The ICO’s one year amnesty on enforcement of the EU e-Privacy Directive ends tomorrow, and a few more sites have been rolling out their compliance solutions. 

BBC.co.uk launched its cookie info banner yesterday, while Channel 4, The Guardian and the Telegraph have today. 

The four approaches are all very different… 

BBC.co.uk

The BBC has gone for a status bar at the top of the page which informs users that the site uses cookies. 

There is a link to change cookie settings, but if users press continue or just carry on using the site, cookies are set and consent is implied. 

As well as providing further information about the cookies the site uses, the BBC allows visitors to opt in and out of three groups of cookies. Presumably, analytics cookies fit into the ‘performance’ group:

This is a good solution which makes the site’s use of user information clear and provides the information and options that users need to learn about and manage cookies. 

Crucially, it doesn’t impact the user experience. Even after turning all cookies off, the site still functioned reasonably well. 

The BBC possibly feels it has to set an example here, and it has gone further than other sites have so far. Still, it has managed to do so while not interrupting the user experience. 

Channel 4

Channel 4 has also gone for a status bar, but has asked customers to click the button to accept cookies and close the message: 

Obviously, there’s no option not to accept, so users that object to cookies need to click the ‘how to manage cookies’ link and find out more there. 

Unlike the BBC’s approach, Channel 4 does not allow users to set cookie preferences on site, instead providing links to the help sections of browsers so that users can set preferences there. 

Like the BBC, Channel 4 has at least made the fact that it uses cookies clear enough, and has provided clear links to further information. 

Since it doesn’t allow users to opt out of cookies on site, it isn’t compliant in the strictest sense, and it does seem designed to push people towards doing nothing and opting in by default, but at least the information is there for those that want it. 

The Guardian

The Guardian’s cookie message is short and to the point, and it does put the information in a prominent position. 

The site is not asking for users’ consent though, it is implying it by continued use of the site once they have seen the message. 

It does provide some very detailed and comprehensive information about the site’s use of cookies and visitor information though. As well as the usual information on the cookies it uses and why, it provides links to help on managing cookies using browsers.

Its visual representation of the cookies it uses and how they affect what users see on the page:

Again, this is not a ‘strictly’ compliant solution, but it’s hard to argue that users aren’t being informed about the cookies that are used on the site. 

The Telegraph

Telegraph.co.uk has a prominent link at the top of the page to its Privacy and cookies policy, but no information about implying consent. 

The Telegraph does tell users how it gather information, uses cookies and why though, unlike the others, it doesn’t provide links to change browser settings. 

This is broadly similar to Econsultancy’s solution, and while there is no option to opt in or out, it does provide a clear link to information for those visitors that have concerns. 

UPDATE: Since I visited the site earlier, The Telegraph has started to show this pop-up to new visitors, which remains on screen for around ten seconds. 

Are these methods compliant? 

This is a tricky question, especially since the ICO doesn’t know what compliance looks like. As The Mirror’s Malcolm Coles said when talking about the news site’s cookie compliance, “the main test is clearly going to be what enforcement action the ICO takes”. 

On that basis, since all four sites have carried out cookie audits, informed users about the information that the site uses, added clear links to cookie policies, and have some kind of consent mechanism, then this must at least put them well down the list for enforcement action. 

(Our report, The EU Cookie Law: A Guide to Compliance, explains the legislation as far as it affects UK online businesses, sets out some practical steps that you can take towards compliance, and includes examples of how websites can gain users’ consent for setting cookies. Do check it out.)