Cookies are small pieces of software that are installed on the user's computer to remember login details and other preferences relating to a particular website. Under the EU e-Privacy Directive, which came into force in May 2012, anyone running a website is required to get explicit opt-in consent from their visitors before deploying cookies on their machines.
In a survey of 231 websites by data privacy management firm TRUSTe, only 12% were found to have implemented prominent privacy notices with robust cookie controls. Meanwhile, 51% had minimal privacy notices with limited cookie controls, and 37% had taken no steps to comply with the Directive.
Of those websites surveyed, 56% had a "moderate to high level" of third-party cookies (more than 25 per site), but within this group only 17% had implemented robust compliance solutions combining prominent privacy notices and strong cookie controls.
"Based on our analysis it is clear that many companies have started to take the EU Cookie Directive seriously and devoted time and resources to implement a compliance solution that helps their users control the tracking activity on their site," said Chris Babel, CEO TRUSTe.
However, Babel added that some companies have yet to put a compliance solution in place, and may need help finding a solution that is appropriate to their business model.
Some of the best examples of robust compliance used approaches that made the implementations especially user-friendly, said TRUSTe.
Toyota, for example, made it very simple for users to control cookie settings and provided individual descriptions of cookie purposes (e.g. "Locate your dealer with Google Maps").
Similarly, Barclays' website displayed a clear privacy notice directing users to a page explaining the purpose of each cookie whilst giving the user readily accessible cookie preference controls.
The study found that some companies have worked hard to ensure that the messaging is applicable to their users and consistent with their brand. On the Aldo Shoes website, for example, customers who click on "Cookie Preferences" are asked if they are "Cool with cookies?"
The study shows a marked improvement since June, when research by business consultancy KPMG revealed that the EU cookie law deadline had largely been ignored by UK institutions, despite the risk of heavy fines of up to £500,000 for non-compliance.