EU Cookie Law: Will it affect your WordPress site?

Written by Tom Greenwood - May 25, 2012

Tommorrow (26th May 2012), a new EU law will come into affect requiring that you cannot use cookies on your website without the express permission of the website visitor.  A cookie is a small file that the website saves onto the users computer to track and store data about their use of the site, and the EU has ruled that they infringe privacy law if the user does not first opt-in.

So will the cookie law affect your WordPress website?

Firtsly, we should state that this is an EU law and so only affects web pages in the EU and website visitors in the EU.  Whether or not it affects non-EU websites that have European traffic (thats probably most websites), you’ll need to ask a lawyer in your home country.

If we take the law literally, then a basic WordPress site will not infringe the cookie law.  However, there are a few additions that you may have made to your website that will mean that you are breaking the law:

  1. Analytics – chances are that you use Google Analytics or something similar to track visitors to your site, and these systems use cookies.
  2. Social media – Some social media buttons such as Facebook Like use cookies
  3. Themes and Plugins – You might be using a theme or plugin that has specific ‘personalised’ functionality built-in, and this may well be achieved using cookies

This video from the No Cookie Law petition site explains the problem:

Do I use cookies?

If you are not sure if your website uses cookies, you can use a tool like Cookie Cert to find out.

How do I comply?

The simple answer is that you’ll need to do one of two things:

  1. Remove the offending code from your website (e.g. Google Analytics or Facebook Like), Or
  2. Add a pop up or similar device that asks each visitor for permission to use cookies, before the website loads the cookies

This poses a couple of problems:

  • Removing features like Google Analytics could be really bad for your business
  • Requiring users to opt-in will annoy users, and chances are that not all users will say yes, which may render the functionality of the cookies useless.  For example, analytics is only useful if it tracks everyone.

The other BIG problem as shown in the video above is that the law is intended to stop big corporations like Google and Facebook from spying on users, yet the responsibility has been placed on individual website owners and NOT on the people who are actually doing the spying (ie Facebook and Google).

Real solutions to the EU cookie law

  1. If asking every user for permission is just not practical, then at least tell them that you use cookies as a sign of good will.  For example, we have a notice in our footer on every page, and it is in our website terms and conditions / privacy policy.
  2. If you can live with the inconvenience of asking users to opt-in, then you can use one of the following WordPress plugins to make compliance easy peasy

Cookillian Plugin

Cookillian is a very simple but effective plugin that adds a neat message above the header of your website when a visitor arrives.  It looks smart but is large and unmissable and might therefore spoil the look/first impression of you website, but it does get the users attention and encourage them to opt-in or out.  Cookies won’t be used on your site until the user opts in.

EU Cookie Law/EU Cookie Directive Compliance Plugin

Similar to Cookillian, but the plugin will also add your site to the CookieCert database as an EU Cookie Law compliant website.

Cookie Control

A more discreet plugin to request user opt-in.  It’s great that it is less obtrusive than others, but consequently you’ll probably get less people opting in.

Other Plugins

In addition to those listed above, there are a number of other plugins to help compliance with the EU Cookie Law, and in all cases you may still want to ask your web developer to check that the plugin is working to disable/enable all cookies correctly.


There is no right answer to this new law, because full compliance will very likely damage your business AND inconvenience or annoy the webiste visitors that you are supposed to be protecting.  You therefore need to decide where you think a healthy balance lies between the needs of your website users, your business and the amount of risk you are prepared to take.  We are not lawyers so if you are really worried, go and talk to a legal expert.