When the EU e-Privacy Directive was first announced, it was thought that the internet would collapse as we were hit with a wall of pop-ups asking for cookie consent.

We were told that users would opt-out of cookies in droves, making it impossible for websites to measure traffic, target users with offers or advertising.

But, thankfully, the Information Commissioners Office has adopted a relatively laissez faire attitude to enforcement, and is instead allowing the industry to work out the best way to inform consumers of the use of cookies. Or it hasn't a clue, depending on your point of view. 

As a result, most sites have gone down the ‘implied consent’ road and have simply made their cookie policy more prominent rather than explicitly asking for users to accept cookies.

Those that do explicitly inform users that the site uses cookies generally don’t give an option to opt-out, but instead direct people to change the settings in their browser.

We’ve already examined the BBC and The Daily Mirror’s approach to cookie compliance, and here are 20 more examples from a range of sites.

Most are providing clear(ish) information about the fact that cookies are used on site, though some have gone further than others to ensure that cookies messages are visible to visitors.

Links to cookie and privacy policies



Comparethemarket features its cookie policy on its homepage, but buries it among this large body of text.


B&Q informs users of its new cookie policy at the very bottom of its homepage.


Debenhams is one of a huge number of retailers that simply have a small 'Cookies' tab at the bottom of the homepage.

House of Fraser


The Co-operative Bank


Lloyds TSB


Thomas Cook


More prominent messaging


John Lewis

Northern Rock


BBC Good Food

This is one of the only examples I could find that actually uses a pop-up to notify users of its cookie policy. Both MirrorOnline and BT have used pop-ups, but less intrusive than this one: 

Mobile examples

In general, brands that highlight their cookie policy on their desktop site use the same format on their mobile site.

The BBC and Gocompare's mobile approach mirrors their desktop sites.


However, a number of sites fail to mention their cookie policy at all on mobile. For example, despite featuring it quite prominently on its desktop site, John Lewis's mobile site doesn't refer to its cookie policy.

M&S takes a novel approach on mobile - it uses its checkout process as a way to also gain user consent for cookies.


The humourous approach

Daily Mash

Love the 'whatever' button.

Ling's Cars

Not quite what you'd call strict compliance, but there is some cookie information there...


As we can see from these examples, a lot of sites have chosen to avoid going down the pop-up route and instead just assume that users give their consent unless they actively change browser settings. 

Making the cookie policy more prominent is likely to mean the companies avoid any action from the ICO, while ensuring that no roadblocks are placed in front of users.  

That said, there a huge number of popular sites that don't seem to have done anything at all, and it will be interesting to see what, if any, action the ICO takes against them.

The one example that I could find that uses pop-ups is the BBC, but that is probably a unique case. Consumers generally invest a huge amount of trust in the BBC so it can be more explicit about its use of cookies without causing users to abandon the site.

But in general, it seems that most sites, as Econsultancy has done, will be taking a subtle approach to cookie compliance. 

David Moth

Published 28 June, 2012 by David Moth

David Moth is Editor and Head of Social at Econsultancy. You can follow him on Twitter or connect via LinkedIn

1719 more posts from this author

You might be interested in

Comments (18)

Save or Cancel
Alec Cochrane

Alec Cochrane, Head of Optimisation at Blue Latitude

Maybe you should also write a post on how international sites that are viewed in the UK are coping with this. I suspect they haven't.

My blog has gone for a novel approach of putting some cookies in the corner! I suspect the ICO don't think much of this.

Some good examples though - the Daily Mash made me chuckle (although it does probably encapsulate the sentiment of the country).


about 6 years ago



If you could only find one web site with a pop up message, you obviously didn't look very hard!

about 6 years ago

David Moth

David Moth, Managing Editor at Barclaycard

@Andy, what other examples have you seen?

about 6 years ago


Chandesh Parekh

The Daily Mash implementation always makes me laugh - definitely how most pragmatic developers feel about this issue...

about 6 years ago


Sue Pratt, Head of Marketing at Salmon Ltd

Thanks David - useful to have the examples together. Another example of a pop-up can be found on FT.com.

about 6 years ago


Ling Valentine

Well, it's all a big joke as no one will do anything about this.

The irony is that if people refuse cookies, you probably have to store a cookie saying that they don't want cookies. Which is nuts (and illegal in that case).

The ICO is utterly useless (or brilliantly useless), and they don't even adhere to their own policy.

Fundamentally, it's a stupid law. To prove this, I have cookies which estimate a visitor's gender and predict their full credit card number from information gathered. No one has noticed.

Thanks Herman Von Rumpy, I'll blame you even if it's not your fault.


about 6 years ago

Tim Roe

Tim Roe, Deliverability and Compliance Director at RedEyeEnterprise

Hi David, interesting points and there is certainly lots of opportunity for websites to move towards compliance without onerous changes to process etc. Prominent information links on the tops of pages etc, and the creation of a specific cookie policies, should make it easier for the consumer to find out what they want.

I’m not sure if you took a look at Lings cookie explanations, but they are worth further reading, very funny :)

This cookie can detect missed key-strokes caused by crumbs jamming the user keyboard. Compares results over a long period of time to determine typical biscuit type.

This cookie monitors any accidentally open audio channels, to determine if the user snorts or chuckles while browsing and then compares the wavelength of the noise with a table of animal sounds.

And if anyone hasn’t yet visited Lings amazing website, they must.

about 6 years ago

David Moth

David Moth, Managing Editor at Barclaycard

Hi Tim, were you at our Future of Digital Marketing event? Ling gave a highly entertaining keynote speech - you can see it here http://econsultancy.com/uk/blog/10142-ling-valentine-at-fodm-2012-is-there-method-in-the-madness-video

about 6 years ago



You'd think the Daily Mail who are constantly berating both Google and the UK government for perceived invasions of privacy would be a bit more upfront about their use of cookies. Instead it's the very last thing on their page! Surely a big site like them will soon attract the attention of the ICO.

about 6 years ago

Tim Roe

Tim Roe, Deliverability and Compliance Director at RedEyeEnterprise

Hi David
I didn’t attend the event I’m afraid, but thanks for the link, I’ll definitely watch it.

about 6 years ago


Andrew Haddon, N/A

I think there's still some confusion regarding 'implied' consent.

Several sites using 'implied' approaches are still setting none essential cookies on the first page of the visitor session. Although 'essential' is obviously open to interpretation, these tend to be cookies set for analytics purposes, which both the ICO and recent EC Working Party Opinions have advised are not currently exempt from the regulations.

My interpretation of implied consent would be that non-essential cookies would only be set as part of a further interaction with the website i.e. closing/accepting the cookies notice or navigating to another page.

How can consent be 'implied' if the cookies are set before the viewer even has the opportunity to see the cookies notice?

In some cases the cookies may even have been set prior the rest of the page fully rendering in the browser.

about 6 years ago


Steven Garrett

Check out www.nectar.com, www.livenation.co.uk, www.reuters.co.uk, www.hollandamerica.com

These represent great examples of branded customised solutions without taking the consumer away from the web page to manage consent.

about 6 years ago


Mike Henson

I agree 100% with Andrew Haddon.

Many sites are using their own "interpretation" of the law and using the "implied consent" approach to avoid doing anything in order to comply.

We are rolling out a procedure to our customers which we believe provides ALL that the law requires using the implied consent route as it was intended.

Check out www.mh-p.org

about 6 years ago

Alec Cochrane

Alec Cochrane, Head of Optimisation at Blue Latitude

Andrew, Mike,

The ICO recently changed their rulings on what counted as consent or not for analytics cookies, stating in their document:

The Information Commissioner recognises that gaining explicit opt-in consent for analytics cookies is difficult and that implied consent might be the most practical and user-friendly option.

http://www.ico.gov.uk/news/blog/2012/~/media/documents/library/Privacy_and_electronic/Practical_application/cookies_guidance_v3.ashx (pdf warning)

I do think that you are slightly missing the sentiment of the law though. The idea is that you are not misusing data from individuals without their knowledge by hiding the fact you are putting cookies on their computer to link together data points. Cookies themselves just tie up what you do from one page (and visit) to a next by creating a unique key on each of the pages.

If you tell the users on the first page that you are setting the cookie and give them the option (and the knowledge) to opt out if they so wish, they have opted in by ignoring that advice by the time they get to the second page.

If they opt out after reading the advice and decide to delete their cookie and not accept any more, then your data is in the same position as if you'd not set the cookie at all. You have several page views that cannot be connected together

Remember: the data is always there - the cookie is just what connects one bit of data to the next bit.

I do agree though that many sites are taking the phrase I've borrowed from the ICO as meaning 'You don't need to do anything' where as some take it to mean that they need to be a bit more obvious and some mean that they need to be completely up front with a 'pop up'.

I'd also argue, very strongly, that analytics cookies are essential to the running of a site.


about 6 years ago

Catherine Toole

Catherine Toole, ceo at Sticky Content

Thanks for this blog David, very interesting. At Sticky Content we recently compared the copywriting approach various companies took to cookie compliance messages, which might be a useful addition to your post.


about 6 years ago


Dan Champion

@Steven Garrett - you wouldn't be the same Steven Garrett who is UK Director of Sales at Evidon, who happen to supply the Cookie Consent tool on the sites you cited, would you?

I'm sure no-one would mind you blowing your own or Evidon's trumpet (just look at Catherine's and Mike's plugs, no shame there). So don't be so coy in future, if Evidon are providing a quality service just say so. :-)

@Mike Henson - using javascript to obtain approval for and then set cookies might satisfy the law on cookies, but it's going to cause serious accessibility issues for those without access to javascript. My e-commerce clients aren't going to be chuffed if suddenly 5-10% of their visitors can't add items to their basket, because they can't accept cookies. Nice idea, but I think your solution needs a rethink.

about 6 years ago



B&Q "enforms"...? Come on!

over 5 years ago



I stand by my usual sentiment with regards to this law: All technology-related laws must be reviewed by a jury consisting entirely of people who are fluent in three or more programming languages, who are given the power to stop the law in its tracks.
This would prevent 99% of stupid computer laws right off the bat.

over 5 years ago

Save or Cancel

Enjoying this article?

Get more just like this, delivered to your inbox.

Keep up to date with the latest analysis, inspiration and learning from the Econsultancy blog with our free Digital Pulse newsletter. You will receive a hand-picked digest of the latest and greatest articles, as well as snippets of new market data, best practice guides and trends research.