Cookie policy, old EU directives, ICO and GDPR

Based on two European Directives, ICO had pushed websites to warn users when they use cookies and an explicit consent was needed. The deadline was 25 May 2011. After a lot of initial confusion and last minute ugly popups appearing on some websites, ICO in 2012 agreed for implicit consent in some cases and even asked the EU to rethink the cookie law. Suddenly many felt that a general statement saying “This website uses cookies. By visiting this website you consent to use of cookies” would be sufficient.

Come May 25 2018 (exactly 7 years) and we have a repeat of this panic. Again, experts have tried to interpret the GDPR ruling and have declared that cookies should be broken into absolutely necessary cookies, and the not so necessary ones. Session cookies are must, tracking cookies for social sites and web statistics not so much. Some organisations jumped on this to create a generic cookie controller like and These tools allow visitors to accept consent and only then will the snippet for services like Google Analytics be added. In the words of our director Jonny Hubner, “This may be the end of website statistics”, as obviously a lot of users won’t really bother to give consent and would rather close the box.

We appreciate the confusion this creates, and as with the previous cookie law, it will take some time to clear the confusion about the interpretation of GDPR. Meanwhile for our websites and on client’s websites on their request, we have implemented a cookie controller (and “poof” goes our web stats).