Best Practice

The EU Cookie Law: A guide to compliance

By Econsultancy,

How to ensure that your website complies with the EU e-Privacy 


The EU Cookie Law guide look into the legal changes as they affect online businesses in the UK, the potential threats to online business models and the steps that companies could be taking now to demonstrate compliance with the EU ePrivacy Directive.

The Information Commissioner's Office (ICO), responsible for ensuring compliance in the UK, itself has admitted that it doesn’t know exactly what compliance will look like and much will depend on what happens when it starts to enforce the EU Directive.

However, there are steps that companies can take now to ensure that their websites are in a position to comply with the new rules. 

This 40-page report explains the legislation as far as it affects UK online businesses, sets out some practical steps that you can take towards compliance, as well as showing some practical examples of how websites can gain users’ consent for setting cookies.

The report also contains the findings of Econsultancy's EU e-Privacy Directive survey, a short poll of more than 700 marketers that examines how companies are preparing for the new legislation ahead of the May 26 deadline.

Table of contents 

  1. About Econsultancy
  2. Purpose of this guide
    1. Introduction
  3. The Legal Imperative: what changed?
    1. Building a solid foundation of knowledge; the detail
    2. How does this change affect online businesses?
    3. When will the law come into force?
    4. What are the penalties for non-compliance?
    5. Is this really going to happen?
    6. Summary of key points in the legislation
  4. The ICO’s guidance
    1. The third-party cookie problem
  5. What do marketers think of the ‘cookie law’?
  6. The cookie conundrum: how will web users react to cookie messaging?
  7. Approaches for compliance
    1. The “path to compliance”
      1. Carry out a cookie audit
      2. Evaluate the privacy impact of each cookie
      3. Carry out a business risk assessment
      4. Look at how you will inform users on your website
      5. Look at methods for gaining consent
  8. Six possible responses to the ECPR
    1. Do nothing at all
    2. Take small (and slow) steps towards compliance
    3. Carry out cookie audit and improve on site privacy and cookie messaging
    4. Implement an implied consent mechanism for cookies
    5. Assume consent only if users click to accept cookies
    6. Use interruptive messaging to ensure that customers actively opt-in or out.
    7. Providing information on cookies and privacy
  9. Examples of consent mechanisms
    1. Three possible consent mechanisms
      1. Modal dialogue
      2. Status bar
      3. Warning bar
    2. Cookie consent: examples from websites
    3. Cookie consent: key considerations
  10. Further resources
    1. Our consultancy services
    2. Econsultancy reports
    3. Econsultancy blog posts
    4. Other resources 

Download a copy of the report to learn more. 

free sample is available for those who want more detail about what is in the report.


  • Pdf SAMPLE: The EU Cookie Law: A guide to compliance (582 KB PDF)
  • Pdf Disabled The EU Cookie Law: A guide to compliance (2.03 MB PDF)

Access the full report

Econsultancy subscribers have full access to all our online research as well as a host of other services designed to help save you time, make better decisions and look smart in meetings.

Learn more and buy today