Last week a writer asked me to offer up a quick paragraph to help her continental readers understand how to make their web sites compliant with the EU cookie law. I had to politely decline: not because I was not up to the task, but because I would not have been able to write one paragraph. I would have had to write thirty.
One of the biggest misconceptions about the EU Cookie Law is that it is just that, a law. The EU devolved the law to its member states to interpret within the legal guidelines as they saw fit. This means that there is not actually one EU Cookie Law. There are thirty of them. These thirty interpretations range from laissez-faire to paranoid. Some countries demand banners, disclaimers, and active opt-ins, while others allow the visitor’s browser settings to suffice.
The law your site needs to comply with depends on what country the site is based in, not necessarily where it is hosted. A site based in the UK would have to comply with the UK’s cookie law, even if it was hosted in France. Likewise, if I managed a site from the UK for a French company which served a French audience, it would have to comply with the French cookie law.
You are not expected to create thirty different versions of your site for thirty countries. If your site is based in Greece and complies with the Greek law, and a visitor views the site from Spain, you do not have to reprogram the site to deliver the Spanish version of the cookie law.
And if your site is outside the EU, you don’t have to do a thing to bring your site into compliance. It’s not your country’s law, and it’s not your web site headache.
That’s why any solution offering to “bring your site into compliance with EU law” is a ripoff. If the solution is not country-specific, you’re not compliant.
So how do you find out what you have to do?
If you have iOS, download the free CookieApp.
If you do not have iOS, here is a table of implementations created by a law firm (.pdf, 300kb).