Back to parent page cookies and new regulations


New regulations from May 2012

New laws mean you must make changes to how your website uses cookies.


You must get informed consent

You have to tell people the cookies are used and ask their permission to keep using them


Explain what you cookies do

You have to list all non-essential cookies, and give a plain-English explanation of what each cookie is for


Audit your site for all 3rd party content

If your site uses content from other providers, like YouTube or Google, you need to make users aware in case they also use cookies


You are legally responsible

Failure to comply can lead to a €800,000 fine, so if you operate in the EU you must follow the new laws.

What do you need to do now?

The legislation is mainly being enforced to prevent people from using cookies to target advertising. So if your site doesn't use advertising, it's unlikely you'll be prosecuted immediately.

But don't delay: the law will be enforced, so you need to:

  • make an audit of all the cookies your site uses
  • list them on a page on your site, with an explanation of what each cookie is for
  • give users the option not to accept non-essential cookies

Treeline have offered to do this work for all of our clients. If you're one of our clients and haven't had the work done yet, we strongly recommend you do it now. If you aren't a client of ours and need help, please contact us for help and advice.

However, at the time of writing, the law is still in a farcical state. Three sets of people with responsibility for implementing the law (MPs, the EU, ICO and the Data Protection Registrar) are still making contradictory statements about how the law will be enforced.

There are also several test-cases which may have a significant effect on the interpretation of the law.

And there is still a lot of dispute about what constitures an "essential cookie". For example, in order to make the website remember that the user doesn't want to use cookies, the website must use a cookie. So that is clearly essential. But is it essential to have a shopping basket cookie (given that a shop can't work without one)? Nobody knows until the outcome of various test cases.

And most significantly, nobody seems able to agree what an "EU" website actually is:

  • A site who's owners are registered in the EU?
  • A site which is hosted in the EU (and if so, what about sites hosting in multiple locations)?
  • A site who's domain name is registered in the EU?
  • A site who's audience is in the EU (and if so, what about sites which reach across national boundaries - i.e. every single website)?

As test-cases provide further clarity, we'll provide further advice. Make sure you subscribe to our email newsletter so we can keep you informed.

blog search

follow Treeline

Get our monthly email with advice, news and annoucements.

blog by Phil

technical lead