The EU Cookie Law Is FAILING

Over a year later and the EU cookie law has done nothing to improve the privacy of consumers. In this short article I look at one example of cookie abuse and their compliance with the EU cookie law.

John Lewis and The EU Cookie Law Sham

I’m against the EU cookie law. I think it’s a waste of time, it’s in the wrong place, it’s been implemented without consulting experts in the industry and it’s going to cost an insane amount of money to implement. That said, if the EU really want to go after cookie abusers then there are a few companies they’d do well to legislate against. John Lewis is a fantastic example of a website that abuses third party cookies.


In a vanilla web browser, try going to the John Lewis website, and then check out – say –, just take a look at the adverts on that page. I tried this by looking at a table in the garden furniture section of their website. Pretty much every website with adverts I went to after tried to sell me garden furniture from John Lewis.

Cookie Law Compliance

John Lewis’ attempt at EU Cookie Law compliance is to bring up a message on the first visit at the top of the page that simply says “Our website uses cookies so that you can place orders and we can provide a better service. Continue to use the site as normal if you’re happy with this, or find out how to manage cookies”.

Theoretically they’re just about compliant, but by this point they’ve already set 62 cookies from across 19 different domains. Their message makes no mention of what they use the cookies for. If you dig down into their cookie policy they do have a structured breakdown of what each cookie is for, but in vague language. I can’t be too critical though, after all the average person isn’t going to understand what a state cookie is used for.

Third Party Cookies and The EU Cookie Law

In my opinion it is the websites such as John Lewis that should be being made to disclose more information on their usage of cookies. Nobody really cares about the cookies on the John Lewis domain, it’s the cookies on the other 18 domains that worry me. If they had to obtain consent to set these cookies then the law might actually be of some use, even if it is still annoying.

It’s Not Just John Lewis

I’ve singled John Lewis out, but they’re by no means the only website doing this. The mechanism by which your browsing habits are used to tailor adverts to you on other websites is through companies such as Criteo, Affiliate Window, Google DoubleClick, YieldManager, etc. These are the companies – if anyone – that need to be cracked down on by the law, to make it easier for customers to avoid being tracked everywhere they go.

About Matt Lowe

Matt Lowe is a WordPress web designer / developer based in Newbury, Berkshire. After 8 years of doing the nine-to-five for other companies and watching them make the same mistakes over and over he set out in business on his own, forming Squelch Design to help businesses get online and make money.

4 comments on “The EU Cookie Law Is FAILING

  1. Did that not happen because the sites you went on had Google adsense ads and it was actually google cookies measuring your previous searches and history?

    • The article isn’t about how to comply. The article is about how the EU Cookie Law fails to address the real issues; As I point out in the article a website can comply with the law whilst still abusing the use of cookies, so what’s the point in compliance? The law doesn’t work and it’s very easy to see that it doesn’t work.

      Imagine you’re going into a shop but, before you can get in, a bouncer stops you and explains the shop’s policy on data protection. They finish by explaining that by entering the shop it’s assumed you’re giving your consent to that shop using your data however they like. Now imagine it’s like that at EVERY SINGLE SHOP you visit. It’s going to make a trip down the high-street a pain in the back side, but thanks to the EU Cookie Law that’s the exact situation we are in now in Europe.

      What’s worse is the decent shops who respect your privacy are also being forced to have a bouncer, even though they’d never dream of abusing your personal data. Meanwhile the evil shops that do abuse your data appear to be just the same as the decent shops: How are you to know that shop X is going to abuse your data while shop Y won’t? Both shops have a bouncer, so they must be the same right? How does having an annoying bouncer interrupting your shopping experience in any way help the situation? It doesn’t. It’s cruft and it generates FUD.

      Your link is effectively a link to a site that provides a bouncer, a place where I can get a bouncer for my shop. It might aim to be as unintrusive as a bouncer can be: The bouncer might be well dressed, unintimidating and polite, but they’re still an ineffective solution to a perceived problem that gets in the way of your shopping.

Leave a Reply

Your email address will not be published. Required fields are marked *