'Action needed' to meet UK's cookie tracking deadline

Laptop Research suggests UK-based organisations have not digested the upcoming computer cookie law

Related Stories

There are on average 14 tracking tools per webpage on the UK's most popular sites, according to a study.

Privacy solutions provider Truste suggests that means a user typically encounters up to 140 cookies and other trackers while browsing a single site.

The research was published less than 40 days before strict rules come into effect governing cookie use.

The study was carried out in March and covered the UK's 50 most visited organisations.

The firm said that 68% of the trackers analysed belonged to third-parties, usually advertisers, rather than the site's owner.

"The high level of third-party tracking that is taking place is certainly an area of question and scrutiny," Dave Deasy, Truste's vice president of marketing, told the BBC.

"It's not illegal to do the tracking - the question is whether you are giving consumers enough awareness that it is happening and what you are doing with the data."


On 26 May the UK's Information Commissioner's Office (ICO) imposes an EU directive designed to protect internet users' privacy.

The law says that sites must provide "clear and comprehensive" information about the use of cookies - small files which allow a site to recognise a visitor's device.

It says website managers must:

  • Tell people that the cookies are there
  • Explain what the cookies are doing
  • Obtain visitors' consent to store a cookie on their device

"The information needs to be upfront - without information people can't give consent," the ICO's principal policy adviser for technology, Simon Rice, told the BBC.

ICO cookie permission box screenshot The ICO says the vast majority of visitors to its site refuse to allow themselves to be tracked

The ICO says the rules cover cookies used to provide information to advertisers, count the number of unique visitors to a page and recognise when a user has returned to a site to adjust the content that is subsequently displayed.

However, it says exceptions are likely to be made if the cookie is only being used to ensure a page loads quickly by distributing the workload over several servers, or is employed to track a user as they add goods to a shopping basket.

Many sites have yet to add a feature asking for users' consent.

95% of 55 major UK-based organisations surveyed on behalf of KPMG were still not compliant with the cookie law at the end of last month, the accountancy firm reported.

Truste acknowledges that the vast majority of those who took part in its study had published a privacy policy - but adds that only 16% had a summary section that was "easily digestible", and 80% did not disclose how long data about visitors was retained.

Cookie flavours

Cookies are small files that allow a website to recognise and track users. The ICO groups them into three overlapping groups:

Session cookies

Files that allow a site to link the actions of a visitor during a single browser session. These might be used by an internet bank or webmail service. They are not stored long term and are considered "less privacy intrusive" than persistent cookies.

Persistent cookies

These remain on the user's device between sessions and allow one or several sites to remember details about the visitor. They may be used by marketers to target advertising or to avoid the user having to provide a password each visit.

First and third-party cookies

A cookie is classed as being first-party if it is set by the site being visited. It might be used to study how people navigate a site.

It is classed as third-party if it is issued by a different server to that of the domain being visited. It could be used to trigger a banner advert based on the visitor's viewing habits.

Half-baked idea?

The move has proved controversial.

A survey published last month by the digital marketing firm, Econsultancy, found that 82% of 700 marketers contacted did not believe the cookie law was a positive development.

One respondent said: "Plain and simple - this will kill online sales."

The claim reflects a belief that when presented with a choice, most users would refuse to allow cookies to track them - making it impossible, for instance, for a retailer to target adverts for a computer at a user who had previously looked at an article about upgrading IT equipment.

The ICO's own research suggests this could be an issue. Since asking users to click a box if they agree to accept cookies from its site, the organisation says just 10% of visitors have complied.

However, BT's experience points to a possible solution.

Since March a pop-up message on its home page has told first-time visitors that unless they take up an offer to change its settings, then they have consented to its "allow all cookies" default rule.

"So far, we can see that customers are generally choosing to keep the cookies that we use to provide the best experience on our webpages," a spokeswoman told the BBC.

Early adopter

The ICO says it has not been prescriptive about the wording that firms use.

However, organisations need to be careful about relying too heavily on opt-out schemes.

BT website screenshot BT offers first-time visitors the chance to opt out of its default cookie settings

"At present evidence demonstrates that general awareness of the functions and uses of cookies is simply not high enough for websites to look to rely entirely in the first instance on implied consent," the regulator warns.

It adds that those who fail to implement its rules properly could be fined up to £500,000.

Truste says companies across the EU and beyond will closely watch how the regulator enforces the directive.

"A lot of this starts with making sure companies understand what level of third-party tracking is actually happening on their sites - in many cases they don't," said Mr Deasy.

"The UK is somewhat taking a leadership role in terms of actually following through and having a hard date for when compliance needs to start taking place."


More on This Story

Related Stories

The BBC is not responsible for the content of external Internet sites


This entry is now closed for comments

Jump to comments pagination
  • rate this

    Comment number 56.

    Cookies are a pain.

    A few days ago I was looking for gift ideas on Amazon and because I have bought from them before they have my details. Since I looked I have been receiving emails pushing the items I looked at. I'm fed up with it.

    As far as I'm concerned the sooner they stop watching and targeting me with their spam the better.

  • rate this

    Comment number 55.

    18. muddled ground.
    The problem is that the web is now used by many who have low computer literacy and do not know how to do this, and such options are often well hidden.

  • rate this

    Comment number 54.

    "Do not Track" , Adblock, "NoScript", "Click To Flash" are also available on Safari along with many other privacy extensions.

    The downside of the anti-tracking lobby is that this is now Google and many other make money, without this income they will be less able to grow in size, good or bad news depend on your views.

  • rate this

    Comment number 53.

    The last paragraph sums it up really - the UK is taking a "leadership role" in implementing another bit of EU bureaucracy that everyone else recognises as nonsense and will ignore, while we tie our business competitiveness in knots - bet the Germans and French are laughing their heads off

  • rate this

    Comment number 52.

    I wonder what would happen if companies abroad suddenly start offering complete hosting packages for UK based companies that effectively 'own' the website on behalf of the UK client almost like an advertisement, or perhaps UK businesses will just set up offshore businesses that own and run the domains so that they don't have to comply with UK law, let's push the web design trade abroad again eh!

  • rate this

    Comment number 51.

    Another instance of 'regulators', those sad people who can't help but want to control everyone's daily life, meddling in an area where they are neither wanted nor required. Individuals can easily control cookie activity themselves, through browser settings and add-ons. No further control is required. It is increasingly necessary to host websites outside the EU to avoid this kind of nonsense.

  • rate this

    Comment number 50.

    Given that the majority of the organizations that use the most intrusive cookies are the biggest profit makers, it makes you wonder why they see a need to raise money to pay for the upkeep of their sites.
    And restricting this adverse behaviour can only lead to encouraging people out onto the High St, reviving the lost art of going shopping.

    Give "Ghostery" for Firefox a try too.

  • rate this

    Comment number 49.

    I've blocked cookies and scripts for as long as I can remember. It makes some sites inconvenient to use, but frankly I'd rather that than the advertising. I'll decide when I want to buy something , and I will certainly not buy something from an advert shoved in my face. If I'm in the market to purchase something I'll do the research myself .

    Advertisers need to wise up.

  • rate this

    Comment number 48.

    Don't you just hate it when your coffee shop remembers you like no milk and two sugars? Or the bridal store that remembers the dresses you looked at last time? Or local car garage who remembers the specifics of your car?

    We call that "memory" good customer service, however online memory (aka tracking) is considered bad. Weird.

    Yes there will be those who abuse the system, but let's be sensible.

  • rate this

    Comment number 47.

    "Programs like "Adblock" and "Simple Adblock" will remove all the adverts and leave a nice blank space, as well as blocking the tracking cookies."

    And if everyone blocked adverts, the majority of sites you use and love would not be able to continue to operate.

    I could completly understand requiring permission to use cookies that contain private information about you, or excessive cookie use...

  • rate this

    Comment number 46.

    @Keke (33) "the government actively seeks to universally monitor emails and web activity in the UK"
    Interesting point. Few people realise that turning off cookies and turning on "private browsing" doesn't mean you are invisible or un-trackable. As a web developer and host I know more about a visitors computer than themselves.

  • rate this

    Comment number 45.

    I wrote to the webmasters of number10.guk.uk 2 months ago because they break the ICO guidlines. But they still break the rukes. As does this webpage.So what price anyone else taking this seriously?

    The guidance is ridiculous and aiui in no way reflects either law or the directive which gave way to it.

    We have to have laws to protect people against the identity harvesters, but this is not it.

  • rate this

    Comment number 44.

    Bring in the law. Marketing companies make £m or Bm's from this.
    Pay me for my information.

    You and I gain - Markters gain. - Google shares it's profits with the base it earns it from.
    What's wrong with this?

  • rate this

    Comment number 43.

    Mozilla Firefox has better privacy control and security add-ons. Many are denied use of by other browsers, jsut a few: -
    Adblock plus stops annoying pop-ups thus speeds page loading
    DNT+, Do Not Track Plus blocks tracking cookies
    Flagfox identifies geographic location of servers
    Flashblock prevents flash objects automatically launching

  • rate this

    Comment number 42.


    "DoNotTrackPlus" to avoid the cookies , "AdBlockPlus" to avoid seeing the crap. And "NoScript" to avoid the crap appearing in the first place.


  • rate this

    Comment number 41.

    I don't really see what the problem with cookies is. I have to swipe a card every time I go to the gym. My mobile phone constantly displays my location (my wife loves that). I'm captured by a gazillion CCTV cameras every day. In the information age, very little is private and cookies are just a small part of a much bigger shift.

  • rate this

    Comment number 40.

    Cookies can generally very helpful to regular visitors to whichever websites - the real issue here, for my money, is not the technoology per se, but the way it is used by us humans, specifically that a minority choose to abuse it......

  • rate this

    Comment number 39.

    Agree with @laughingman... Chrome/Firefox extension that will either accept or deny all requests will appear very quickly. Sorted!

  • rate this

    Comment number 38.

    I have no objection to cookies that enable the site to function efficiently, etc, but I do object to advertisers of goods/services I don't want being able to track everything I do in the privacy of my own computer, any more than I would allow doorstep salespersons free range in my home. Most cookies don't tell you why you should allow them. Without that info I don't have a clear choice.

  • Comment number 37.

    This comment was removed because the moderators found it broke the house rules. Explain.


Page 14 of 16


More Technology stories



BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.