'Action needed' to meet UK's cookie tracking deadline

Laptop Research suggests UK-based organisations have not digested the upcoming computer cookie law

Related Stories

There are on average 14 tracking tools per webpage on the UK's most popular sites, according to a study.

Privacy solutions provider Truste suggests that means a user typically encounters up to 140 cookies and other trackers while browsing a single site.

The research was published less than 40 days before strict rules come into effect governing cookie use.

The study was carried out in March and covered the UK's 50 most visited organisations.

The firm said that 68% of the trackers analysed belonged to third-parties, usually advertisers, rather than the site's owner.

"The high level of third-party tracking that is taking place is certainly an area of question and scrutiny," Dave Deasy, Truste's vice president of marketing, told the BBC.

"It's not illegal to do the tracking - the question is whether you are giving consumers enough awareness that it is happening and what you are doing with the data."


On 26 May the UK's Information Commissioner's Office (ICO) imposes an EU directive designed to protect internet users' privacy.

The law says that sites must provide "clear and comprehensive" information about the use of cookies - small files which allow a site to recognise a visitor's device.

It says website managers must:

  • Tell people that the cookies are there
  • Explain what the cookies are doing
  • Obtain visitors' consent to store a cookie on their device

"The information needs to be upfront - without information people can't give consent," the ICO's principal policy adviser for technology, Simon Rice, told the BBC.

ICO cookie permission box screenshot The ICO says the vast majority of visitors to its site refuse to allow themselves to be tracked

The ICO says the rules cover cookies used to provide information to advertisers, count the number of unique visitors to a page and recognise when a user has returned to a site to adjust the content that is subsequently displayed.

However, it says exceptions are likely to be made if the cookie is only being used to ensure a page loads quickly by distributing the workload over several servers, or is employed to track a user as they add goods to a shopping basket.

Many sites have yet to add a feature asking for users' consent.

95% of 55 major UK-based organisations surveyed on behalf of KPMG were still not compliant with the cookie law at the end of last month, the accountancy firm reported.

Truste acknowledges that the vast majority of those who took part in its study had published a privacy policy - but adds that only 16% had a summary section that was "easily digestible", and 80% did not disclose how long data about visitors was retained.

Cookie flavours

Cookies are small files that allow a website to recognise and track users. The ICO groups them into three overlapping groups:

Session cookies

Files that allow a site to link the actions of a visitor during a single browser session. These might be used by an internet bank or webmail service. They are not stored long term and are considered "less privacy intrusive" than persistent cookies.

Persistent cookies

These remain on the user's device between sessions and allow one or several sites to remember details about the visitor. They may be used by marketers to target advertising or to avoid the user having to provide a password each visit.

First and third-party cookies

A cookie is classed as being first-party if it is set by the site being visited. It might be used to study how people navigate a site.

It is classed as third-party if it is issued by a different server to that of the domain being visited. It could be used to trigger a banner advert based on the visitor's viewing habits.

Half-baked idea?

The move has proved controversial.

A survey published last month by the digital marketing firm, Econsultancy, found that 82% of 700 marketers contacted did not believe the cookie law was a positive development.

One respondent said: "Plain and simple - this will kill online sales."

The claim reflects a belief that when presented with a choice, most users would refuse to allow cookies to track them - making it impossible, for instance, for a retailer to target adverts for a computer at a user who had previously looked at an article about upgrading IT equipment.

The ICO's own research suggests this could be an issue. Since asking users to click a box if they agree to accept cookies from its site, the organisation says just 10% of visitors have complied.

However, BT's experience points to a possible solution.

Since March a pop-up message on its home page has told first-time visitors that unless they take up an offer to change its settings, then they have consented to its "allow all cookies" default rule.

"So far, we can see that customers are generally choosing to keep the cookies that we use to provide the best experience on our webpages," a spokeswoman told the BBC.

Early adopter

The ICO says it has not been prescriptive about the wording that firms use.

However, organisations need to be careful about relying too heavily on opt-out schemes.

BT website screenshot BT offers first-time visitors the chance to opt out of its default cookie settings

"At present evidence demonstrates that general awareness of the functions and uses of cookies is simply not high enough for websites to look to rely entirely in the first instance on implied consent," the regulator warns.

It adds that those who fail to implement its rules properly could be fined up to £500,000.

Truste says companies across the EU and beyond will closely watch how the regulator enforces the directive.

"A lot of this starts with making sure companies understand what level of third-party tracking is actually happening on their sites - in many cases they don't," said Mr Deasy.

"The UK is somewhat taking a leadership role in terms of actually following through and having a hard date for when compliance needs to start taking place."


More on This Story

Related Stories

The BBC is not responsible for the content of external Internet sites


This entry is now closed for comments

Jump to comments pagination
  • rate this

    Comment number 309.

    It looks like the main problem is adverts following people around, and creeping them out. So why don't they just ban that? Speak to a few companies, job done! Let the rest of us get on with things as we are used to.

  • rate this

    Comment number 41.

    I don't really see what the problem with cookies is. I have to swipe a card every time I go to the gym. My mobile phone constantly displays my location (my wife loves that). I'm captured by a gazillion CCTV cameras every day. In the information age, very little is private and cookies are just a small part of a much bigger shift.

  • rate this

    Comment number 25.

    We all know we are being spied on every time we do anything on the web. This is no longer acceptable. It may, possibly, have been ok when use of the web was our choice and it was mostly geeks, but now so many are dependent on it for so many things it needs stricter controls and better protection.

  • rate this

    Comment number 18.

    My browser gives me the option of not only disabling cookies but also telling sites i visit that i do not want to be tracked.

    We have the ability at our finger tips to stop intrusive cookies, we just need to elect to use it.


More Technology stories



  • A very clever little girlBrain gain

    Why are people getting better at intelligence tests?

  • BeefaloBeefalo hunt

    The hybrid animal causing havoc in the Grand Canyon

  • A British Rail signBringing back BR

    Would it be realistic to renationalise the railways?

  • Banksy image of girl letting go of heart-shaped balloonFrom the heart

    Fergal Keane on the relationship between love and politics

  • Don Roberto Placa Quiet Don

    The world's worst interview - with one of the loneliest men on Earth

Try our new site and tell us what you think. Learn more
Take me there

Copyright © 2015 BBC. The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.