Cookie Law – New E-Privacy Directives: It's all in a Cookie

by on

filed under

Cookies have forever been used by webmasters to keep track of behavior of visitors to their websites. Cookies are small files which keep a track of your online activities. These may include your browser configuration, your purchase etc. Cookies are helpful for behavioral targeting. Tracking user behavior gives valuable insights into the psyche of the consumer. In vanilla terms, “Cookies tell us what the visitor did online”… Hence, when this very user comes to the site which set a cookie, ads and products relevant to the inferred interests of the visitor can be shown specifically to him, thus improving the chance a sale.

Cookies have always left a daunting question about security online. In 2009, the European commission made amendments to directives concerning the processing of personal data and protection of privacy in the electronic communication sector. Following is the amendment made to the directives for cookies.

E-Privacy Act 2009

E-Privacy Act 2009

The amendment clearly mentions that setting of “Cookies” is fine as far as the user is provided clear and comprehensive information about cookies being set. This was sincerely followed by all companies in the form of a privacy policy. This was, thus, an “Opt-Out” system where a person could opt out of the website setting cookies on his browser.

The New E-Piracy directive (to be in effect from 25th May, 2011) by the European commission however requires webmasters to turn the “Opt-Out” system into an “Opt-In” system. In such a system, the website needs to acquire permission from the user to set cookie while explicitly informing him that his actions will be tracked for future references in order to provide better services to in future (in form of relevant ads based on his site navigation and inferred interests). The cookie will be set only when user has granted permission to be tracked.

Revised Artice5(3) of the Privacy and Electronic Communication Directive states the following -

New E-Privacy Policy Directive

New E-Privacy Policy Directive

Webmasters all over the globe are in a fix as to how to adhere to this policy without affecting user experience or losing out on benefits of cookies.  As a result of these amendments, the following three options seem most obvious to webmasters.

  1. Stay Put and wait
  2. Make the website adhere to the directive by explicitly asking permission from users to set cookies
  3. Consider the Browser cookie settings to be the users act of explicit opt in

While doing nothing about the directive may lead to fines being levied (especially to large organizations), it is still a viable option for small business owners. Although not highly recommended, it makes sense for small-moderate scale enterprises to wait for proper course of action to be defined by governing bodies. Currently, the amendment gives us the following option.

Option For Webmasters

Option For Webmasters

According to this directive, the preferred option for all as of yet would be option 3 above. Learning from the fact that privacy is an area of concern for users of all age and demography and not just UK or USA, internet browsers are also being equipped with in built “Do not Track” tools. Google Chrome is looking at an add-on which lets people automatically opt out of ad tracking systems used over the internet. Mozilla too will provide something similar. It is not too far long when other browsers like Safari, Opera etc follow suit. This can well considered to be user option for tracking cookies.

Having said this, the directive amendment has had an impact on a few major corporations who have used option 2. British Airways had explicitly mentioned on their website the kind of cookies which they intend to use and have also given detailed information explaining the use of cookies.

British Airways - Providing User Information about Cookies

British Airways - Providing User Information about Cookies

With this new law in place and to be in effect from 25th May, many questions are yet to be answered. Like, what about sites hosted on servers outside of UK but still doing business in Europe? What about business which span across many countries? Do they need to follow special directives specifically for UK customers? Will this directive not negatively affect web experience of users? What happens to Google Analytics tracking which is also a third party cookie?

Detailed explanations are due from the Government and we also expect internet players like Google and Bing to soon come up with their views on the effects of these directives.

Watch this space for more on new E-Privacy directives…

Follow Google Thread on E-Privacy policies here.


The Department of Culture, Media and Sport is working on technical solutions which online firms can follow. They have also been asked to review the purpose behind setting cookies. These reviews are pretty important as after 26th May 2011, the Information Commissioner’s office (ICO) will implement strict actions against non-compliant cookies…Read the entire article HERE.

One response

leave a comment
  1. Excellent blog! I genuinely love how it’s easy on my eyes as well as the information are well written. I am wondering how I might be notified whenever a new post has been made. I have subscribed to your rss feed which need to do the trick! Have a nice day!

Leave a Reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>