89% of UK consumers think that the EU cookie law is a positive step, though 75% had not heard of the e-Privacy Directive before they were surveyed. 

Funnily enough, a similar proportion of marketers (82%) in a recent Econsultancy/Toluna survey think the opposite and view the cookie law as a real threat to the web. 

The stats come from a survey of 2,000 consumers carried out by eDigitalResearch and IMRG last month. 

According to the IMRG's Andy Mulcahy, the directive provides "an opportunity for retailers to increase trust and loyalty through a clear, unobtrusive and customer-friendly cookie notification process".

I'm not so sure about that...

The survey results

Here's a summary of the key findings from the survey. The results broadly match those found in our recent consumer survey, though we didn't ask consumers whether they thought the directive was good for the web, as we thought it would be too tricky to explain succinctly.

I do wonder about the 89% figure. Were consumers told about the potential threat to online businesses, and their own user experience, or simply that is was a law designed to improve privacy online? 

  • 75% of the 2,000 consumers surveyed have not heard of the new EU cookie directive. Of those that had, only 16% were truly aware of what changes would come into effect on May 26th.
  • After being told about the directive (wonder how long that took to explain?) 89% of those surveyed felt that it was positive for consumers and 79% agreed that the changes were needed due to the lack of public knowledge about cookies. 
  • 23% are happy for websites to use cookies to improve their browsing experience, which is the same number who said they would be keen to opt-in in our survey. 

Are marketers and consumers that far apart? 

While the difference between the views of the consumer and the marketers we surveyed may suggest that the latter are not listening to customer concerns, I think there is more to it than that. 

For one, the 82% of marketers who believe the cookie law is bad for the web do not necessarily disagree with the 'spirit' of the directive, just the ham-fisted way in which it has been applied. 

This is a typical comment from our survey: 

While I'm all for protecting privacy, the bit of this directive that applies to cookies has been ill thought out and even more badly applied, by someone who doesn't understand the technology. Rather than try and analyse what cookies are actually intrusive, they've just 'banned' the lot! 

Are you concerned about your privacy when browsing and buying online?


In short, nobody really objects to consumers being informed about the information that websites take from them and how they use it, but the directive and its implementation will possibly hinder this process. 

Public perception of cookies

It's clear that users need to be educated about cookies and what they are used for, as there are many people who seem to view them as something to be feared. 

33% of those surveyed by IMRG believed that cookies could be used for viruses and Trojans, while in our survey 40% said they thought cookies were bad for the web. 

This is a big problem for online businesses, as many people are likely to opt-out of cookies for the wrong reasons, and this is a real threat to online businesses. 

I'm all for consumers being given the information they need to make an informed decision about cookies, and if websites make cookie and privacy policies more prominent and informative as a result of this, that's no bad thing. 

At Econsultancy, we have made our privacy and cookie information more prominent, and users of our site can see exactly what information we gather and why. After reading this, users can make their own decisions about whether to block cookies using their browser settings. 

If the demands of the directive stopped at this point, I think there would be very few people who would argue with it. 

The problem is that the demand for overt and informed consent means that, if websites comply, users will begin to see all sorts of scary messages about cookies associated with words like targeting and tracking. 

Since many already see cookies as a bad thing, many are likely to say no without actually thinking, while others will just be irritated by interruptive messaging and abandon the site. Thus online businesses lose sales and revenue, while the customer is no more informed than before. 

According to Lovehoney E-commerce manager (and now TV star) Matthew Curry: 

Many people don't understand the technology, and the Cookies = Evil message implied by the directive is just going to make it worse. Try explaining to your average user what an affiliate is, or a session, or MVT. It's not going to work.

This HAS to be a message about privacy, and being open to your visitors about what you do in the simplest language possible. 

Will the cookie law make the web safer? 

Really, most consumers have nothing to fear from cookies, and they do much to improve the user experience. 

Do analytics cookies do users any harm? No, they don't store any personally identifiable information, and actually allow websites to improve by learning from usage patterns. 

Of course, cookies used for ad targeting are likely to be the most objectionable to web users. The words targeting and tracking conjure thoughts of Big Brother, but all they do is improve the relevance of advertising for the average user. 

This is no bad thing, and people are free to ignore ads or even use adblockers to get rid of them

I can see why people object to retargeting, and it is techniques like this which may have triggered the update to the PECR. 

Then there's the point that cookie consent pop-ups hamper reputable businesses while doing nothing to safeguard consumers against dodgy sites. 

This point has been well made by Martin Belam

One of my biggest concerns with the new emphasis on gaining consent for placing cookies on a user’s computer is that it means mainstream sites and businesses will spend the time and effort to make systems that will interrupt the browsing experience, whereas those that are planning nefarious activities won’t bother.

Ironically the legislation will make the user experience of sites that mean you and your data harm smoother and easier than the user experience of sites that are being responsible about cookies.

Publishing and online ad revenue

We all know about the problems that many publishers are having as offline ad incomes shrink, and if newspapers are to keep their content free for consumers, then they have to make money somewhere. 

Of course, some take it too far with pop-ups, interstitials etc, and spoil the user experience, but not every site. However, if users want free content by quality writers, then they have to be paid somehow, and ad targeting is one such method.

Martin Belam made this point in the comments of a Guardian article on cookies, and there wasn't much sympathy for his opinion:

I must say that on a personal level it always dismays me the number of people who are happy to come onto the Guardian site, where we rely on commercial components to pay for the journalism, and then use our free commenting platform to recommend that people use AdBlock, or disable the analytics scripts that are the only way we can measure usage of the site to prove the worth of it to advertisers.

It basically says ‘I’ll have your news for free thanks, and I don’t even want you to be able to generate the money it has cost you in bandwidth and storage to serve the page - let alone pay for the reporting.’

Is it possible to have an "unobtrusive and customer-friendly cookie notification process" as the IMRG suggests? 

I'd say it's tricky. It's well documented that any barrier to the user's progress through a website, such as compulsory registration, increases the likelihood that customers will abandon. 

Therefore even the most cleverly worded and well designed cookie consent mechanisms, such as BT's, will inevitably cost some sales. 

Belron's Craig Sullivan sums this up

We run many millions of tests every month on our sites.  We know from experience and testing, that interrupting people with a new opt-in interface or a 'Halt' message will actively harm both the user experience and our business.  

European companies implementing a full opt-in user interface will find two things. Firstly, that their conversion rate drops and secondly, that their ability to use customer tracking reduces their ability to improve their site.  

In conclusion...

The results of this survey highlight consumer concerns about privacy, but also the difficulties that websites will face if they are forced to ask for consent to set cookies. 

It's possible to have an unobtrusive and consumer friendly cookie notification process if solutions such as Econsultancy's and those adopted by John Lewis are considered to be acceptable. 

I appreciate that the ICO is in a difficult position and is trying to take business concerns into account while attempting to take the directive seriously, but the lack of clear guidance has caused much confusion among online businesses.

We're a few weeks away from the 'deadline' and, short of carrying out cookie audits and enhancing privacy policies, most are still unsure how to comply. 

It seems that the ICO, which doesn't know what compliance is, will consider this to be enough in most cases (at least for analytics cookies) but how this will apply to other cookies remains to be seen. 

However, if strict consent is forced upon websites, then users and businesses will suffer for very little gain. 

That said, I think very few businesses will 'fully comply' unless the enforcement of the law after May 26th leaves them no alternative. Let's hope common sense prevails. 

(Our report, The EU Cookie Law: A Guide to Compliance, explains the legislation as far as it affects UK online businesses, sets out some practical steps that you can take towards compliance, and includes examples of how websites can gain users’ consent for setting cookies. Do check it out.)

Graham Charlton

Published 9 May, 2012 by Graham Charlton

Graham Charlton is editor in chief at SaleCycle, and former editor at Econsultancy. Follow him on Twitter or connect via Linkedin.

2566 more posts from this author

You might be interested in

Comments (8)

Save or Cancel
Anna Lewis

Anna Lewis, Google Analytics Analyst at Koozai

Great summary and analysis Graham, the stats are scary!

I really think web users need to be educated about what are the real risks and what are not risks online. If people in power say that cookies can be dangerous users will panic and stop them all, without realising how beneficial they are to providing a better web experience. Yes I'm biased as I love analytics data, but I'm worried about what's going to come of all this. Hopefully most people will comply by having a clear Privacy Policy and users will soon learn that cookies won't hurt them, or their computers.

over 6 years ago


David Quaid

Its a ludicrous law. Nobody understands privacy online properly. Google are ignoring this to a large degree - and rightly so but they also perpetuate not providing keywords in signed-in search but conveniently do for AdWords. The UK may gain rights to search websites without a warrant.

over 6 years ago


Elissa Sofiati

Hello Graham...
so scary ya bout the info...
I want to ask,how about deleting all google accounts,ex...blog,email n other website related to the google mail that need the compliament of the Eu cookie law...?
Let say if i delete all my data on google account n the website related to it...
Does the law still should be taken aware by me and they still can fine me in any way if we do not comply within the due on 26th may 2012?
Or I am now safe from being charged or fine by the law..?
Need your advise...

over 6 years ago

Graham Charlton

Graham Charlton, Editor in Chief at SaleCycle

@ Elissa Not sure what you're asking...

over 6 years ago


Dave Trolle

Summit's retail clients are taking a very pragmatic approach to the pending EU cookie law. The general theme is one of understanding through cookie audits and educating consumers with updated privacy policies. It is then a watching brief from the 26th May to see what practically happens with enforcement across retail. We are expecting quite a buzz at tomorrow’s Ecommerce Futures Conference http://www.summit.co.uk/online-technology/summit-ecommerce-futures-conference, as we are only now 12 days away from deadline day.

over 6 years ago



I think this whole issue proves that yes, it is possible for the vast majority of people to be wrong.

This law is retarded. Browsers have had configuration to manage cookies, including the option to disregard them completely for decades now.

Its a fair point that a most users are idiots, who might not know about these controls. Perhaps there is a need to educate them, but should that law not be targeted at browser makers, rather than websites?

about 6 years ago



This law is misdirected, vague, technically unfeasible to implement and downright infuriating.

The responsibility to enforce this should be with with the tracking companies, Google, Facebook, doubleclick and the likes, it's their service that sets tracking cookies, so it's their service that should determine their use.

These statistics are absolutely useless and I'm not inclined to believe your sources. Nobody cares what a UK consumers opinion on an entirely technical issue is.

Everything is wrong with this law and having all of that thrown from Google, Facebook and whoever else's shoulders onto the innocent web developer is fucking absurd and utterly destructive towards the industry.

about 6 years ago


Theo Jameson

I have to agree with the majority of what has been said. The law is vague but the average user needs to learn about the benefits and the dangers so that they can make informed decision rather than panicking. Although for many users they simply don't care.

over 5 years ago

Save or Cancel

Enjoying this article?

Get more just like this, delivered to your inbox.

Keep up to date with the latest analysis, inspiration and learning from the Econsultancy blog with our free Digital Pulse newsletter. You will receive a hand-picked digest of the latest and greatest articles, as well as snippets of new market data, best practice guides and trends research.