Development Usability Website

Cookie Law: who has the best recipe?

Ladies who crunch - CC0 -

To general relief (and for some – deep frustration at wasted effort) the ICO softened their Cookie Law guidance last week around implied consent. Whether our fairly straight-forward approach on is enough we’ll have to wait and see…

Becoming a cookie cutter
After an Attacat Cookie Audit we stripped out our more intrusive cookies*.

We implemented reduced/no-cookie options for our embedded YouTube videos and addthis widget. There didn’t seem to be anything similar for Disqus so it had to go.

For us losing Disqus wasn’t a great loss with nearly all of our discussion happening off site. I can imagine other website owners couldn’t be so cheerfully ruthless though, and it seems surprising Disqus haven’t made things easier for them.

Consistent cookie information
We then added details of our cookies to the privacy page. Being big fans of sharing – much of our cookie guidance was adapted from the (fairly wonderful) They’d shared this under the Open Government License.

Earlier our very own digital sage, Brian Kelly, suggested the sector could adopt consistent wording for cookie guidance. With its friendly, accessible style, and neutral origin, perhaps the text would be a good starting point?

Raised awareness & implied consent
With intrusive third-party cookies dealt with we felt confident in raising visitor awareness and then assuming consent.

A message was added to the top of each page informing visitors we use cookies and directing them to more information. This would continue to reappear until cancelled – a similar approach to The Guardian:

The Guardian - Cookie message

The BBC went for a more noticeable message, but that only appears once:

BBC - Cookie message

John Lewis opted for a very tasteful ‘Privacy & cookies’ link on their header navigation:

John Lewis - Cookie message

Best practice?
Though the John Lewis link is discrete its permanence in such an important spot seems a shame. It may be well meaning but the link isn’t there because their visitors wanted it there – it’s statutory clutter.

Personally the BBC approach is most appealing to me. A genuinely eye-catching message to inform the visitor about cookies, which gets out of the way when they decide to ignore it. We might want visitors to care about cookies but if they aren’t interested the message should get out of their way.

Whether any of these approaches go far enough in the eyes of the ICO we’ll have to wait and see. It may well be that more intrusive third party cookies will require much more than implied consent. With the work on our new site coming along we’ll certainly be watching very carefully.

*We found addthis, embedded YouTube videos, and Disqus comments all dropped persistent cookies as users moved through our site, regardless of whether they interacted with the plug-ins. This sort of unexpected third-party tracking leaves a slightly bad taste in the mouth (take note twitter), and vindicates this renewed focus on cookies and privacy – however clumsily it may have been pursued.

By the way – I’m Rich, the other half of the web team. Ben and I are currently working with cxpartners on the development of a new IA, and site for JISC – more about which soon.

By Richard West

Digital content and user experience manager in Jisc's group web team.


2 replies on “Cookie Law: who has the best recipe?”

Hi Rich – useful to see how others are handling this . It was only when I was looking at the cookies collected on my personal blog that I noticed what Twitter were up to [tisk].

I wonder if the webteams from earlier adopters will be revisiting their solutions. Here’s a graph of what happened on the ICO’s own site when they initially went for cookie opt-in It shows a huge drop-off in visits to their site they were able to track via Google Analytics (I’m sure data from their server logs would have shown an actual increase).


Thanks – what a incredible image!

Can’t imagine this is unusual – guess most (all?) opt-in adopters will be switching to something less extreme as soon as possible. I do feel for them.

If they’re publicly funded I think they could even argue they have a duty to switch back. Reliable analytics play such a critical part in offering the right information and avoiding wasted time (and money).

Leave a Reply

Your email address will not be published. Required fields are marked *