Coping with the New Cookie Law

TAGs: Cookie Law, David Evans, ICO, Tom Grant

new-cookie-law-cookie-monsterAlmost a week into new cookie law life and notice about the law has finally been taken by most. However, that has failed to change the fact that many UK sites still don’t comply.

Having said that, during a week of exploring the iGaming world this week there are signs that those in the industry are implementing the changes required. On the whole those who have taken action already tend to be the larger organisations but there have been a few surprises with smaller sites doing their bit.

Interestingly we’ve already seen a few different approaches to gaining permission for cookies to be used. Some have used a pop-up which asks for permission and should permission be declined then the site won’t load. Others have added a floating footer which asks for permission and provides options to allow cookie dropping or to read more about the issue.

The largest question facing most website operators is what second option to provide users with. Should you block users for not allowing the use of cookies? Or not even give them the option to opt out? Or make the pop-up or question so unobtrusive that they don’t even need to answer it in order to navigate the site?

But perhaps sites don’t even need to be making those decisions yet. It certainly appears as if time is on side when it comes to making changes.

Tom Grant is a senior associate at gambling and leisure industry law firm Harris Hagan having previously worked in-house for Rank.

He explains: “At the very least, the Information Commissioner’s Office wants to see that websites are taking positive steps towards addressing compliance rather than burying their hand in the sand.”

“The ICO’s initial recommendation is that website owners should carry out an audit to identify the cookies operating on or through their website and confirm their purposes such as how privacy-intrusive they are.”

Focus on Affiliates

For companies working in the online gambling sector, the issue of cookies is particularly important. Many of the best features available to users require cookies as does any of the personalisation that we’re being told is so crucial to users.

But those who rely most on cookies are the affiliates. Not only do they use these cookies but also rely on them in order to earn money. While specific links are the main way in which affiliates send on their traffic in the iGaming world, those further afield drop cookies to effectively place a tag on their users.

One of the largest affiliate networks in the world, Commission Junction, for example, allow their publishers (affiliates) a referral period in which a cookie will stay for. Should a user who has this cookie purchase goods within the referral period then the affiliate is able to keep their commission.

While users may agree to allow cookies in order to enhance their website experience, they’re likely to be less inclined to do the same in order to line the pockets of affiliates. Unfortunately though, no exceptions will be made for those who rely on cookies to succeed.

Those hoping to fly under the radar due to their relatively small size are also bang out of luck as Grant explains that the ICO are unlikely to differentiate between the size of organisations that they will pressure.

He explains: “It remains to be seen whether the Commissioner will make any distinction in enforcement between more prominent websites and smaller operations.

“It is likely that enforcement will follow complaints made to the Commissioner so anyone is vulnerable to enforcement.”


When it comes to punishment for not complying with the new laws that are in place it still appears as if it’s unlikely that any serious action will be taken against organisations.

The most severe penalties which can be enforced under the new laws are monetary but as David Evans, group manager at the ICO explained, it will be difficult for these to come to fruition.

In an interview discussing the new laws Evans said: “It is important to know that monetary penalties can only be issued by this office in cases where there’s been a serious breach that’s likely to cause substantial damage to people, and where there is a will full element of non-compliance.”

“Now it is difficult to imagine that non-compliance with the cookies rules is ever going to trigger a situation in which we would be able to issue a monetary penalty. That’s really quite difficult, it’s at the extreme end of non-compliance if you like.”

However, Grant suspects that the ICO may be slightly stricter than the comments above suggest, particularly when it comes to enforcing compliance.

He says: “I would expect the Commissioner to take any willful breaches vey seriously. In his recent report, the Commissioner stated that those who were not making any effort to comply with the guidance  should  ‘be assured that if we get complaints or have concerns then we will be checking your site and we will take the necessary steps to ensure that you do work towards compliance’”.

So while iGaming companies can be fairly confident that their wallets are safe, they would be best advised to comply with the latest cookie laws. Or to at least look like they’re trying to.


views and opinions expressed are those of the author and do not necessarily reflect those of