What does your cookie policy look like? Are you compliant?

Netmatters Ltd
Posted by Netmatters Ltd
5th June 2020

Cookies on a laptop to demonstrate the need for a compliant cookie policy

What does your cookie policy look like? Are you compliant?

Everyone is online nowadays – using the internet to browse social media, shop for consumer goods and conduct research.

Having a website is now an integral part to the growth of a business. Your businesses online presence is now as important, if not more so, than bricks and mortar as the digital age continues to strive forward.

If your business has a website, and most do, you’ll also likely be using Cookies to optimise the web experience and also track user behaviour as they explore what’s on offer. Tracking this behaviour allows companies to build profiles of their clients, giving them the ability to personalise messaging and, ultimately, deliver a unique experience to each person.

Whilst a website using cookies is fine, specific cookie policy rules must be followed to ensure each customer opts into their use, prior to beginning the website experience.

A recent news story surrounding an online lottery retailer brought cookie policy legislation to light and made companies take this policy more seriously so that their business isn’t the next to come under fire.

So, what are cookies and what do they do?

Cookies are small files which are stored on a user’s computer. They are designed so that a moderate amount of data is stored to a particular client and website, which can be accessed by the web server or the client computer.

This data is then used to deliver a tailored page to the user or the page itself can contain some script which can carry information from one visit to the website (or a related site) to the next. It’s a convenient way to store data without over burdening a server.

These cookies have become an integral part of web browsing. They allow websites to keep track of customer preferences without making us sign in each time. An example of this is a website remembering who you are or what you had in your shopping cart the last time you were on the site. From an analytical point of view, it also allows businesses to track key metrics across their site including unique visitors, what pages were viewed, how long people were on pages and what pages people leave on.

Some companies also use tracking cookies which are served from a third-party site and allows them to see information from other sites including products viewed, pages visited and specific search history. These tracking cookies allow advertisers to place tailored adverts in front of those customers.

Whilst some cookies are necessary to the browsing experience, allowing websites to function properly, customers have the right to update their preferences so that not all cookies are tracked whilst online. These come under different categories including:

  • Strictly necessary
  • Functional
  • Performance & Analytics
  • Marketing and advertising

What are the rules?

The Cookie Law is a piece of privacy legislation that requires websites to get consent from visitors to store or retrieve any information on a computer, smartphone or tablet.

It began as an EU directive that was adopted by all EU countries in May 2011. It gave individuals the right to refuse the use of cookies that could potentially reduce their online privacy. Every country updated its laws to comply.

For the UK, this meant an update to the Privacy and Electronic Communications Regulations. If you own a website, you need to make sure it complies with the law and this usually means making some changes.

What does it mean for your business?

In short, if you don’t comply with the rules surrounding cookie policies, you risk enforcement action from regulators, which could include a fine. Not only that, but in the long term, customers may also avoid your website if they deem it a privacy risk.

Recently, Europe’s top court has ruled that pre-checked consent boxes for dropping cookies are not legally valid.

It’s now a requirement that you obtain consent prior to storing any non-essential cookies i.e the tracking cookies we previously mentioned. You cannot imply or assume consent at any time.

For your site, this means obtaining consent on your site first, before anything else is actioned. You must give consumers the option to say no as soon as they arrive at your website. Any cookies not strictly necessary, are prohibited from being pre-checked, regardless of whether the data processed is categorized as personal.

Something that an online lottery website recently failed to do.

They stated that a user must consent to the storage of cookies in order to play a promotional game. This consent included the pre-checked box, which meant that customers were automatically “assumed” to have given consent.

On October 1, 2019, the highest legal entity of the EU, ruled that the only form of valid consent for processing user data in the EU is explicit consent, i.e by ticking a box.

Are you compliant?

We have already mentioned the Privacy and Electronic Communications Regulations, also known as PECR. They implement the European Directive, or the E-Privacy directive. This compliments the general data protection regime and sets out more specific rules on electronic communications.

This law covers any business that:

  • Markets by phone, email, text or fax
  • Uses cookies or similar technologies on your website
  • Compile a telephone directory or a similar public directory.

For many businesses, cookie policies are tick box exercises, but with this microscope on the new protocol, it’s more important than ever to make sure you are fully compliant.

Are you confident that your business is covered? Could you afford the consequences if you aren’t?

If you are concerned by how compliant you are, we can help.

Cookie Policy flowchart from Netmatters


Our aim is to minimise the inconvenience to the visitor but still put you in a compliant state. This means you’ll be covered legally, but also your customer’s journey won’t be affected.

We will conduct an initial audit to determine the level of compliance you are currently operating at, and provide recommendations on how we can improve this. We can then action the works required, working with you to provide the best solution for your business.

If this is something you think you need assistance with, we encourage you to get in touch with us below.