While around a third of retailers will use pop-ups to request consent for cookies, the vast majority will not make cookie consent compulsory. 

These stats come from a survey of 100 retailers with revenues of £3m p.a. or more, conducted on behalf of Eccomplished.

The figures suggest there is much confusion amongst retailers over how to comply with the e-Privacy Directive, also shown in our previous survey of internet marketers

Third party cookies

One such area of confusion is third-party cookies, as 29% believe the responsibility lies with that third party. 

Third party cookies are an issue, more so since these are likely to be used for ads and targeting, and are therefore the least popular with users. 

Our consumer survey on the cookie law found that cookies used for ads and targeting are the ones that users would be the least likely to consent to:

What kinds of cookies would you be happy to consent to?

According to the ICO, “…it is the person setting the cookie who is responsible for compliance although the website has a part to play”.

In practice, the ownership of cookies on a page can go through a series of commercial and technical relationships. For example, a tag from DoubleClick administered by an agency might then incorporate several third-party tags from media networks that in turn set a whole set of cookies.

The website owner needs to establish some control over what third party tags are used on their site, so that the web user has clear and up to date information. 

Cookie audits

66% of the retailers surveyed are carrying out cookie audits, sllghtly higher than the 54% from our survey carried out in March. 

This is the first basic step towards complying with the cookie law and it is worrying that 34% are yet to do anything to comply. At the very least, a cookie audit does at least enable retailers to claim that they have taken some action. 

In addition, 67% are updating their privacy policies, and the clarity of this information is also key. 

For example, John Lewis has now moved its privacy and cookie policy to a more prominent position on the site, and this links to detailed information about cookies. 

How do retailers intend to gain consent?

According to the survey, there are three broad approaches to asking for visitors' consent to set cookies, and retailers intend to use a combination of these options:

  • 63% (66% large and 63% of small businesses) plan to ‘take implicit consent’ when users try to access functionality or edit settings.
  • 50% (45% large, 54% small) plan to seek consent via a non-compulsory opt in.
  • 34% (45% large, 39% small) plan to use compulsory pop-ups to drive consent.

Of the experts I spoke to when compiling our guide to the EU cookie law, very few were planning to go for compulsory opt-in mechanisms.

In fact, having to implement an intrusive opt-in solution like a compulsory pop-up is something many e-commerce managers are keen to avoid, as it is likely to increase bounce rates. 

Graham Charlton

Published 23 April, 2012 by Graham Charlton

Graham Charlton is editor in chief at SaleCycle, and former editor at Econsultancy. Follow him on Twitter or connect via Linkedin.

2566 more posts from this author

You might be interested in

Comments (4)

Mark Chapman

Mark Chapman, Director at the eConsultant

The digital industry should have been given the opportunity to self-regulate rather than use draconian legal measures to bully / threaten / bash the world of eBusiness to comply.

Simply, the cookie regulations constitute unnecessary barriers of bureaucracy.

Compliance is still not precisely defined - and even the ICO is unclear about differences between cookies and spyware.

It's easy for EU legislators and ICO to sit back, eat lunch in taxpayer-funded meeting rooms and say: "Oh, I think we will make a law about that."

Internet surfers and website visitors + customers should be confident and have trust using the Web - but using EU law is bureaucratic overkill, more likely to harm than help.

I know I've made this point before but to emphasise... For all website visitors to have to agree to cookie use on hundreds and thousands of websites on websites (only in the EU, mind) is plain daft.

It's bad enough having to accept reams of legal terms and security notices (that no-one reads) for applications such as iTunes and Windows... but to have to do this time and again for every website we visit will drive people off websites, an area enjoying some economic progress.

over 6 years ago



Regarding the headline 34%, seems to me that 'compulsory popups to drive consent', i.e. "tick this box or go away", is the worst possible mechanism, since it could simply be a way ('non-informed, enforced consent') of avoiding notifying what cookies are being set.

over 6 years ago

Graham Charlton

Graham Charlton, Editor in Chief at SaleCycle

@Russ Good point - it's virtually impossible to provide the information people need to give informed consent (which cookies are used, why, for how long etc) within a pop-up.

over 6 years ago


Steve Rivers, Founder & MD at Intelligent Reach

I think the key is a combined and staged approach as my article here suggests.http://eccomplished.com/new-research-from-eccomplished-highlights-e-privacy-directive-is-confusing-and-challenging-for-many-uk-retailers/

The research we carried out showed that 2/3rds of respondents were carrying out cookie audits and make their privacy information better and more accessible. The first stage, as you rightly point out, is to make the user aware of the cookies you use or at least make them aware of the resource to find out as much as they want about the cookies (and in the case of the john lewis example probably much more than they need!). This "education" and openness is more likely to make them trust your brand more than make them overnight online marketing experts but that's what you want.

Strong privacy policies, opt outs etc have been a requirement and best practice for many years now. However it's important to make them prominent to users, not hidden away like most have been for years. Then once you decide the best way to gain implicit consent, as and when you want/need to implement this, your users trust levels are a high as they possible can be (obviously this should be within the next month but we all know no-one wants to be first and get themselves a competitive disadvantage)

Having a clear link within the opt-in mechanism for them to read about all the cookies, should they wish, is obviously best practice.

In the end users do want clean, nice to use, personalised site experiences as econsultancies' own consumer research showed. Being followed round the net with products they looked at but didn't want to buy and still don't might be a different story....

over 6 years ago

Save or Cancel

Enjoying this article?

Get more just like this, delivered to your inbox.

Keep up to date with the latest analysis, inspiration and learning from the Econsultancy blog with our free Digital Pulse newsletter. You will receive a hand-picked digest of the latest and greatest articles, as well as snippets of new market data, best practice guides and trends research.