EU Cookie Law now states that any website that stores information within a user’s web browser or anywhere on their device must gain specific consent on the use of cookies via a pop up or header bar with an opt-out option as soon as a customer visits the website. Failure to do so could result in penalties and fines which have reportedly started happening in Spain.

The EU Cookie Law includes Cookies and all such technologies that involve pushing files to a user’s computer, phone or tablet.

When a customer visits a website, cookies make it possible for the website owner to track you browsing habits, see what products you view and allow online stores to keep track of those items being added to our shopping carts. It helps the website owner to gather analytics on you. This is why if you’ve been searching for a product on one website, you may suddenly see ads for the same product on another website. Although this can be useful if you are specifically looking for the best price for a particular product, the EU had determined that internet users have the right to understand what and how cookies are being used by the websites they visit and the ability to opt-out of those cookies when desired.

The EU Cookie Legislation requires 4 actions from website owners who use cookies.

1. When someone visits your website, you must let them know that your site uses cookies.
2. You need to provide detailed information about how that cookie data will be utilised.
3. Visitors must have a means of accepting or refusing the use of cookies in your site.
4. If they refuse, you need to ensure that cookies are not placed on their device.

Cookies that do not come under the “strictly necessary” definition – see below – need consent before you can store it on a visitor’s device.

Which Cookies Do Not Need Consent?

1. Those that are deemed “strictly necessary”.
If you add items to your shopping cart and go to check out, Cookies ensure they are still there at check-out. Providing customers with tailored product suggestions is deemed not ‘strictly necessary’ and you would need consent for these.
2. Cookies that provide security features i.e. online banking sites.

To summarise, any technology that stores information within a user’s web browser or anywhere on their device must be disclosed and receive approval.

How to let customers know

A pop up, header bar or such technology to let users know that cookies are being used with an opt-out option. If users ignore the warning, you can generally assume consent. If you have included the information in your current T&Cs, customers still have to gain specific consent on the use of cookies. You need to provide detailed information regarding the types of Cookies used which can be either in a Cookies disclosure page, Cookie Policy or part of your site’s T & Cs specifically outlining any third-party cookies. If a User opts out and doesn’t want to accept your cookies, they can leave your site or update their browser settings.

If you are a client of, please contact us, if we haven’t corresponded with you already, to determine whether your website requires a pop up.