UK websites opt for minimal cookie warnings

Only 12% have implemented prominent privacy notices with robust cookie controls

Nearly two thirds of UK websites have taken steps to address the EU cookie directive, but the majority are still only doing a minimal amount to alert visitors to their use of cookies, according to a new study.

Cookies are small pieces of software that are installed on the user's computer to remember login details and other preferences relating to a particular website. Under the EU e-Privacy Directive, which came into force in May 2012, anyone running a website is required to get explicit opt-in consent from their visitors before deploying cookies on their machines.

In a survey of 231 websites by data privacy management firm TRUSTe, only 12% were found to have implemented prominent privacy notices with robust cookie controls. Meanwhile, 51% had minimal privacy notices with limited cookie controls, and 37% had taken no steps to comply with the Directive.

Of those websites surveyed, 56% had a "moderate to high level" of third-party cookies (more than 25 per site), but within this group only 17% had implemented robust compliance solutions combining prominent privacy notices and strong cookie controls.

"Based on our analysis it is clear that many companies have started to take the EU Cookie Directive seriously and devoted time and resources to implement a compliance solution that helps their users control the tracking activity on their site," said Chris Babel, CEO TRUSTe.

However, Babel added that some companies have yet to put a compliance solution in place, and may need help finding a solution that is appropriate to their business model.

Some of the best examples of robust compliance used approaches that made the implementations especially user-friendly, said TRUSTe.

Toyota, for example, made it very simple for users to control cookie settings and provided individual descriptions of cookie purposes (e.g. "Locate your dealer with Google Maps").

Similarly, Barclays' website displayed a clear privacy notice directing users to a page explaining the purpose of each cookie whilst giving the user readily accessible cookie preference controls.

The study found that some companies have worked hard to ensure that the messaging is applicable to their users and consistent with their brand. On the Aldo Shoes website, for example, customers who click on "Cookie Preferences" are asked if they are "Cool with cookies?"

The study shows a marked improvement since June, when research by business consultancy KPMG revealed that the EU cookie law deadline had largely been ignored by UK institutions, despite the risk of heavy fines of up to £500,000 for non-compliance.

Join the CSO newsletter!

Error: Please check your email address.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Sophie Curtis

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts