The EU Cookie Law: The Rules on Cookie Use

How cookies are used on the internet and the laws you need to be aware of.

Since the 25th May 2012, the EU cookie law has been in place. Guidance has been released to ensure that everyone can comply with the new regulations. For all new website owners, we’ve compiled a simple Q&A to help you get to grips with the EU cookie law.


What is a cookie?

Cookies are tiny text files that are stored on a web user’s hard drive when they visit a website. The information they track and store is set by the website and is accessed whenever the same web user visits the site. There are different types of cookie. The main ones are:

Session or Transient Cookie
These are only on the hard drive whilst the user is on the website. Once they leave, they are deleted.

Stored Cookie
Like the name suggests, these stay on the user’s computer once they leave the site. They’re used to identify a visitor if they return, and usually last around 30, 60, or 90 days.

Flash Cookie
When you watch a video or visit a website that uses Adobe Flash, small text files may be downloaded when you watch a video.


What is the new law?

The main part of this new policy is that the website will need to ask permission from the web user before the cookies are downloaded.

The Information Commissioner’s Office (ICO) is in control of driving this new directive in the UK. It states:

“Cookies or similar devices must not be used unless the subscriber or user of the relevant terminal equipment:

  • Is provided with clear and comprehensive information about the purposes of the storage of, or access to, that information;
  • And has given his or her consent”


The ICO website has more detailed information on the regulations.


Do I need cookies?

As mentioned before, cookies store information. You may not notice it when you are surfing the web, but your information is stored and used for your benefit as well as the website owner’s. If your website contains any of the following, you’ll most likely have cookies on your website.

‘Remember Me’ function

When users need to log into a website, they don’t want to have to constantly re-enter their information. These cookies allow users to automatically be logged in.

Shopping Baskets

If no cookies were allowed on e-commerce sites, then every time you clicked to a new page, your basket would empty. These cookies are normally deleted shortly after you’ve left the site, but are kept for a few hours just in case you come back to buy.


To know what is being viewed on your website, analytics cookies are the ideal way to note down information about the traffic to each page. Google Analytics, a commonly used, free package uses cookies.

So these cookies seem harmless, right? They’re only there to benefit the consumer’s preferences as well as helping the website owner improve their service. But there is another common cookie use.

Third Party Advertising

These cookies register whether you have seen an advert or have clicked it. Because advertising on the internet is less easily regulated, this is the type of cookie that has instigated the EU cookie law to be put in place.


How do I know what cookies I use?

It’s important to know what cookies you have on your website to make sure you comply with the law. The truth is, not many people know. Don’t make assumptions on the type that you use; you’ll need to know the details so you can inform your web users.

You need to conduct a full cookie audit to determine what cookies are on your website. Take note of the cookies that you have created, as well as ones that are delivered via your website (Google AdWords and Analytics, for example).


How do I make sure I’m following the law?

It all comes down to asking for permission. By asking them if they are okay to accept cookies, they are then aware of what is being downloaded onto their computer.

Here are some tips on informing your web users:

  • Tell them each type of cookie being used, how long it will be stored for, and what you will do with the information.
  • Explain to them what a cookie is, as not everyone is tech savvy
  • Let them use the website without cookies – not everyone likes them
  • Keep it nice and informal – you’re asking the user for something. Providing no explanation can put them off.


Are there any exceptions?

If the cookies are central to the operation of your website, you may not need to ask for permission. These include:

  • Cookies that remember shopping baskets
  • Those that provide essential security measures
  • Cookies used for quick distribution and loading of content


Check with the ICO regulations on what counts as essential.

You can see how other websites have tackled this new law by simply going onto their websites. By making it a small feature on the page, it doesn’t put users off their experience with you. It hasn’t made much change to the way that people use the internet, but just tells them a little bit more information about what goes on in the World Wide Web.