UK Cookie Law

Ouch… I heard about this last year but totally forgot about it… … ookie-law/">

The wording here is

> The law stated, among other things, that companies operating in the E.U. and the U.K. must obtain the consent from its Web site users.

Hosting in UK == operating? Also

> U.S.-based companies with a presence in the European Union, no matter how small, are still liable to E.U. laws, regardless of whether your Web site or Web application is hosted in the E.U. or elsewhere. Mobile application developers are also subject to the E.U. laws (see below).

In this scenario, while your U.S. Web site and all other non-E.U. Web sites are not liable to this law, your dedicated pages for the U.K., Italy, France, Germany, and so on, are all affected.

I'm not quite sure I understand this. I'm not a US/EU based company, but have a node in London, which hosts a site localized for a non EU country.

Any legal experts in the house care to shine some light on this?

12 Replies

I have the opposite set-up.

I'm in the UK but I have my hosting servers on US soil, however because some of my customers may come from the UK/Europe I have to comply with the new cookie regs.

It all seems a bit unfair though to you guys. How are non EU parties like yourself and Linode expected to know every nuance of EU regulations?

I was asked by a number of weather sites if I could come up with a simple solution for them. I'm NOT in the EU…

I looked at the various JavaScript popup systems etc… and found that most of them leaked cookies before getting permission. So I wrote a simple php solution that doesn't use JavaScript that doesn't leak any cookies.

When a visitor hits the page a hook in common code looks for a Permission Cookie. If it doesn't find it it checks to see if the visitor looks like a search bot. If that fails, the visitor is sent to a permission script called cookies.php.

That script tells them that their permission is needed to use cookies, some reasons why and a simple input form. If the user grants access, a Permission Cookie (Ironic) gets placed on their system and they are then redirected back to the site.

If decline…well there is not much point in continuing since the system needs to use cookies to function, so they are stuck.

The process only happens once unless they clear their cookies, use a different browser/workstation or the permission cookie expires (set for 1 year).

There is a link that can be placed on a page to revoke the permission cookie which ends up basically sending them back to the permission page.

I found easy spots to place it for SMF, phpBB, Tracs, MediaWiki etc…

Only spent a few hours on it. Seems simple, easy to implement and beats having to recode your site.

BTW.. It think the law is nuts… but that is another topic.

Let's see how all that (which is something similar to what I'll do) will work for people that configured their browsers to clear cookies on exit. :mrgreen:

Also, it is my experience that regular Joes and Janes have no clue what cookies are, but they DO hear alarmist news titles about hacking, so if you all of a sudden present them with a choice pertaining to security/privacy that they don't quite understand…. well…. as the famous last words go, what's the worst that can happen, right?

I'm grabbing popcorn to see what would FB do. :) And google. :) They both operate within EU, have offices, servers there, and sites localized for individual countries, so by any provision of the law, this implies to them at all levels.

I bet we'll see this law changed within next 6-12 months

Here is a Wordpress plugin if applicable:

Forgot to post a link.

When you hit the site the first time, you will get trapped to grant cookie usage. Of couse due to a missing feature listed below, when you grant it, you end up at the main page of the site instead of the actual link you went to. Hit the link again and you will get there.

Going to the site shows how it works and the page has more info along with some places you can put the hook into.

Really need to add:

o a way to capture where the user was going when they were trapped and send them after they grant approval

o An easier way to add more possible robots, and whitelist sites (like a speed check site) which can't provide permission.

Which I will do if I work on it any further. Not something I really need for myself, though a bunch of weather sites are now using it.

Don't you just love it when the uninformed/ignorant people are the ones that pass the laws?

I have actually taken down my webmail and all websites just because of this law, because I can't see any way around that I can implenent such validation in all my systems


Don't you just love it when the uninformed/ignorant people are the ones that pass the laws?
How is this law any different to…



Don't you just love it when the uninformed/ignorant people are the ones that pass the laws?
How is this law any different to…

It's not and it's terrible. It's the lobbyists that get laws passed. What a sad world.

This is going to be painful for some companies (sites which use third party adverts for instance) but after reading the ICO guidance on the issue I'm not as concerned about my own sites as I was when I first read about the law.

If this becomes a problem for myself, I'll just resort to the quickest solution; widespread access denial. Tough luck for UK/European users, but it's on them for not clamoring to get that law revoked on their own.


Please enter an answer

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct