The cookie law deadline arrived on Saturday, and we haven’t quite seen the pop-up apocalypse that some had predicted. 

This may have had something to do with the ICO’s last-minute revision of its guidance, but its more likely that many simply aren’t prepared to risk harming their business models when it’s unclear how the law will be enforced. 

While news websites like the BBC and Mirror have added some sort of status bar or pop-up, retailers have taken a different approach to compliance. 

(I’m certainly not looking to ‘out’ websites here, so I’ll be looking only at those which have taken some action).

Online retailers and the cookie law

There was understandable concern amongst online retailers about the cookie law. Let’s face it, who wants to add any barriers between a customer and a purchase?

However, there aren’t too many signs of compliance (strict compliance anyway) from most retailers. After all, if the ICO keeps moving the goalposts, and there’s no guarantee that action will be taken, why would you? 

It seems that the most common solution is to add a more prominent link to the cookie policy, and list the cookies and trackers used on each site. 

This goes along with the spirit of the directive in that it informs the customer, though not many retailers seem to be asking for consent, implied or otherwise. 

The ICO has written to 50 websites to ask what steps they are taking towards compliance. There are a few retailers on there (Amazon, eBay, Next…) but not as many as you might have thought. 

Of course, that’s because it’s vital that Merthyr Tydfil County Borough Council is compliant. And it is: 

Here are a few examples of cookie info from retailers: 

John Lewis has added a more prominent link to its cookie and privacy policy. While it doesn’t stand out that much, it is in an area of the page where users are more likely to see it:

The retailer presents detailed information about the cookies it uses, though it doesn’t allow users to change settings on site, instead pointing people to browser settings:

M&S takes a similar approach:

I expected Amazon to ignore the directive, for the moment at least, but it has added a link to its footer: 

Other retailers, including Mothercare, ASDA, House of Fraser and TopShop have done the same, but the majority I looked at have done very little in terms of messaging. 

One example of more prominent messaging comes from Best Western, which takes a humourous approach:

Should retailers bother to comply with the directive? 

Since the ICO has moved the goalposts and isn’t going to be too strict about compliance, it’s no surprise that many retailers have done little, or the bare minimum. 

As the ICO will wait for complaints before taking action, and that action is most likely to be a letter, the threat of a fine seems a long way off. Therefore, retailers are likely to have plenty of warning before any enforcement action is taken.

If this is the case, and since interruptions to the user experience can mean lost sales, there is little to compel retailers to comply fully with the EU directive.