There is a lot floating around about the new Cookie Rules coming into force at the end of the month. We have been reading around the topic from various sources and one source in particular has provided great insight into what this new legislation means. We have summarised a great article from Vertex Law below, but if you want to read the full article click to visit the Vertex Law site here. If you want to read a more biased view on why I think it is unfair! Click here.

What’s a cookie?

Cookies are small text files stored on a user’s computer by their web browser, which allow a website to recognise a user’s device and remember their activity. This in turn facilitates (for example) storing site preferences and shopping basket contents, and authentication of a user’s details.

What legislation?

The European Union has passed various directives since 2002 related to the setting of “cookies” through users’ browsers. The UK introduced these amendments in May 2011, through the Privacy and Electronic Communications Directive, and gave UK organisations a grace period of 1 year to comply, ending 26 May 2012.

This applies to all UK organisations, as well as emails and “apps”, extending to all technologies including mobile.


To be exempt the storage of cookies must be strictly necessary for the correct operation of the primary purpose of the website. As a very narrow example, an “add to basket” or a requirement to “remember” user choices from previous pages, could claim exemption. The vast majority of cookies, particularly those used for advertising, analytical and tracking purposes are likely to be affected.

What is required?

In order to comply, you must obtain consent from users to store a cookie on their device. It is not satisfactory to simply amend a privacy policy or terms of use. Organisations must make users aware of the changes to the legislation, and ensure they actively consent in order to comply.


By 26th May, organisations must have in place a “realistic plan to achieve compliance”, or face potentially serious penalties, with fines of up to £500,000. Customers expect to see websites complying with the law in relation to personal data, and as such not complying with this legislation may quickly become conspicuous for such non-compliance.

What you need to do now?

Audit your systems
Extend your privacy policy to cover the new cookie regime and changes in legislation
Adopt a “consent strategy” for your organisation

[poll id=”8”]