Compliance with the EU Cookies Directive by London's legal titans: how the top 20 firms comply

The EU Cookie Directive and national implementing legislation require that website operators that store cookies (small program files that store and send data from a user's computer or device to operators of sites that install such cookies on the user's hard drive) disclose information regarding the use and purpose of such cookies, and secure the user's consent to their use. European data protection authorities in France and elsewhere are conducting "cookie sweeps" this week to enforce the directive, so I thought now would be a good time to investigate how the top 20 (measured by revenue) London-based law firms are complying with this directive as implemented in the UK. The results of this investigation are somewhat surprising.

Use of Banners vs. Separate Links

Of the twenty firms I investigated, only half have implemented a separate banner that appears prominently upon first loading of the firm's website landing page, which most often consists of a narrow but quite conspicuous band of space floating at the top or bottom of the landing page that describes the use of cookies, states that continued use of the site is implied consent to the use of cookies, and links to a separate cookies policy. However, among those firms that eschewed such banners, eight, or the vast majority of this group, have at least created a separate and conspicuous link to a cookies policy either in the footer or header of firm website pages.

Only two out of the twenty London firms have made no effort to separately reference cookies in their home pages. They simply reference the use of cookies in their privacy policies.

Exhaustive Listing of Cookies

A clear majority of the London firms surveyed, or fourteen, present what purports to be an exhaustive list of the actual cookies in use.

User Option to Disable

Only two firms have implemented a mechanism permitting the user to permanently disable the use of cookies from the firms' sites.

If any conclusions can be drawn from this, a consensus has emerged in favor of some separate reference to cookies on law firm website landing pages. Slightly more firms than not have made this reference via conspicuous banners, and the rest have simply established a separate cookies link. A consensus in favor of presenting an actual list and description of utilized cookies also seems likely.

IMO it should be sufficient to simply provide a separate cookies link on the landing page, one that takes the user to the cookies section of the privacy policy. I also believe that sites should attempt to provide an exhaustive list of cookies in use.

I've posted a sample of a condensed version of cookie policy text intended to be dropped into a privacy policy - redlines are of course welcome, esp. from our data and privacy experts. I'd be interested to learn how other Redline members are counseling their clients with respect to cookies-related compliance. 




[excerpted from]  |  lawyers with mojo

notices    log in

© 2006, 2019 Sean Hogle PC. All rights reserved. These pages constitute ATTORNEY ADVERTISEMENT.