The British Tracking Cookie Law Explained » Didgeroo

The British Tracking Cookie Law Explained

Nov 01, 2012
Wayne Freeman

This piece of legislation that has graced us in the UK since May 2012 has become quite the hot topic as of late, and partially as a result of its amazing fluency in “Legal Speak”. Whilst I cannot consider myself totally fluent in “Legal Speak”, I feel as though I can at-least take a stab at explaining what has befallen us, and hopefully clear up some confusions associated with this legislation.



The Hard Facts
This legislation applies to all forms of trackers, no matter their purpose.
The maximum fine for not complying with legislation is £500,000.
This legislation also applies to emails and subsequently, subscribers to newsletters.
“Strictly necessary” trackers will be allowed to operate without user consent.
Users/customers must be given a notification that cookies are being used by your business if they are affected.
Users/customers must be offered the chance to opt out of the tracking cookie usage.
“Implied Consent” complies with the law. (for example; the opt out being to not use the ‘site.)
This legislation was not designed to combat tracking cookies, but originated as method to combat misuse of information.

The Bleak Potential
Now onto the ranty section with questionable bias. The first point to note is that this legislation was originally proposed in the EU parliament, whereby the UK government thought it best to build upon the idea and pass it off as a law. Whilst there is nothing (theoretically) wrong with laws being imposed by an external political body, there is something wrong with escalating the severity of the law when it is not required. Escalating the severity of this legislation is very likely to cause some form of panic, most likely within some of your customers.

Let me elaborate on that point; your customers are not necessarily as tech-savvy as yourself. This means that their knowledge of what a tracking cookie is cannot be equated to your own, and as such they may make assumptions about what is being done with the data you track. The mass media is not particularly good at keeping peace, and can often be associated with such terrible phrases as Scare-mongering, Despair-inducing and Pessimistically Informative. A cynic such as myself might go so far as to say that being one of the 3 prior phrases is their business, but I digress. Your customers may have heard about this legislation from the mass media, and as a result may feel as though this legislation is the heralded white knight of salvation, destroying those evil companies trying to provide a good service. In short, and I should have probably started with this, your customers may not know how their data helps them receive a better service, and the method of their introduction to this legislation may cause misinformed panic.

Furthermore, punishment for not abiding by their labyrinth of legislation, is currently only limited to educating you how to abide by it. Essentially, your punishment for being lost in a maze is to be led out by your nose and given a map as to how to get through next time. I agree that this is a good course of action, but when you have the option to avoid this course in favour of creating legislation that a regular person can understand, this seems very redundant. It seems much simpler to clearly state what is required, explain why it is required, and punish those who cannot follow clearly set out instructions. It is possible that the leniency displayed thus far when punishing non-compliance with this law will lead to a relaxed attitude in general to this legislation. The British Information Commissioners Office (ICO) seem content with educating those who do not follow the rules, so why should attitudes change?

The Questionable Credibility
To move on from customer perception, let us look at the credibility of the office responsible for this piece of legislation. I’d like to inform you of the UK governments’ own take on this legislation. Stated on is,”the government admitted that most of its sites would not comply with the new rules in time. ” Hurrah for dedication to a cause. The British Information Commissioners Office (ICO) are responsible for this piece of legislation, and seem to have failed to inform the assorted government agencies to update their own sites, so you can see why trusting their reasoning would be difficult. Furthermore, their overall goal with this legislation is to be “open and transparent”. This being achieved, apparently, by creating confusing legislation that almost requires a translator and failing to inform the national government of how to adhere to the new legislation. Bravo ICO, bravo indeed.

To appeal to the conspiracists reading this article, this legislation seems to be pathing the way towards a very anti-progression society, operating within and defined by the law. This legislation is designed to inform users as to which websites use tracking devices, but fails to inform as to why. Why would an average person care as to whether or not some marketing information is being tracked when they are perfectly fine with revealing all via social media? The information has no meaning nor use to the average person. This legislation really only puts boundaries on the technology and those employing it, possibly reducing the interest in a potential technological field. This legislation could lead to further laws passed that constrain technology for the sole purpose of “informing” consumers whom have little technological knowledge, and even smaller desire for such. We are talking about traditionalists here, the very same who oppose every new invention as if it will bring the apocalypse.

The Necessary Actions
Complying with this legislation is not necessarily difficult. ICO may make you think that you need to serve soufflè to your customers for fear of being shut down due to unsatisfactory cuisine, but you really only need to serve scrambled eggs to avoid a scolding. Didgeroo can even help you beat the eggs/legislation, but even we cannot deny the success of this legislation. The steps seem very intuitive, because they actually do succeed in ICOs main goal of informing consumers. The following steps should be sufficient to comply with the new law:

Inform the customer in relatable language.
The customer is a human, not a robot. Informing them of the changes (legal and business) in a form of language that is not so aloof could even strengthen your customer ties. What is classified as “inform” isn’t mentioned as far as I can see, so it would be wise to “inform” in basic language to be safe.

Offer some form of “opt out” option to customers.
This is a hassle, but now almost required step. Even if you think it doesn’t apply to you, you might want to offer it anyway just to be safe. Window-dress it as offering customer choice and you might even win a customer or two in the process.

Clearly state the use of tracking cookies/devices.
Once again, a necessary bother to comply with the ever-changing digital laws. Small print in the Terms and Conditions is no longers appropriate, for now this statement should be easily found and displayed. A sentence or two should suffice, and would probably be covered by the above points, but it may be best to be safe.


As it stands, the “Tracking Cookie Legislation” is difficult to understand, but easy to adapt to. A few small tweaks to your website will make you fully compliant with the legislation, and the differences really do help inform your customers as to the new laws. The issues begin to pile up, however, when you look at the potential of this legislation, the credibility of The British Information Commissioners Office (ICO) and just how this legislation has been implemented. It seems fair to say that the implementation of this legislation really only serves to satisfy the paranoia of a demographic very out of touch with technology, and does a bad job of it too.