
Simon Cox
EU cookie consent law largely ignored
The EU has give the UK until May 28th 2012 to comply with the cookie consent law - how many of the organisations pinpointed by the ICO have met the deadline?
Most UK organisations have ignored the EU directive on cookies
The EU Cookie Consent law has been making a lot of waves in the web industry since it was first announced. The UK was given an extended period to implement the law and this has been overseen by the Information Commissioner’s Office — “the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals” — know as the ICO.
The ICO published a list of organisations that it has written to, spread across a wide spectrum of operations, and in many cases has been working with to get feedback on the approach to the cookie law issue. This resulted in an 11th hour change to the law on the 24th May 2012 much to the outrage of those companies that have spent a lot of time and effort getting compliant in time.
I reviewed that list of organisations expecting to see the majority of sites in compliance with the new law — especially since the ICO had highlighted these and had been in contact. These were my findings:
Of the 75 organisations listed by the ICO 13 had implemented a cookie consent function, 60 had done nothing (and may not need to) and 2 I could not fathom who the ICO had written to so could not find a website to test.
This is despite good advice and tips on Cookie Consent law implementation being readily available around the web. One UK agency, Silktide, have even created a Cookie Consent kit that takes 5 minutes to update a site to make it compliant. For the bigger companies though this kind of change is a challenge and the court costs and fines may well be less than the cost of implementation.
If you want to read more about the Cookie Consent law I suggest you start your journey at the ICO and then move onto the No Cookie Law website.
To do this test I used the Ghostery Chrome plug-in to show the cookies but in some cases it did not detect any so on further investigation with the Web Developer plug in I was able to see the cookies set by the website. It’s not perfect but its a good indication of the state of compliance with this law.
Note that simoncox.com is not on the ICO list and therefore I have not been directly consulted by the ICO and since none of the EU websites have bothered to comply (seriously!) I will wait to see what the best practice is — or for a change in the law.