eu cookie directive

EU Cookie Directive = Analytics Suicide

By Paul Morris
In my current role I am being asked for my opinion on the EU cookie directive. As a result I thought it pertinent to put my thoughts down in writing for you guys…

Paul Morris note: This article presumes you are digitally savvy and aware of the past few months’ worth of debate over the EU Cookie Directive i.e. I’m not explaining the basics.


Essentially the EU cookie directive situation is unclear! Everyone is waiting for everyone else to make a move.

Most companies are simply tightening up their privacy policies and overtly telling people what they are doing with cookies.

You stand little chance of being sued if you are just using cookies to track behaviour (as long as there are sound reasons for tracking that behaviour). If you are using cookies for other reasons e.g. retargeting, behavioural targeting, attribution CRM, display advertising, etc and are not explicitly telling people about this then you are going to be at higher risk of prosecution after May 2012.

If you are a big brand or blatantly taking the data mickey/ flaunting the law then they are likely to take you down first to make an example of you.


The EU Cookie law has been in force since 26th May 2011. Despite what you might have heard, ICO (Information Commissioners Office) is still collecting reports from snitches on companies flouting the directive and could act on this data after the new deadline of May 2012. However nothing will happen to you for now/ you have a stay of execution. I’m still not convinced by the party line though of the directive being enforced after May 2012 and believe ICO have realised how stupid the ruling is and are now trying to backtrack and buy some time. Rant over.

The situation is complicated however by visitors coming from other EU countries as you might still be liable for prosecution as the ruling is being applied differently in other European countries.

You could put a notice on your site now for new visitors asking for their consent to use cookies to see what happens and become whiter than white. If the visitor does not agree then they can continue to use much of the site functionality however you can no longer track them. ICO did something similar to this and committed analytics suicide! When ICO implemented their warning on the 26th May (asking for consent to store cookies) the visits shown in analytics were down to 11% of normal levels. Again going back to my previous point; now ICO have seen what applying the directive does they must realise the commercial impact on UK business and that they were stupid to come up with the directive in the first place. 2nd rant over.

Another option, as highlighted by John Wedderburn and made by the IAB in Sweden, is to obtain cookie consent via the browser which does make sense. My only concern is that ICO was not born with any common sense hence may not adopt this more workable solution. 3rd rant over.

It will be interesting to see how ICO apply the rule after May 2012. Will they apply the letter of the law or just go after those blatantly abusing data? Will they go after brands to make an example of them in the press? Will they take no one to court and it’s simply going to be business as usual?

The EU cookie directive can be found here if you have a spare few hours to read it!

15th December 2011 note: If you would like further information go to MarketingLand who have just posted on the ICO recommendations.

09th February 2012 note: Found quite a good update on Cookie legislation from Marketing magazine that is certainly worth a read.