This site uses cookies to provide you with a more responsive and personalised service. By using this site you agree to our use of cookies. Please read our cookie notice for more information on the cookies we use and how to delete or block them.

Bookmark Email Print page

Deloitte comments on EU e-Privacy Directive

25 March 2012

Peter Gooch, privacy director at Deloitte, said:

“In May 2011 Brussels introduced amendments to the 2003 EU e-Privacy Directive requiring websites to gain user consent for the use of tracking technologies, the most common of which are ‘cookies’.  The guidance issued on the updated rules encourages companies to be more open about what these cookies are and how they might be used.  In the UK, the Information Commissioner’s Office’s (ICO) gave companies a year-long grace period to implement these changes, which comes to an end on 26 May 2012.  

“A number of grey areas remain, for example, a website might sell some of its space for marketing, which is auctioned in real time to advertisers, making it near-impossible to show users immediately which cookies are going to be used.  The questions over where responsibility lies in this situation also require further clarification."

“What is clear is that doing nothing is not an option.  While the ICO has issued some guidance on recommended approaches, both the requirement for opt-in consent (for instance a pop-up requesting consent) and potential situations where implied consent (for instance where a user closes that pop-up without choosing ‘yes’ or ‘no’) may be suitable are still in debate.  However, where companies are taking practical steps to identify and categorise the cookies they use and put in place plans for compliance, they may be less likely  to be pursued by the regulator, at least in the near term.   Where the ICO may take action is if they receive repeated complaints about a certain company, or if a company has been found to have a disregard for the law, for example through misleading individuals on the use of cookies.

“A number of organisations are developing their own solutions – some are using this as a way to demonstrate transparency with their customers in an attempt to gain a competitive advantage through building confidence and trust with consumers.  Others may see taking a lead in this area as a more risky strategy, as a rushed or sub-standard solution may actually have the opposite effect. After 26 May it will be interesting to see whether different approaches start to converge, what further guidance is issued and how browsers will become part of the solution – or not.

“The law has been introduced to give consumers greater transparency and control over their own data, which is a good thing. The reality is that many consumers may not even know how cookies are used, so providing the information in a way that will not confuse or scare consumers is vital if this is to achieve its goal and not, as some extreme views have hinted, break the internet.”


Note to editors:

About Deloitte
In this press release references to Deloitte are references to Deloitte LLP, which is among the country's leading professional services firms.

Deloitte LLP is the United Kingdom member firm of Deloitte Touche Tohmatsu Limited (“DTTL”), a UK private company limited by guarantee, whose member firms are legally separate and independent entities. Please see for a detailed description of the legal structure of DTTL and its member firms.

The information contained in this press release is correct at the time of going to press.

Member of Deloitte Touche Tohmatsu Limited.

Last Updated: 

Media contacts

Ben Jun-Tai
Deloitte LLP
Job Title:
020 7303 6989

Share this page

Email this Send to LinkedIn Send to Facebook Tweet this More sharing options

Get in touch

More on Deloitte