Are the cookie laws crumbling already?
They haven't even been enforced yet, but the cookie laws are looking a tad frail already, argues Tom Brewster.


Who's afraid of the big bad commissioner? In the cookie space, apparently no one. There is little to be afraid of just yet, hence why so few are bowing before the EU regulation.
Cookie monsters
Yet companies are not happy with the regulation. There is strong opposition facing the laws and the lack of clarity around them. On the latter point, the ICO has issued guidance for businesses, but there are so many 'mights' and 'maybes' in its advice it makes for ultimately unsatisfactory reading. The only real rule UK firms can go by is that users must show, in a "positive" way, that they agree to have cookies installed on their machines.
For website owners, the lack of definitive guidance is just a minor issue. The real beef is with the law itself.
But for website owners, the lack of definitive guidance is just a minor issue. The real beef is with the law itself. It only means more red tape for them to grapple with. For those companies who chuck a large number of cookies on users' systems, they will have to figure out how and where to get consent without ruining the experience on their sites. This takes time and money, something very few have plenty of or are willing to squander.
A Socitm report from earlier this year showed how massive the task facing UK organisations was. In an audit of 603 public sector websites, on average each site had 32 cookies. One had 1,346, just six had none. This would indicate almost all companies online (nearly all businesses then..), according to the law, will need to invest in compliance.
At a time when the UK is staring a second recession straight in the face, the cookie law represents another big bother for companies, one they could sorely do without.
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
A nightmare before Christmas?
On the one hand, there is little deterrent for companies. They won't be hunted down and they won't even have to make immediate changes to their websites if they're caught out. Furthermore, there is little evidence consumers actually care about cookies or that complaints will be made. The maximum 500,000 fines won't bother the big boys much either.
On the other, cookie laws are simply anathema to businesses and their web plans. Companies will continue to oppose the regulations and some will look elsewhere if they feel compliance is getting too much on these shores. That's more bad news for Britain.
With so many problems facing the EU-driven legislation already, and little apparent citizen support of it, it would come as no surprise if the cookie law crumbled before it even makes a mark on the UK.
Tom Brewster is currently an associate editor at Forbes and an award-winning journalist who covers cyber security, surveillance, and privacy. Starting his career at ITPro as a staff writer and working up to a senior staff writer role, Tom has been covering the tech industry for more than ten years and is considered one of the leading journalists in his specialism.
He is a proud alum of the University of Sheffield where he secured an undergraduate degree in English Literature before undertaking a certification from General Assembly in web development.
-
Kaseya targets IT efficiency with new AI-powered tools
The cyber security firm unveiled its new Kaseya 365 Ops and Kaseya SIEM offerings at its Connect 2025 event in Las Vegas
-
AWS to give AI skills to 100,000 people in the UK by 2030
Cloud giant wants to inspire the next Charles Babbage and Ada Lovelace with an AI-training initiative that pulls government, business, and education together
-
AI recruitment tools are still a privacy nightmare – here's how the ICO plans to crack down on misuse
News The ICO has issued guidance for recruiters and AI developers after finding that many are mishandling data
-
“You must do better”: Information Commissioner John Edwards calls on firms to beef up support for data breach victims
News Companies need to treat victims with swift, practical action, according to the ICO
-
LinkedIn backtracks on AI training rules after user backlash
News UK-based LinkedIn users will now get the same protections as those elsewhere in Europe
-
UK's data protection watchdog deepens cooperation with National Crime Agency
News The two bodies want to improve the support given to organizations experiencing cyber attacks and ransomware recovery
-
ICO slams Electoral Commission over security failures
News The Electoral Commission has been reprimanded for poor security practices, including a failure to install security updates and weak password policies
-
Disgruntled ex-employees are using ‘weaponized’ data subject access requests to pester firms
News Some disgruntled staff are using DSARs as a means to pressure former employers into a financial settlement
-
ICO reprimands Coventry school over repeated data protection failures
News The ICO said the academy trust failed to follow previous guidance, which caused a serious data breach
-
ICO dishes out fine to HelloFresh for marketing spam campaign
News HelloFresh failed to offer proper opt-outs, the ICO said, and customers weren’t warned their data would be used for months after they cancelled