30 ways to comply with the EU Cookie Law

Last week a writer asked me to offer up a quick paragraph to help her continental readers understand how to make their web sites compliant with the EU cookie law. I had to politely decline: not because I was not up to the task, but because I would not have been able to write one paragraph. I would have had to write thirty.

One of the biggest misconceptions about the EU Cookie Law is that it is just that, a law. The EU devolved the law to its member states to interpret within the legal guidelines as they saw fit. This means that there is not actually one EU Cookie Law. There are thirty of them. These thirty interpretations range from laissez-faire to paranoid. Some countries demand banners, disclaimers, and active opt-ins, while others allow the visitor’s browser settings to suffice.

The law your site needs to comply with depends on what country the site is based in, not necessarily where it is hosted. A site based in the UK would have to comply with the UK’s cookie law, even if it was hosted in France. Likewise, if I managed a site from the UK for a French company which served a French audience, it would have to comply with the French cookie law.

You are not expected to create thirty different versions of your site for thirty countries. If your site is based in Greece and complies with the Greek law, and a visitor views the site from Spain, you do not have to reprogram the site to deliver the Spanish version of the cookie law.

And if your site is outside the EU, you don’t have to do a thing to bring your site into compliance. It’s not your country’s law, and it’s not your web site headache.

That’s why any solution offering to “bring your site into compliance with EU law” is a ripoff. If the solution is not country-specific, you’re not compliant.

So how do you find out what you have to do?

If you have iOS, download the free CookieApp.

If you do not have iOS, here is a table of implementations created by a law firm (.pdf, 300kb).

3 thoughts on “30 ways to comply with the EU Cookie Law

  1. “A site based in the UK would have to comply with the UK’s cookie law, even if it was hosted in France. ”

    I’m not 100% sure what is meant here. Does it mean that the relevant country is the country where the owner of the site lives and neither the country where it is hosted nor the country where the visitor comes from ? Or is the nationality of the owner relevant here ?

    As a Frenchman living in Germany and hosting in Germany with visitors mainly from the US and India, it’s kind of difficult to understand what are the implications…

    • Hi Henri,

      It’s such a headache. The country of residence of the site’s owner is not relevant, nor is the nationality of the owner. The country whose law must apply is the country where the web site is based. For you, it would be Germany.

      That means of course that your site visitors from outwith the EU have to see any of the site’s cookie consent popups, dropdowns, und so weiter, even though those consent mechanisms don’t apply to them and they do not have to use them.

      Hope that helps.

Comments are closed.