Cookie Law… according to Papertank

While Chris focuses on Something Creative for the Weekend, I will normally be discussing recent issues in the world of technology and all things web related. The geeky stuff.

In this post I want to lift the lid on all things Cookie related, specifically the new laws which come into force next week… according to Papertank, of course.


A cookie, for those who don’t know, is a piece of data stored on your computer which a website can access. They have been about since the mid-90s and are used by the majority of websites for user tracking (analytics – to see how many people visit your website), e-commerce (shopping cart items) and, in some cases, advertising.


Obviously privacy is a major concern for web users, and something that web developers have to take into consideration for each project. Recently, high-profile companies like Facebook, Twitter and Google have put effort into reassuring their users about how they handle data and what is stored. In the UK, government bodies like the Information Commissioner’s Office (ICO) give businesses advice and draft legislation regarding privacy, and websites have long adopted the ‘privacy policy’ or ‘privacy notice’ in the footer of their website which includes a section on the use of cookies.

Major browsers like Internet Explorer, Firefox, Chrome and Safari give web users the ability to block cookies for all websites, a specific number of websites, or just advertising cookies. While most users choose to allow cookies, for web developers it is another check to perform in the website’s code – for example, warning users they need to enable cookies to use the shopping cart or login with their username/password.

The New Law – What Changes…

From May 2012, a new privacy law comes into effect across the EU. The law requires that websites ask users for consent to use most cookies, including those used for analytics and social media purposes.

Why the law makes sense

As web users ourselves, we fall victim to the sheer amount of information available about to you to advertisers, large organisations and even malicious websites. Many of you will be familiar with targeted advertising networks where products you have just searched for or recently visited are displayed on another website, enticing you with offers and related items. For the majority of people, this is an abuse of their privacy and abuse of their personal search history, something which people are uncomfortable with.

Why the law is ridiculous

All of Papertank’s clients, along with a large proportion of website owners, use some form of analytics to track who visits the website. The most popular tool, Google Analytics, uses cookies to check if a visitors is returning along with other information the website owner can check. There is no information that could specifically identify an individual person, but nevertheless these types of cookies will no longer be allowed without explicit consent from the user.

A growing number of websites, including this one, also use plugins from social networks like Facebook and Twitter to display like and tweet buttons that link directly to the users profile. Again, these use cookies which will be banned without consent from the user.

Will Users Give Consent and Will Companies Comply?

Now that individual websites – rather than your web browser – ask for permission to store cookies, there will inevitably be a range of popups, dialogs, overlays and all sorts of methods used to try encourage the user to give their consent. When you ask yourself, would I click ‘Yes – I accept’ – the chances are, no.

The BBC also published an article revealing how the ” majority of the UK government’s own websites will fail to comply in time”. This begs the question – if the government doesn’t comply, how can they expect other online businesses and websites to do so? The second issue this raises relates to fairness: if a company deliberately ignores the legislation and continues to use cookies, they will be at an advantage compared to companies who follow the law and potentially miss out on analytics and other data.

As it stands, the implications and practical applications of this new law have yet to be fully explored or even understood. The government claims that failure to comply with the legislation could potentially result in a £500,000 fine, if a user complains. However, the ICO has assured businesses and developers that “it’s most unlikely that breaches of cookie requirements meet the requirement for monetary penalty”. This comes as a relief, but only really confuses the issue further – we will need to wait and see what happens next. In the meantime, we suggest everyone gets on the right side of the law… just incase.

And finally…

At Papertank, we are doing some brainstorming and user testing to check which method of asking for the user’s acceptance works best. We are also in the process of advising our clients about the upcoming law change, what it means for them and what we will need to do. I wonder how many other web studios are following suit, and how many websites will ultimately change their website to comply with the new law?

Do you need help making sure your website complies with the new cookie law? Get in touch with us.


? comments