The EU Cookie Law: Opt in, or opt out?
  • 4 May 2012
  • by

The EU Cookie Law: Opt in, or opt out?

Our stance on the EU cookie legislation

This month, the Internet is awash with articles and stories about the new EU legislation, coming into force from the end of the month. Opinion is split between attempting to comply fully with the cookie law, or not.

What is it?

Unless you've had your head in the sand for the last year, you can skip to the next section.

Essentially, the EU have passed a new Directive on cookies (and any other locally stored information) which means that website owners have to be clearer on what cookies are used, what information is saved, and for what purpose. They also need to gain consent before any cookies are saved, for anything that is not required for the website or application to work.

How do I comply?

To comply fully, you have to clearly display what cookies you save and why, and gain permission before you save them.

According to the ICO though, it seems that analytics cookies, while not being technically necessary for a site to function, will not be a high priority in terms of enforcement.

And they're not going to be chasing down site owners and hitting them with fines, either. Unless there are serious, continued breaches, the chances are they'll look to educate webmasters and business owners and help them comply, rather than go at them with all guns blazing.

What's MMK's stance?

We believe privacy online is very important, as is the creativity and performance of websites. Legislation that makes the Internet a safer and better place to browse and shop should always be seen as a good move. But our concern is that this law is misguided, difficult to enforce, and support for it is exceptionally low within the industry.

Here's why we think the law is a very bad idea.

  • It doesn't help privacy - The strategy behind this law is to educate users about information that is being saved, and allow them to make informed choices about it. The problem is that cookies very rarely contain any personally identifiable information and are usually placed to remember a user, target advertisements better, and track website activity. If they were saving email addresses or credit card information, this would be a different story.
  • It will confuse users - Without explaining what a cookie is, this sudden influx of opt-in messages will likely confuse users as previously, there is no reason for them to know what a cookie even is. The ICO have given no support to the 'standard' web user to help them understand what cookies really are.
  • It will ruin user experiences - To fully comply with the law, you'd be required to show a message and gain permission before saving a cookie. This means an intrusive alert message with a tickbox, button or slider. Users hate popups, and they may even tend to tick 'yes' just to get rid of the re-occurring cookie message. How is this helping their decision-making?
  • It will impact negatively on UK business - Any UK-based business should comply with this law. This puts the UK at a disadvantage compared to Europe (those countries that haven't implemented the Directive), and the rest of the world. With the combined impact of wrecked user experience and a loss of up to 90% of crucial analytics data that drives on-site innovation and research, if we were all to comply fully, we would not be able to compete with non-UK sites and our online economy would no doubt suffer.

What are MMK doing next?

In a nutshell, we intend to be complying with this new Directive in a way we believe will not impact on the user experiences of our visitors and those of our clients, and will not impact on any services that could potentially damage our business.

We will:

  • review all cookies that are used on all our sites, subdomains and client sites
  • provide links to privacy policies on each site that uses cookies, to explain what cookies are used and for what purpose, as well as some advice on how to remove them using your browser's inbuilt settings
  • ask permission to save any cookies that we believe are intrusive, or save any personally identifiable information. At present, we don't believe we use any cookies of this nature
  • NOT be asking permission to save analytics, retargeting, or tracking cookies. This is because:
    • none of these cookies save personally-identifiable information
    • all of these cookies can be opted-out at any point using browser settings, or 3rd party websites
    • retargeting serves relevant ads, which we believe are far better than non-targeted 'spam' ads
  • advise our clients accordingly depending on the nature and size of their businesses

As we believe this law is so damaging to UK businesses and will do nothing to help enforce user privacy and information choice, we have also chosen to campaign against this legislation by backing petitions and assisting anti-cookie-law campaigns across the web.

As website and business owners, we believe it is our responsibility to keep the web clean, honest, and vibrant - and this law will not help us achieve any of these goals. We urge you to sign the petition here, write to your MPs, and do all you can to help the campaigns against this poorly-implemented and misguided law.

If you would like to discuss cookies with us (my favourite is double chocolate chip, thanks for asking) please do give us a call or drop me an email (, or leave us a comment below on the cookie-driven Facebook comment widget. We'd love to hear your thoughts!

This blog's author