Top Tips

5 steps to make sure you are compliant with the EU Cookie Directive

With new EU legislation being enforced on the 26th of May, companies are now being forced to obtain the permission of users before using cookies.

By Reason Digital · May 14, 2012

Until recently this law was endorsed by the UK’s information commissioner (ICO) and was to be enforced fully in the UK.

However, just a day before the law was to come into force the ICO changed its view on how it will be applied in the UK. Previously they said that only explicit consent by the user would be sufficient. However, now the ICO says that implicit consent is now acceptable and that purely by using your website users are consenting to cookies. This means that the UK law is now out of sync with the EU law.

It’s uncertain on whether the UK law will be overruled by the EU one. So, if you want to be safe and make sure your website is complying with the EU law then follow these five steps.

Are you using cookies?

First of all you need to find out if your website is using cookies. There are a few good tools that enable you to do this. If you use Firefox then you can install this View Cookies add-on. This allows you to see what cookies are being used on whatever website you are viewing.

A similar add-on, Attacat Cookie Audit Tool is also available for Google Chrome. This tool has been recently updated in light of the new legislation and now also generates custom cookie information that informs users of how you use cookies and helps in gaining consent.

There are also companies that will audit your website for you to see how you are using cookies. TRUSTe are offering a free 100 page website tracker and cookie audit until the 25th of May, when the EU Privacy Directive comes into play.

Note that if your website includes elements from 3rd parties such as a Facebook Like Button, which use cookies, the onus is on you to inform the user of their activities.

Why are you using cookies?

If you are using cookies then you need to what they are and what they do. According to the International Chamber of Commerce there are four categories that your cookies will fall into – strictly necessary cookies, performance cookies, functionality cookies and targeting/advertising cookies. Each of these different categories require a different level of consent.

Strictly necessary cookies are cookies deemed essential to running your site and as such you do not need the user’s consent for. An example of a strictly necessary cookie is one that is used to remember what item you have stored in an online shopping basket.

Performance cookies collect anonymous data that shows how well your website is performing. These can be used to see which pages are visited the most and how users interact with them. To use these you will need to get consent from the user.

Functionality cookies are used to increase the usability of your website. These can be used to store information about the user, such as the user’s language or font size preference. Consent has to be gained before using these.

Targeting/advertising cookies focus on delivering more relevant advertisements to users. They track how many times a user has seen an advert and how effective it has been. This allows advert providers to provide a more tailored service to each user. Consent must be gained, even if the cookie is provided through a third party.

Remove unnecessary cookies

Cookies are a widely misunderstood thing. Only 13% of people fully understand what they are and most web users don’t even know that there is going to be new legislation surrounding them. As such, it’s key to minimise the impact that this law will have on your users. The best way of doing this is by removing as many unnecessary cookies as possible. Look about your site and identify which cookies won’t be missed and try to get rid of them. If you only use cookies because of one largely ineffective third party plugin then it makes sense just to remove the plug-in.

Inform your users

If you haven’t managed to get your website to use just strictly essential cookies then you are going to have to gain consent from your users. The most simple way of doing this by simply having a pop-up appear when a user first uses your site stating something along the lines of “By using our service you are consenting to use placing cookies on your computer”. Make sure to also link to a page explaining in detail what cookies are and why you wish to use them.

Obtain consent

Another tactic, the one employed by the Information Commissioner’s Office, is to include a banner at the top of your website that explains about cookies and has a tick-box so users can consent. This is less intrusive than a pop-up but could also have a lower impact.

A more elegant solution has been provided by CivicUK. They have created a customisable little widget that will appear at the bottom of user’s browsers when they are viewing your site. This widget is a simple solution that makes sure you are going to be legally safe when the new EU law comes in.

If you have questions about your website feel free to email us at or sign up to our newsletter.

More Top Tips