Posted by & filed under Blog.

By the 26th May 2012, UK web sites must ask for consent from visitors to use most cookies. This "Cookie Law" started as an EU Directive in 2011 and became part of UK law when it was adopted into the Privacy and Electronic Communications Regulations.

There is still plenty of confusion from web professionals regarding the Cookie Law, ranging from burying their heads in the sand to hysteria and panic.

It’s hardly surprising though when the UK Government’s sites seem unwilling to adopt the letter of the law themselves. I almost feel sorry for the Information Commissioner’s Office (ICO), who is responsible for enforcing the legislation. A recent interview with the ICO’s Group Manager for Business and Industry did little to resolve any confusion, although I do feel his answers were meant as realistic, level headed responses.

There are plenty of resources on the web that provide information about what steps you should take and a number of code solutions you can incorporate into your site to ensure compliance. I quite like the look of these two jQuery plugins but what I wanted to research was what steps other web sites and businesses had taken to ensure compliance.

It is interesting to see there is no industry standard yet. I suspect this will change in the next few months once the deadline has passed. As it becomes more common to adopt an opt-in policy and users become more familiar with the solutions, businesses will not want to be seen to disregard consumer’s privacy rights if their competitors are compliant.

An example of full compliance

The Information Commissioner’s Office
Unsurprisingly the ICO’s web site has adopted a fully compliant solution. Visitors are greeted with a rather uninspired box at the top of the page that requests they accept cookies from this site.

ICO cookie compliance web development

As a result 90% of visitors declined to accept cookies, which meant the ICO was unable to track the vast majority of their users with Google Analytics.

Clearly, this would be unacceptable to most web site owners.

Compliant – but too clever for their own good?

BT’s solution is an elegant slider that users can drag to indicate the level of privacy/functionality they wish to accept.

BT cookie compliance web design

Despite its sophistication, I feel this asks a bit too much of visitors. Checking one box to allow all cookies is a lot simpler than being presented with three options and having to work out which one is right for you.

Graceful and compliant

This Somerset web design company has achieved compliance with an unobtrusive opt-in prompt at the top of the page. In fact, I didn’t notice it at first because the colour scheme of the opt-in prompt was similar to the rest of the site.

Devon web design cookie compliance

This is good from a visitor’s perspective because it doesn’t detract from the user experience. But it might mean that so few visitors accept cookies that it isn’t worth the site using them at all.

No more pop ups!

The Delia Smith cookery web site, Delia Online, now has an updated privacy policy.

Delia web design cookie compliance

What is interesting about this site is that it used to have an opt-in mechanism (according to this article) but I guess it was dropped because of the effect it had on visitors!

More updated privacy policies

Many web sites have decided to just update their privacy policies and presumably adopt a wait and see approach. The BBC has a well respected online presence and they have a separate page regarding their use of cookies but so far, no opt-in mechanism.

It will be interesting to see if they adopt one before the Olympics when they will expect a big surge in traffic.

If you expect the Government’s Number 10 web site to lead the way then you’ll be disappointed! They simply have a rather bland privacy policy page with a link from the footer.

No 10 web design cookie compliance

The Department for Culture, Media and Sport wrote the UK version of the Cookie Law. They’ve decided that a link in header is sufficient…

Dept Culture, Media web development cookie compliance

The UK’s biggest companies

And what are the UK’s biggest companies doing? A few random selections from Wikipedia’s FTSE100 list shows not much!

Admiral Group
At first I thought the Admiral Group had taken no action and I couldn’t even find their privacy policy. Then I realised the site didn’t use cookies at all! A perfectly valid solution of course…

Their privacy policy is hidden and not particularly easy to find. Visitors have to expand the "Explore BAE" area to find a link to a separate cookie policy page from their privacy policy.

Barclays, HSBC, Legal & General, M&S, Unilever
These five companies have a similar approach with cookie information available from their privacy policies.

What about this site?

Yes, I use cookies. Yes, I should do something about complying with the Cookie Law. Not because I feel it is the right thing to do or because it is in the interests of my visitors though. The main driver for this change will be because other similar web sites will be compliant and not being compliant will reflect badly on me in comparison…and I expect this will be the real reason for the majority of sites too.

Comments are closed.