{{ searchResult.published_at | date:'d MMMM yyyy' }}

Loading ...
Loading ...

Enter a search term such as “mobile analytics” or browse our content using the filters above.

No_results

That’s not only a poor Scrabble score but we also couldn’t find any results matching “”.
Check your spelling or try broadening your search.

Logo_distressed

Sorry about this, there is a problem with our search at the moment.
Please try again later.

The ICO's one year amnesty on enforcement of the EU e-Privacy Directive ends tomorrow, and a few more sites have been rolling out their compliance solutions. 

BBC.co.uk launched its cookie info banner yesterday, while Channel 4, The Guardian and the Telegraph have today. 

The four approaches are all very different... 

BBC.co.uk

The BBC has gone for a status bar at the top of the page which informs users that the site uses cookies. 

There is a link to change cookie settings, but if users press continue or just carry on using the site, cookies are set and consent is implied. 

As well as providing further information about the cookies the site uses, the BBC allows visitors to opt in and out of three groups of cookies. Presumably, analytics cookies fit into the 'performance' group:

This is a good solution which makes the site's use of user information clear and provides the information and options that users need to learn about and manage cookies. 

Crucially, it doesn't impact the user experience. Even after turning all cookies off, the site still functioned reasonably well. 

The BBC possibly feels it has to set an example here, and it has gone further than other sites have so far. Still, it has managed to do so while not interrupting the user experience. 

Channel 4

Channel 4 has also gone for a status bar, but has asked customers to click the button to accept cookies and close the message: 

Obviously, there's no option not to accept, so users that object to cookies need to click the 'how to manage cookies' link and find out more there. 

Unlike the BBC's approach, Channel 4 does not allow users to set cookie preferences on site, instead providing links to the help sections of browsers so that users can set preferences there. 

Like the BBC, Channel 4 has at least made the fact that it uses cookies clear enough, and has provided clear links to further information. 

Since it doesn't allow users to opt out of cookies on site, it isn't compliant in the strictest sense, and it does seem designed to push people towards doing nothing and opting in by default, but at least the information is there for those that want it. 

The Guardian

The Guardian's cookie message is short and to the point, and it does put the information in a prominent position. 

The site is not asking for users' consent though, it is implying it by continued use of the site once they have seen the message. 

It does provide some very detailed and comprehensive information about the site's use of cookies and visitor information though. As well as the usual information on the cookies it uses and why, it provides links to help on managing cookies using browsers.

Its visual representation of the cookies it uses and how they affect what users see on the page:

Again, this is not a 'strictly' compliant solution, but it's hard to argue that users aren't being informed about the cookies that are used on the site. 

The Telegraph

Telegraph.co.uk has a prominent link at the top of the page to its Privacy and cookies policy, but no information about implying consent. 

The Telegraph does tell users how it gather information, uses cookies and why though, unlike the others, it doesn't provide links to change browser settings. 

This is broadly similar to Econsultancy's solution, and while there is no option to opt in or out, it does provide a clear link to information for those visitors that have concerns. 

UPDATE: Since I visited the site earlier, The Telegraph has started to show this pop-up to new visitors, which remains on screen for around ten seconds. 

Are these methods compliant? 

This is a tricky question, especially since the ICO doesn't know what compliance looks like. As The Mirror's Malcolm Coles said when talking about the news site's cookie compliance, "the main test is clearly going to be what enforcement action the ICO takes". 

On that basis, since all four sites have carried out cookie audits, informed users about the information that the site uses, added clear links to cookie policies, and have some kind of consent mechanism, then this must at least put them well down the list for enforcement action. 

(Our report, The EU Cookie Law: A Guide to Compliance, explains the legislation as far as it affects UK online businesses, sets out some practical steps that you can take towards compliance, and includes examples of how websites can gain users’ consent for setting cookies. Do check it out.)

Graham Charlton

Published 25 May, 2012 by Graham Charlton

Graham Charlton is the former Editor-in-Chief at Econsultancy. Follow him on Twitter or connect via Linkedin or Google+

2565 more posts from this author

Comments (23)

Comment
No-profile-pic
Save or Cancel
Avatar-blank-50x50

James Curtis, Online Marketing Manager at The Wandsworth Group

The BBC's solution is excellent, explaining why they use cookies and what benefits the user gains by consent. A great template to follow for those who are worried about compliance.

But, with the ICO's continued murky advice, compliance doesn't seem to be on most people's agenda. Looking outside of the mega consumer brands, and many companies will be watching their competitors. And if the competitors aren't budging on compiance, they won't either.

about 4 years ago

Graham Charlton

Graham Charlton, Editor in Chief at ClickZ Global

@James Exactly. Why should a website risk losing business when there is no certainty about a) what is necessary to comply and b) whether and how it will be enforced?

about 4 years ago

Avatar-blank-50x50

Rob Stephenson

Always admire the way the BBC continually evolves its site. Whilst they would have chosen not to add the cookie warning, they have done so to their usual high standards.

That said, they had little choice. The ICO has made it clear that it intends to review the top 50 sites post 26th May and the BBC almost certainly falls in to this category.

Interesting that they have chosen not provide a check box for users to check to say they understand and accept cookies will be dropped on their terminal. Instead the user is told if they choose to continue browsing cookies will be dropped.

The ICO and other sites appear to prefer the check box approach, so will be interesting to see what view the ICO takes of the approach adopted by the BBC.

Sat next to my wife yesterday evening I asked her if she understood the cookie message displayed on the BBC site. She said no and didn't actually care either. I have a sneaking suspicion she speaks more than half the UK population.

about 4 years ago

Avatar-blank-50x50

Tony Edey

The ICO blog today has more information from Dave Evans. Interestingly it clearly states "Implied consent is a valid form of consent and can be used in the context of compliance with the revised rules on cookies." To me it looks like the BBC solution fits the bill.

http://www.ico.gov.uk/news/blog/2012/updated-ico-advice-guidance-e-privacy-directive-eu-cookie-law.aspx

about 4 years ago

Avatar-blank-50x50

Andy

I like the BBC's option but I found it only displayed on the home page, if you clear your cookies and go directly to a page within the site it didn't display. And of course there is also the irony that the BBC site sets a cookie the minute you enter their site and so if you are not happy and leave you still have that cookie set.

Anyway I am just hoping that Joe public seeing that big brand and trusted sites use cookies will not be so frightened when they then see a cookie message on a smaller site. If it doesn't work that way and they get misinformed about Cookies then it is going to destroy a lot of smaller websites.

about 4 years ago

Graham Charlton

Graham Charlton, Editor in Chief at ClickZ Global

@Tony Yes, i think implied consent like the BBC has is the best all-round solution. Shame the ICO waited until the day before the deadline to say so...

@Andy I hadn't noticed that. I imagine most of the BBC's traffic comes to other pages, so it does seem to be a mistake not to add the cookie message to all landing pages.

Like you, I hope that the BBC's message will reassure web users.

about 4 years ago

Avatar-blank-50x50

Steve Masters

All very nice. Plaudits to those organisations I think for doing the best with a bad situation. Unlike the European Commission, who forced the changes in the first place and who have done NOTHING on their website.

about 4 years ago

Avatar-blank-50x50

Hammy Havoc

This involves a little extra labour on our new HTML5 site version of Previous Magazine, a little bit of a pain, especially as we will have to add a disclaimer to our upcoming iOS apps too. I also run an online store and I'm not looking forward to having to figure out a way to circumvent those who dont allow cookies. I'm thinking that if the consumer says 'no' to allowing cookies then the site simply gives something similar to the 'sad iPod' or 'sad Mac' face and words to the extent of "I can't work without cookies. ):" and a request to reenable them.

Accepting/denying the use of cookies completely spoils the user experience, especially when the majority of users will have zero idea about cookies and probably not care like Rob said.

about 4 years ago

Avatar-blank-50x50

alan

So do you think the 11th hour guidance change by the ICO is a massive swerve?

Suddenly 'implied consent' makes thousands of sites 'legal'

read more http://badlywired.com/project-management-blog/2012/05/26/eu-cookie-law-compliance-implied-consent/

about 4 years ago

Avatar-blank-50x50

Tony Edey

@Steve - re: the EU website - that's hilarious! I just went and checked the UK government website also. If you're looking for it you can see a link to 'cookies' at the top of the page, but that's all they've got.

I think we should all complain to the ICO about the EU & UK government websites' blatant breach of this law :)

@Alan - I'm not sure it's a massive swerve, they've been making (vague) noises like this for some time but only the day before enforcement do they finally make it clear. Certainly it's hugely frustrating that it's taken them so long to make a stance, I'm sure a lot of companies will have wasted time and money developing solutions that are now going to prove to be unnecessarily intrusive.

It will be interesting to see how things evolve if/when 'Do Not Track' browser based privacy toggling takes hold. Will web site owners be able to remove the messages then as not having 'do not track' set in your browser implies consent? The problem there currently is there is no legal onus on browser makers to make this choice clear and up front, it's a buried option which is contrary to the spirit of this new law.

about 4 years ago

Avatar-blank-50x50

Meriel Lenfestey

These 4 sites probably don't make use of very intrusive cookies - so this level of solution makes sense and should satisfy the ICO without negatively impacting the user experience.

I'd be pretty sure that most users entering any of these 4 sites won't notice the banners, and could easily miss the 10 second pop up from the Telegraph. This would mean that they are not likely to be "informed". Therefore I'd suggest that any more intrusive use of cookies might require something a bit more obvious, or a range of complementary solutions.

about 4 years ago

Avatar-blank-50x50

Tom Cheesewright

Two things:

- Advice for businesses (apart from the few the ICO chose to speak to individually according to the new update) has been incredibly poor. Releasing this radical shift at the last minute is - while welcome in content - really poor practice.
- In reality it doesn't actually change the requirements that much. You might be able to get away with a 'presumptive close' for some situations but you still need some mechanism to present the information and ideally track acceptances in case you are ever challenged to prove compliance.

about 4 years ago

Avatar-blank-50x50

Jason Munslow

It looks like most companies have opted for a very similar approach. Best Western Hotels (www.bestwestern.co.uk) follows the same mechanic but with a bit of humour.

I am surprised how many companies do not have any solution in place. It will be interesting to see if any action is taken at all - especially since GB Government and EU websites do not apply.

about 4 years ago

Avatar-blank-50x50

Paul Masri

@Hammy Havoc: your online shop shouldn't have a problem and you shouldn't need to show those sad faces as the one part of the law that isn't vague, so long as I've understood correctly, is that cookies that are essential for the running of a website are allowed without prior consent. Specifically session cookies for shopping carts.

I'd be interested to hear from anyone who thinks I've got that wrong.

@Graham: nice article, well summarised.

about 4 years ago

Avatar-blank-50x50

Andy Badger

@Steve Master & @Tony Edey:
After a very simple check, The European Commission uses a single cookie and that is for language settings (which is essential). As such they do not have to declare their use of cookies.

about 4 years ago

Avatar-blank-50x50

Tim Caynes

A nice summary of the most obvious media sites. I'd be interested in seeing how businesses with less well-evolved online teams are managing compliance. There are surely a huge number of small to medium businesses out there that don't even know they have a responsibility to do something. I'm guessing many sizeable retail, manufacturing, FMCG sites are also in the dark. Would be interesting to see where they are looking for guidance.
Also, I don't see any examples anywhere for mobile sites. Mobile sites should comply in the same way as 'full' sites, correct?

about 4 years ago

Avatar-blank-50x50

Steve Elsey

I can't believe this! My understanding of the law up until Friday was that implied consent was NOT allowed. Users HAD to opt in. As a web designer/developer, I have had to offer a solution (similar to the ICO site) which has been rolled out over the last 3 months to provide compliance for my clients. The BBCs solution and acceptance of implied consent means the businesses that have acted in advance are at a major disadvantage and will now have to spend even more money to change their perfectly compliant sites or face users ignoring the opt in, or worse being scared off by the opt in.

The legislation was bad enough, adding more financial burden to SMEs and being ill thought through, but this last minute change is an insult.

about 4 years ago

Anna Lewis

Anna Lewis, Google Analytics Analyst at Koozai

I felt the impact of the changes for the first time last night, I was browsing news sites and kept having to accept cookies, I imagine people who weren't aware of the law changing are suddenly very confused as to what's going on.

Personally, I think some of these have too many words, do people actually read that much when then were looking to read what was on the page?

I like the guardians solution, it seems the least intrusive and very simply ensures that you don't keep having to hide a pop up.

I've seen a mobile solution where the pop up takes up most of the screen, luckily it had an easy to spot option to keep cookies and carry on browsing, but it is becoming tiring having so many pop ups and some sites won't be using a cookie to remember that you are happy to use cookies!

about 4 years ago

Glynn Davies

Glynn Davies, Senior Technical SEO Account Manager at LBi

@Steve Elsey - that was my understanding too. The ICO are now stating that implied consent was always a valid option, but v2 (Dec 2011) of their guidance says "...general awareness of the functions and uses of cookies is simply not high enough for websites to look to rely entirely in the first instance on implied consent".

almost 4 years ago

Avatar-blank-50x50

Russ

I feel for all those sites who've spent thousands on a ICO version 2 guidance rollout (inevitably complex and user-unfriendly to some degree) only to discover that version 3 is a lot cheaper, since it allows a continuation of previous practice with the minimum of change, hence its attractiveness to the big publishers. As for ICO allegedly stating that an implied consent opt-out route was 'always an option', I simply don't believe it. Not that I can believe anything ICO now might say in the future. However attractive and easy a version 3 implied consent opt-out implementation might be (and I'm not complaining), the fact remains it is a route that contradicts the basic principles embodied in the law. Leaving aside the question of the Commission's non-compliance with its own Directive for a moment, it's going to be interesting to see how ICO defends its stance and how the Commission responds to it. I can see how ICO is attempting to position itself politically, but depending on how the EU game plays out in the face of what must be seen as a abject implementation failure and shortfall, I wouldn't be at all surprised if ICO did another u-turn in say a year or two's time.

almost 4 years ago

Avatar-blank-50x50

Toney

This paragraph presents clear idea designed for the new users of blogging, that actually how to do blogging and site-building.

almost 4 years ago

Avatar-blank-50x50

Lowery

It's difficult to find knowledgeable people about this topic, however, you sound like you know what you're talking about!
Thanks

over 3 years ago

Avatar-blank-50x50

Shepherd

I never, ever believed I would have to be familiar with
this thank goodness for the internet

over 3 years ago

Comment
No-profile-pic
Save or Cancel
Daily_pulse_signup_wide

Enjoying this article?

Get more just like this, delivered to your inbox.

Keep up to date with the latest analysis, inspiration and learning from the Econsultancy blog with our free Daily Pulse newsletter. Each weekday, you ll receive a hand-picked digest of the latest and greatest articles, as well as snippets of new market data, best practice guides and trends research.