When the EU e-Privacy Directive was first announced, it was thought that the internet would collapse as we were hit with a wall of pop-ups asking for cookie consent.

We were told that users would opt-out of cookies in droves, making it impossible for websites to measure traffic, target users with offers or advertising.

But, thankfully, the Information Commissioners Office has adopted a relatively laissez faire attitude to enforcement, and is instead allowing the industry to work out the best way to inform consumers of the use of cookies. Or it hasn’t a clue, depending on your point of view.

As a result, most sites have gone down the implied consent road and have simply made their cookie policy more prominent rather than explicitly asking for users to accept cookies.

Those that do explicitly inform users that the site uses cookies generally don’t give an option to opt-out, but instead direct people to change the settings in their browser.

We’ve already examined the BBC and The Daily Mirror’s approach to cookie compliance, and here are 20 more examples from a range of sites.

Most are providing clear(ish) information about the fact that cookies are used on site, though some have gone further than others to ensure that cookies messages are visible to visitors.

Links to cookie and privacy policies


EU cookie law


Comparethemarket features its cookie policy on its homepage, but buries it among this large body of text.


B&Q informs users of its new cookie policy at the very bottom of its homepage.


Debenhams is one of a huge number of retailers that simply have a small ‘Cookies’ tab at the bottom of the homepage.

House of Fraser


The Co-operative Bank


Lloyds TSB


Thomas Cook


More prominent messaging


John Lewis

Northern Rock


BBC Good Food

This is one of the only examples I could find that actually uses a pop-up to notify users of its cookie policy. Both MirrorOnline and BT have used pop-ups, but less intrusive than this one:

Mobile examples

In general, brands that highlight their cookie policy on their desktop site use the same format on their mobile site.

The BBC and Gocompare’s mobile approach mirrors their desktop sites.


However, a number of sites fail to mention their cookie policy at all on mobile. For example, despite featuring it quite prominently on its desktop site, John Lewis’s mobile site doesn’t refer to its cookie policy.

M&S takes a novel approach on mobile – it uses its checkout process as a way to also gain user consent for cookies.


The humourous approach

Daily Mash

Love the ‘whatever’ button.

Ling’s Cars

Not quite what you’d call strict compliance, but there is some cookie information there…


As we can see from these examples, a lot of sites have chosen to avoid going down the pop-up route and instead just assume that users give their consent unless they actively change browser settings.

Making the cookie policy more prominent is likely to mean the companies avoid any action from the ICO, while ensuring that no roadblocks are placed in front of users.

That said, there a huge number of popular sites that don’t seem to have done anything at all, and it will be interesting to see what, if any, action the ICO takes against them.

The one example that I could find that uses pop-ups is the BBC, but that is probably a unique case. Consumers generally invest a huge amount of trust in the BBC so it can be more explicit about its use of cookies without causing users to abandon the site.

But in general, it seems that most sites, as Econsultancy has done, will be taking a subtle approach to cookie compliance.

GDPR: Which websites are blocking visitors from the EU?