Are Analytics Cookies Legal? (Part 1)

5/22/2012 9:46:06 AM

New EU legislation means that all websites that use cookies need to get permission from users first. Sarah Dobbs looks into how this affects how you can use analytics tools on your website…

Cookies sound pretty innocuous, don’t they? In many ways, they are: they're just strings of text sent back and forth between a website and browser, used to identify users and keep track of certain information about them. Cookies can help websites remember user' preferences, as well as tracking whether they're new or returning visitors, and what they're looking at on the site.

Description: Description: Best Real Time Analytics Tools You Must Have for Web Tracking

Best Real Time Analytics Tools You Must Have for Web Tracking

Generally, they don’t store any personal information; individual users are identified by the cookie stored on their browser, so it the same person uses another computer or browser, the site would identify them as the same person. Cookies can make browsing the web more convenient for the user, as well as providing websites with valuable information…but it may make you uncomfortable to know that websites are storing files in your browser without your knowledge, and sometimes using that cookie to serve you with relevant (and occasionally intrusive-seeming) advertising.

On 26th May 2011, the EU passed new legislation – The Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011 – that meant that websites needed to obtain explicit consent from users before tracking them with cookies. The law is designed to protect privacy and to limit the amount of targeted advertising websites can serve up. While some kinds of cookies, like the ones that store items users have put into their shopping baskets on ecommerce sites, are excluded from the law, it seems everything else, including cookies that remember your username when you return to a website you’ve registered at, will be affected.

Although the legislation was passed last year, the Information Commissioner’s Office (ICO) gave website owners in the UK a year’s lead-in period, in order to sort out ways of obtaining users’ permissions. But time is ticking away, and not many sites have yet implemented any ways of getting permission – worse, there seems to be a lot of confusion surrounding what the law means, and how people can comply with it.

What the law says

xDescription: Description: What the law says

What the law says

Since 2003, websites have been required to offer users information about the cookies they use, and provide the facility to opt-out of storing cookies; the 2011 amendment changed that last part, so that users need to opt-in, rather than opting-out. Here's the exact wording:

1.    Subject to paragraph (4), a person shall not store or gain access to information stored, in the terminal equipment of a subscriber or user unless the requirements ofparagraph (2) are met.

2.    The requirements are that the subscriber or user of that terminal equipment- (a) is provided with clear and comprehensive information about the purposes of the storage of, or access to, that information; and (b) has given his or her consent.

3.    Where an electronic communications network is used by the same person to store or access information in the terminal equipment of a subscriber or user on more than one occasion, it is sufficient for the purposes of this regulation that the requirements of paragraph (2) are met in respect of the initial use.

3A. For the purposes of paragraph (2), consent may be signified by a subscriber who amends or sets controls on the internet browser which the subscriber uses or by using another application or programme to signify consent.

4.    Paragraph (1) shall not apply to the technical storage of, or access to, information – (a) for the sole purpose of carrying out the transmission of a communication over an electronic communications network; or (b) where such storage or access is strictly necessary for the provision of an information society service requested by the subscriber or user.

You can read the whole thing at It’s not the most fun reading ever, but basically, it says websites can’t use analytics cookies without getting explicit informed consent from visitors.

What does that mean for website owners?

Description: Cookie collective

Many websites have already started the process of gaining consent from their users – check out the ICO’s own website ( for one example of how that can be done, or Delia Smith’s website ( for another. While the ICO did agree to a year’s grace period before enforcing this legislation, it has been made clear that it will be enforced from May, and no one’s off the hook.

If you run a website and you use Google Analytics or similar analytics cookies to track your visitors, you might be wondering how, or if, this applies to you. And the bad news is, yes, it really does apply to you. It applies to all websites that use cookies, however innocent your usage of those cookies might seem. (We’re going to assume you’re no using extensive behavioural advertising on your site!) Don’t panic just yet, though. The ICO has issued some guidance documents to help you figure out what you need to do to comply; you’ll find it on their website at

There’ve been a lot of blog posts written about this legislation, and a lot of knee-jerk reactions posted online, so to get a bit more clarification on the situation, we spoke to Simon Rice, Principal Policy Advisor (Technology) at the ICO. ‘The letter of the law says that every website needs consent to use cookies, but it certainly doesn’t say that websites can never use cookies,’ he says. ‘It’s really about getting website operators to look at the cookies they’ve got, and find out what those cookies are actually doing, and assess how privacy intrusive they might be. Even in terms of analytics cookies, there are different analytics providers, and there are different things that website owners can do within their settings.’

The first thing to do is to take a look at your website and see what cookies you’re using. If you’re using Google Analytics, there are two kinds of cookies used: first-party (which means the stats gathered are visible to you) and third-party (which means they’re passed on to Google). The ICO considers first-party cookies less intrusive than third-party cookies: Rice explains, ‘If you’re just trying to get a raw number of visitors, that’s a lower level [of intrusiveness]. If you’re saying ‘right, these are the visitors who came, these are the pages they looked at, and now I want to choose which products are for sale, or, based on what they’ve read before, I want to change the order my blog posts are displayed in, to show them what I think might be more relevant to them, that’s getting higher up that scale.’

Top 10
Review : Sigma 24mm f/1.4 DG HSM Art
Review : Canon EF11-24mm f/4L USM
Review : Creative Sound Blaster Roar 2
Review : Philips Fidelio M2L
Review : Alienware 17 - Dell's Alienware laptops
Review Smartwatch : Wellograph
Review : Xiaomi Redmi 2
Extending LINQ to Objects : Writing a Single Element Operator (part 2) - Building the RandomElement Operator
Extending LINQ to Objects : Writing a Single Element Operator (part 1) - Building Our Own Last Operator
3 Tips for Maintaining Your Cell Phone Battery (part 2) - Discharge Smart, Use Smart
- First look: Apple Watch

- 3 Tips for Maintaining Your Cell Phone Battery (part 1)

- 3 Tips for Maintaining Your Cell Phone Battery (part 2)
- How to create your first Swimlane Diagram or Cross-Functional Flowchart Diagram by using Microsoft Visio 2010 (Part 1)

- How to create your first Swimlane Diagram or Cross-Functional Flowchart Diagram by using Microsoft Visio 2010 (Part 2)

- How to create your first Swimlane Diagram or Cross-Functional Flowchart Diagram by using Microsoft Visio 2010 (Part 3)
Popular Tags
Microsoft Access Microsoft Excel Microsoft OneNote Microsoft PowerPoint Microsoft Project Microsoft Visio Microsoft Word Active Directory Biztalk Exchange Server Microsoft LynC Server Microsoft Dynamic Sharepoint Sql Server Windows Server 2008 Windows Server 2012 Windows 7 Windows 8 Adobe Indesign Adobe Flash Professional Dreamweaver Adobe Illustrator Adobe After Effects Adobe Photoshop Adobe Fireworks Adobe Flash Catalyst Corel Painter X CorelDRAW X5 CorelDraw 10 QuarkXPress 8 windows Phone 7 windows Phone 8
Visit movie_stars's profile on Pinterest.