Is Anybody Compliant With the EU Cookie Law Yet?

The pending deadline date for compliance with the now infamous EU Cookie Law has left many website owners in a state of confusion. Serious lack of official direction and implementation advice has already, even at this early stage, created a myriad of bewildered site owners wondering what to do and how do it. For all the fever surrounding the topic most of the questions people are asking are basically:

- What is the EU Cookie Law
- Do I need to comply?
- How do I comply?
- Who has complied so far?
- How is the EU going to locate compliant and non-compliant sites?
- What is actually going to happen if I don't comply?

Much has been said already about the first 3 of these questions and there is plenty available online to digest. For the interested reader (or anybody new to the law) there are some good links at the end of this article that address those questions.

Our concern in this article is to consider the last 3 questions.

So, who has complied so far? This is one of the most asked questions at this point, and is naturally being asked more and more as the official deadline approaches. There are two main reasons people are concerned with this. The first is because with the lack of official clarity about how to comply people are looking to other sites (preferably large high-profile ones) to show how they are complying and then copy that same process on their own site. After all, very few sites are armed with lawyers and deep programming resources so they will look toward the leaders and early implementers to show then the way to satisfactory compliance standards.

The second reason people want to know who has complied is because many experts have speculated in other articles that the EU is [link]most likely to go after higher profile sites after the deadline. Therefore there is an unspoken expectation that larger traffic sites are going to implement compliance sooner rather than later because they are most immediate risk, and that until they do the medium and smaller sites probably have less to worry about. Whilst this is not necessarily true it is the case that often lawmakers will go after larger corporations at first to make an example and encourage others to fall in line quickly for fear of suffering the same fate.

Given these facts one would probably expect that the top tier sites in the various EU countries are already well on their way to compliance by now. One would expect...

Interested in discovering more about this over at CookieCert we developed an automated cookie auditing system and took a list of the top 1 million trafficked Alexa sites. We have been progressively auditing sites round the clock and have built up quite an interesting cookie database. The database can identify all the different types of cookies being placed (standard, HTML5, Flash, session and permanent) and, since the audit process does not provide cookie consent, it can primitively give an indication as to whether the site is EU Cookie Law compliant.

Based on this data we have assembled a complete list of all sites and their compliance status, along with the ability to filter the list for different EU countries. Through our search one can find the compliance status and list of cookies for any site. Taking the UK top 25 sites here is the compliance status list so far:


google.co.uk - Not Fully Compliant
bbc.co.uk - Not Fully Compliant
ebay.co.uk - Not Fully Compliant
amazon.co.uk - Not Fully Compliant
dailymail.co.uk - Not Fully Compliant
guardian.co.uk - Not Fully Compliant
telegraph.co.uk - Not Fully Compliant
thesun.co.uk - Not Fully Compliant
hsbc.co.uk - Not Fully Compliant
rightmove.co.uk - Not Fully Compliant
barclays.co.uk - Not Fully Compliant
argos.co.uk - Not Fully Compliant
independent.co.uk - Not Fully Compliant
national-lottery.co.uk - Not Fully Compliant
barefruit.co.uk - Not Fully Compliant
lloydstsb.co.uk - Not Fully Compliant
tripadvisor.co.uk - Not Fully Compliant
autotrader.co.uk - Not Fully Compliant
digitalspy.co.uk - Not Fully Compliant
groupon.co.uk - Not Fully Compliant
santander.co.uk - Not Fully Compliant
orange.co.uk - Not Fully Compliant
mirror.co.uk - Not Fully Compliant
theregister.co.uk - Not Fully Compliant
next.co.uk - Not Fully Compliant

As you can see not a single one of them is EU Compliant according to our process! Why not? Well, they all created permanent cookies, some of them third party cookies, and did not ask for consent. Our robot also does not agree to any terms of service so of there was consent requested there then the robot did not give it. Now, This doesn't mean that these large site will not comply before the approaching deadline, but it does paint a fairly grim picture of the current state of things. If the top 25 sites are not yet there, what about the top 50, or 100, or 1000? Looking at the data it turns out that not a single site in the top 150 is compliant. In the end out of the total 17,904 audited UK sites in our database so far only 53 are compliant. That is a very low statistic: 0.3%!

What does all this mean? Well, first it means that if you are not compliant yet then it would seem you are in good company. If the previously stated premise that the lawmakers will go after larger sites before smaller ones is true then there is clearly going to be some time until they work their way down the list. On the down side, there is no large commercial site to look toward for answers about how to implement and get compliant.

The facts are not very comforting for anybody trying to make sense out of the cookie law. All they do is highlight the current confusion and leave us with more new questions than answers. The most interesting thing we have to ask is whether these larger sites are going actually implement compliance at all? Are they all waiting for somebody else to make a move, or are they just going to play a waiting game with legislators? This brings us to our other earlier question: what are the law makers going to do when the deadline passes if 99% of the top 1000 EU sites have all not bothered to comply with their law?

Whatever the answer to these questions one thing is for sure: the future days are going to be interesting to watch how the law is (or is not) implemented, and what the EU is going to do about it for those who do not comply.

To keep track of site cookies and compliance status bookmark our cookie compliance list.



Some good resources for information on the cookie law:
Guide to the Law