EU Cookie Legislation

The EU Cookie Legislation came into effect on May 25th 2011. After a 1 year holiday period to allow webmasters to get their houses in order, it is set to become enforced as of the 26th of May 2012. With a £500k maximum fine - the stakes are high for any companies successfully prosecuted under this new legislation. Most CMS based sites such as Drupal, Wordpress and Joomla will find they have a small host of cookies that have been dropped by a variety of plugin modules and even core code. Specifically user identification cookies are used to identify users between page changes, if those cookies are left on the browser after the session has closed then they also fall under the legislation.

The "cookie law" covers everything from basic Google Analytics cookies to social media cookies that may be dropped by JavaScript originating on you page. As such it affects almost ever single EU website, the overwhelming majority of which will be illegal unless they change and comply.

As of 26th May 2012, site owners have the following three choices

  • Ignore the law
  • Drop cookies and lose analytics and the ability sites to adapt to users
  • Display a popup and seek user agreement to store local cookies

There are exemptions to the cookie law, and it is important to understand what they are. Essentially, cookies that are essential to the running of your site.

The following are loosely exempt (please seek your own legal advice)

  • Cookies to remember goods added to your a shopping basket
  • Cookies required for security
  • Cookies that help ensure pages load quickly by helping distribute workload to the browser

The following are loosely in breach, if used without user consent (please seek your own legal advice)

  • Cookies used for analytics
  • 1st and 3rd party advertising cookies
  • Cookies used to recognize when a user returns to a site to tailor the information presented to the user

If you are keen to stay on the right side of the law then a cookie control popup maybe the solution for you such as this one for drupal

It may not enhance your site aesthetics, in fact because it cannot stop cookies being created with developer code, it may not even keep you legal, but it will show that you are trying, which could make the difference in the event of a prosecution.


It seems fairly clear that although well intentioned by the ever caring Eurocrats, this law to protect privacy, has been drafted by technology phobic dinosaurs who completely fail to grasp how the modern internet works. A sensible solution whould have simply been to force browser manufactures to display cookie warnings and prompt for user decided settings. In fact in a modern democratic environment, we are all capable of voting with our feet. Many of us block popups. If we had cared to the same extent about cookies we would be doing the same.

Sadly that is not the case here. In the case of EU vs the rest of the world, the real winners here are Internet Giants and Startups in America who simply cannot believe their good fortune. Whilst EU sites are now saddled with having to show ugly popups, American sites are laughing and at what we have done to ourselves. In a time of great European uncertainty, the EU technophobes are busy choking the one industry (and no its not the bankers this time, but technology that is beating the recession) that is trying and succeeding to lead the zone out of recession.... If that statement sounds extreme, then ask yourself the following question: would Apple be the richest company in the world if it had been an EU company, with the way are politicians think sadly not.


The above is an opinion piece, it is essential you seek your own legal advice and of course please leave your opinions below.

Download the PCC guidance

London Office

Unit 6, Hounslow Business Park,
Alice Way, Hounslow,

302 Cocoa Studios, The Biscuit Factory,
Tower Bridge, London, SE16 4DG

Meeting Rooms:

IOD 118 Pall Mall


+44 (0) 20 70 60 5304