The EU Cookie Law and Web Analytics

EU cookie directive

The EU Cookie directive will come into force in the UK imminently. To sum up as simplistically as possible what this means for website owners, it means that users of your website must opt in before you can store ‘non-essential’ cookies on their website.

If you want the full story, you can find a complete guide to the EU Cookie Directive here.

When Does This Come into Force?

It actually took effect on 26th May 2011. However, the UK ICO gave UK website owners a 12 month grace period before it plans to start enforcing the regulation. This means it effectively comes into force in the UK on 26th May 2012.


What’s the Problem?

The problem is Brussels sticking its nose in where not necessary that very few websites at present ask users to consent to cookies being stored before going ahead and storing them. So users are not accustomed to seeing any consent requests.


Asking users for their consent for something they may not even fully understand will be an interruption to the user experience and could even make them question the trustworthiness of the website.

Which Websites Use Cookies?

Most of them! If you have any sort of web Analytics (e.g. Google Analytics) then your website stores cookies too.

Essential and Non-Essential Cookies

The EU guidance stipulates that cookies essential for the functioning of a website will be considered essential and therefore are exempt from the regulation. This would include, for example, cookies stored during a checkout process on an ecommerce website.

However, the ICO has stated that web analytics are likely to be considered non-essential. With Google Analytics specifically, the cookies it stores are ‘first party’ cookies, thus consent to store them is only needed once. However, this would still mean getting users to opt in.

UK Government Stipulates Web Analytics are ‘Essential’

The UK’s Government Digital Service (GDS) has taken a contrary stance on Analytics to that of the EU. It issued guidance to public sector websites and also a blog post that refers to analytics cookies as ‘minimally intrusive’ and ‘essential.’

The most interesting excerpt from the GDS blog post is this:

“Inevitably, analytics and the vital role analytics-related cookies play in allowing public sector websites to be held to account on the cost-effectiveness of the way we deliver government information and services came up.  Even more importantly, analytics are essential to our “continual improvement” approach to developing digital public services, which is critical to delivering the government’s digital by default agenda.

The consensus was, especially in the case of first-party analytics cookies, these types of cookies are “minimally intrusive” (in line with the ICO guidance) and that the bulk of our efforts to rationalise our use of cookies should be focused on cookies classified as “moderately intrusive”.”

The GDS also made reference to a statement in the Information Commissioner’s Office (ICO) guidelines that says:

“Although the Information Commissioner cannot completely exclude the possibility of formal action in any area, it is highly unlikely that priority for any formal action would be given to focusing on uses of cookies where there is a low level of intrusiveness and risk of harm to individuals. Provided clear information is given about their activities we are highly unlikely to prioritise first party cookies used only for analytical purposes in any consideration of regulatory action.”

So What Does This Actually Mean?

Well, it means that the ICO is telling us we should technically be seeking consent to store web analytics cookies. However, it’s also saying they don’t consider such cookies to be high risk for users and are therefore not prioritising breaches relating to analytics cookies.

In reality, unless Google Analytics (and other 3rd party solutions) issue workarounds, there are millions of sites technically likely to be in break of the regulations come 26th May.  But it doesn’t seem like the GDS, ICO or, well, anyone, is all that concerned!

Panic over?


If you enjoyed that article, here are some more you might like:

Tecmark Author Stacey MacNaught

About the Author

Stacey MacNaught: Search Director

Stacey joined us in 2009 as a junior copywriter; now she's a recognised figure on the global speaking circuit, having wowed audiences in the UK, Europe and US - including at MozCon 2014. She leads our search team and works with clients to deliver high-level campaign strategies.

Visit Stacey's Page
  • Your content is awesome – now what?
  • Seth Godin’s #Inbound15 keynote: the Tecmark review
  • Three speakers I can’t wait to see at Inbound15

  • Latest from Tecmark

    Paddy Power SEO specialist Maureen Doris discusses the challenges faced by one of gambling's biggest brands...

    Nine Tecmark team members are now fully recovered after completing Manchester's 10km 'Survival of the Fittest' assault course...

    Discover five key areas that have boosted our content marketing success...