Need help? Check out our Support site, then

EU Cookie Law - What can I do?!

  1. Hello,

    My site is a hosted website with a unique URL from 123 Reg, I've just gotten notified of the new Cookie law which is going to take effect in May 2012, and I am REALLY worried. Is there anything can do to help my site stay legal?

    I can't use any plug-ins because they only work on

    Basically what I'm asking is: is there going to be a way for hosted blogs to avoid being illegal? Will you make a new feature so we can notify our users of the cookies on our site? When will this all happen?

    Please notify me before May 26th otherwise, according to the new law, I and thousands of other bloggers will be in breach of the law and could face up to a £500,000 penalty.

    The blog I need help with is

  2. is no longer available.

    The authors have deleted this blog.

    For an accurate answer a link to the blog you are asking about is needed.

  3. The website I run is

  4. I think your current disclaimer is adequate. staff is unquestionably looking into this, because there are a lot of EU readers of our blogs.

  5. The EU is a scaremongering bunch of halfwits. In reality they'd never be able to police the zillions of Internet websites. You could perhaps register your domain with a company outside the EU.....just a thought. You shouldnt allow yourself to be frightened by these people anyway. That's how they control everyone.......threats. I think what you've written is ok anyway.

  6. Thanks for the replies people, means a lot. Do any WordPress employees ever comment on these forums? (I'm a newbie)

  7. Sometimes they do. I've been here seven years and you can be CERTAIN they are working on this, though. They have to. Europe is too big a market, and they, the providers of the blogging service, will be responsible for the fix.

  8. That's a really good point raincoaster.

  9. Also, as far as I'm aware the only cookies that WP uses are to track the actual bloggers moving around, and that is something you have to enable in order to be signed in. It doesn't use cookies to track visitors at all, now that I think of it.

  10. Yeah but on most sites Facebook, Twitter and Youtube all install their cookies, and we all know Facebook aren't looked too kindly upon when it comes to privacy...

  11. I've been doing some reading around on this. Anyone who has a website----even a blog---hosted by a company that collects data for analytical purposes is already tracking their visitors. Even if your company doesn't impose its own tracking/cookies, the web-hosting company that you are using almost certainly does....for the purpose of providing you with monthly stats, amongst other things.
    That means if WordPress is collecting data (which it is, for your Blog Stats) then everyone visiting every WordPress blog in existence is "supposed" to be told of this.
    Considering how many thousands?millions? of wordpress blogs there are, that means---theoretically----that every blogger has to notify his/her visitors.

    It's a complete nightmare. I've looked at some other forums/blogs this morning on this subject, no-one really has a flipping clue what to make of it all. Apparently it was tried on the UK's Information Commission Officer website......and their traffic plunged 90%. What a laugh. The vast majority of large British companies still aren't ready to comply either. These mugs who sit in the EU parliament have nothing better to do with their time, bar eating and drinking. Unelected and undesirable bureaucrats.

    I think WordPress will need to look at this, to protect their bloggers, many of whom are not necessarily knowledgeable about web-page programming.

    Measures like these will drive small-person websites off the Internet altogether, because many will be afraid of how to comply with what the EU wants. In the good old days, back in the 90's when I first set up a website, it was all great fun. Now it's becoming a complete misery. It's all overrun by authoritarianism. No wonder people are furious.

  12. Good point, just one thing I wanted to say: visitor numbers dropped by 90% because users couldn't be tracked because they didn't want the cookies. The readers of the website still went on the site, the owners just aren't allowed to see that they have.

    Everything else though is true.

  13. The law ONLY applies to cookies. That's why it's called the cookie law.

  14. Sorry for this remark but I just can't help it:

    The EU is more or less evil in all aspects. Close the stupid thing!

    I just had to write this! :-(

  15. It does seem like a pretty silly rule to be making now. I can't see how it will be enforced.

  16. There's a lot to sort through about this law, and the first thing that has to be done is clear through some of the misunderstandings about it.

    First off, it's important to understand that this is not one "EU Cookie Law." The EU issued a set of directives on cookies but left it for each member nation to interpret, define the requirements, and define the penalties. Your ire should be directed towards the Information Commissioner's Office, the UK government agency which is solely responsible for the permutations of the cookie law in the UK. I know that hatin' on the EU is a great national hobby, but this isn't actually the issue for it. Ranting about those big mean men in suits is not going to do a damn thing to help us find a solution.

    And it's why isn't doing anything to bring blogs into compliance. There is not one "EU Cookie Law" to comply with. There are *twenty seven of them.* National approaches range from laissez-faire to paranoid. No company, including, should be expected to create twenty-seven different setups and presentations for a single product.

    Second, you need to educate yourself on the issues surrounding sites and the law - I write from the perspective of the UK's interpretation of it - to understand why isn't just making a slap-on, click-the-box, that's-you-sorted solution to it. You can do that with my conference presentation here.

    Third, as for spreading misinformation about "£500,000" fines, educate yourself on what that number means, who issues those fines, and what they issue them for before you perpetuate scaremongering and become part of the problem rather than the solution. You can do that in my post here.

    Finally, educate yourself on the web site accessibility issues which mean that many "compliance solutions" make a site meet the UK's interpretation of the cookie law but then break existing UK accessibility laws.

    If you have any other questions, leave comments on my blog posts, or come talk to me at WordCamp UK in Edinburgh in July.

  17. I was at an exhibition last week where one speaker was Mark Prisk, Minister for Business and Enterprise in the UK Government and I asked him a question about the implications of the new cookie law and the advice the Information Commissioner's Office (ICO) is currently giving out, which to say the least lacks clarity. He said that Ministers are still in discussions with the Information Commissioner about the guidelines and what came across was that two different arms of the UK Government do not see eye to eye. Having said that, the ICO is the enforcement body (they can fine Government Departments, and Ministers have no direct jurisdiction over the ICO). However, the ICO has a long record of advising first, enforcing next, fining last. However some companies are taking the issue very literally, see BT's MyDonate site. I have added a page to the main menu of my websites about cookies and privacy which is not theoretically compliant, but I think would be seen as adequate until new advice comes out of the ICO's office. I appreciate WordPress's problems, but it would still be very helpful to see a clear statement from WordPress, even if it is only to say why they can't/won't comply and what the complications are, which we in the UK could then quote in the debate here to try to get some commonsense. Specifically what would help would be a list of the cookies used on WordPress and what they do. See the Downing Street website for a model, which, ironically, does not comply with the ICO's advice in that the link to the page is hidden at the bottom of the page and there is no splash page as you go into the site. So at least if we are going to be fined £150,000, so is David Cameron, which is why I'm not booking a meeting with my bank manager just yet.

  18. The UK Information Commissioner's Office issued new guidance yesterday which should reassure people. The main issue here is that 'implied consent' now seems acceptable, provided that you make this very clear and visible to users of your site, but don't take anything from me, read the article:

  19. Indeed, after spending over a year saying implied consent was not enough, they backtracked literally on the day the law went into compliance. *On the day*. Not last month, not last week..

    So much of the work and sweat many good people have put into moving towards compliance turns out to have been unnecessary.

    There's nothing more contemptible than highly paid "public servants" creating problems to justify their jobs and pensions.

  20. The following is from our legal team:

    We’re aware of the recent EU privacy directive and the related UK Cookie Law. As of now, the relevant authorities haven’t issued concrete guidance on the actions that are necessary to comply with the law. We’ll be watching as the situation develops and may make changes to our services in the future, if required.

    For now – since sites hosted at do make use of cookies, you may like to flag this fact for visitors to your site. One way to do this is to add a text widget to your side bar and include a link to our privacy policy (which contains information on the cookies that we use). You might also inform your visitors that they can refuse all cookies by changing the settings of their browsers.

    Our Privacy Policy can be found here:

    Instructions for adding a text widget to your site can be found here:

  21. kevinjohngallagher

    I am dumbfounded at the response from the (legal) team.

    Regardless of people's opinion's on the Law itself, standards and concrete guidelines on how to comply with it have been around and clear for over a year now - even if we think they are daft. Lest we forget that this law actually came to pass over a year ago, with 3 countries opt-ing to give their businesses an extra 12 months to get their sites compliant.

    Even as someone who disagree's with the law itself, the idea that, a system that has a sizeable percentage of the world's websites hosted on it, simply wont comply with the law and worse, hasn't come up with a position in the last year... is absolutely incredulous!!

    To clarify for those who are about to slate me, the proposed solution of...

    you may like to flag this fact for visitors to your site. One way to do this is to add a text widget to your side bar and include a link to our privacy policy

    ...does not meet with the EU law. While it may get past the UK directive from the ICO, it will fail miserably from virtually every other EU country.

    Rest assured, if you are using a hosted site, and are an EU business you are in breach of the law. How fussed you are about that fact is down to each individual, and Heather makes some wonderful points about both the law and its enforceability; but ask yourself this:

    If the US passed a similar law, how quickly do you think would react?

    All of that aside, the fact that couldn't even come to a standard position until 2 days after the UK's 12 month extension had passed is scandalous.

  22. Thanks for all of the feedback. As we (and some of the other commentors on this thread) have noted - the legal requirements of the UK cookie directive are far from clear. Indeed, the government's position on a fundamental requirement of the law (implied consent) changed on the day of implementation - which must have been very frustrating for the handful of sites that made an effort to comply with the law as they understood it before implementation. Also, the vast majority of EU member states (other than the UK) have yet to issue any legislation at all in response to the EU directive. If and when they do, their requirements will likely be different than those set out by the ICO. This situation is not a model of government transparency or efficiency. Nonetheless, we definitely are watching developments closely, particularly as the ICO begins some dialog with large web properties on how best to implement the new law while balancing the interests of all sides.

    While all of these issues come to rest, we are happy to provide our users in the UK with tools to highlight the use of cookies for visitors to their sites, per the new law.

  23. @pesieminski - I am not in the EU and have not much knowledge of the EU cookie law after reading this whole thing added a text Widget to my site (my site is read in the EU) that linked to your privacy policy with a one sentence note that cookies could be disabled - to help your users you might think about posting a code snippet that blog owners could just copy and past into a text Widget - that would save blog owners the work of finding and making the link etc. Since I watch over several other blogs it did take some time so a bit of help would make life easier maybe for blog owners.

  24. @pesieminski @macmanx and others, I am now confirmed to speak on the topic of the EU Cookie Law and WordPress at WordCamp UK on 14-15 July in Edinburgh. Obviously that will deal with the UK interpretation.

    The last time I spoke on the topic I had a wide-eyed, eager, and somewhat anxious audience in their chairs ready for me to start before I'd even set up my presentation. I expect the same in July.

    To that end, by July, if I have to stand in front of these people and say "WordPress's official position still consists of looking down at their shoes and mumbling about waiting for someone else", you are going to make me look bad.

    Make me look good, kids. Stop shifting and get to work. We all did.

Topic Closed

This topic has been closed to new replies.

About this Topic