I will do now. And only two days to go!!] [Another edit: 26th May 2012 – The deadline day is here, so I had to do something! I have added a top bar to explain that the site uses cookies, and have linked it to a comprehensive cookie policy that now sits outside of my previous privacy policy. It it’s good enough for the BBC and for McDonald’s, then it’s good enough for me!]
  • EU Cookie Directive is a simple WordPress plugin that displays a banner at the top of your website. You can configure it with your own message (and colours too if you know some CSS and how to edit it).  I tested it on a couple of sites and it works well, but I don’t like it as much as the nifty Cookie Control plugin.
  • The EU Cookie Law WP Plugin is also a WordPress plugin, but it costs £10 – or £25 for a multisite license – and I really can’t see the point in paying for something you can get elsewhere for free!


Further reading:


Photo credit: Gary Tamin