Cookie Law ThumbnailLearn more about ICO and the Cookie Law

Well it’s the eve before the Information Commissioner’s Office (ICO) starts enforcing the new EU cookie law (e-Privacy Directive); the law which applies to how you use cookies and similar technologies for storing information on a user’s equipment such as a PC or mobile device.

But what sort of shape is the government in? How are they treating cookies and privacy concerns?

The ICO has had nearly one year to warn them to get in line with the new law.

So we decided to investigate…

We ran through Direct.gov.uk’s list of central government websites which include government departments, executive agencies and non-departmental public bodies… 122 sites in all.. Then we ran through all 122 to see how they conform according to the 3 main principals of setting cookies for being within the law:

  1. tell people that the cookies are there,
  2. explain what the cookies are doing, and
  3. obtain their consent to store a cookie on their device

Not all bodies are included as they may share the same domain or not distinct enough to warrant being its own site. You can view the full table of websites below.

Statistics we found…

11 Sites where it was impossible to find information regarding cookies or having a privacy policy at all.

2 Sites chose to use exactly the same method as ICO for not allowing any cookies to form (only allowing consent first).

4 Sites chose to use the ICO method but with session cookies being stored first.

6 Sites in total chose to obtain consent; visibly warning users about cookies. 4 of which were Scottish sites.

11 Sites mentioned cookies were being used when entering their homepage.

14 Sites that used cookies failed to mention their policy on cookies.

8 Sites do not set cookies when entering their site by their main/root domain.

47 Sites chose to display their policy via a link mentioning the word ‘cookies’. Of those only 1 site offered to turn off cookies via its own settings such as a cookie control panel (The Forestry Commission).

4 Sites were found to have misleading or incorrect information regarding their cookies.

  1. The Serious Fraud Office uses Google Analytics and states on their page “We do not use cookies for collecting information from the site.”
  2. The British Waterways states “Once the user closes their browser, the cookie terminates.” Which is true to a point, but their analytics uses persistent cookies.
  3. The Care Quality Commission (CQC) fails to signal any use of cookies from using their site but states “Please be aware that some systems on our website require the use of cookies, but we will always state if this is the case.”
  4. It might be picky but The Crown Estate site intends to use Analytics which uses persistent cookies but states, “Where we intend to use a cookie, explanatory text will be provided to tell you what the cookie does, and you will be given a specific opportunity to accept the cookie or refuse it.”

Below is the list we have compiled of central government websites taken from Direct.gov.uk such as government departments, executive agencies and non-departmental public bodies.

What the columns represent:

Cookies On Arrival All visits were based on visiting the root page of the website and whether cookies had been downloaded.
Tell Visitors Cookies Are There This is based on ICO’s principal of being clear about cookies. A popup or sentence would be deemed acceptable. A link saying Cookies is not acceptable.
Explain What Cookies Are Doing These are direct links from the home page to information on cookies. Some are recorded as 2 hops, say, from Privacy page to Cookies page.
Obtained Consent Did they obtain consent first before allowing cookies.
Cookie Types Types of cookies stored from first visiting the website.
Appropriate Info Page: The appropriate page for finding information about their privacy policy and cookies.
Note: Not all bodies listed by DirectGov are included as they may share the same domain or are not distinct enough to warrant being their own site.
Name Cookies On Arrival Tell Visitors Cookies Are There Explain What Cookies Are Doing Obtained Consent Cookie Types Appropriate Info Page
Information Commissioner’s Office (ICO) No Yes Yes Yes None Link
DirectGov Yes No (Direct link) Yes No Session/Persistent Link
Advisory, Conciliation and Arbitration Service (ACAS) Yes No Yes (via Privacy page) No Session/Persistent/Third Party Link
The Adjudicator’s Office Yes No No No Persistent Link
Association of Police Authorities (APA) Yes No Partial (Privacy Page) No Persistent Link
Attorney General’s Office (AGO) Yes No (Direct link) Yes No Session/Persistent Link
Audit Commission Yes No (Direct link) Yes No Session Link
Audit Scotland No Yes Yes No Persistent Link
Department for Business Innovation & Skills (BIS) Yes Yes Yes No Session/Persistent Link
Bona Vacantia Yes No (Direct link) Yes No Session/Persistent Link
Boundary Commission for England Yes No (Direct link) Yes No Session/Persistent Link
Boundary Commission for Northern Ireland Yes No No No Persistent x
Boundary Commission for Scotland Yes No No No Session x
Boundary Commission for Wales Yes No No No Session/Persistent x
BRB (Residuary) No n/a No n/a None x
British Monarchy Yes No Partial (via About this Site) No Session/Persistent/Third Party Link
British Waterways Yes No Partial (via Privacy page) No Session/Persistent Link
Office for Budget Responsibility Yes No No No Third Party x
Business Link Yes Yes Yes No Session Link
business.wales.gov.uk Yes No (Direct link) Yes No Session Link
Business Gateway Yes No (Direct link) Yes No Session Link
Cabinet Office Yes No Yes No Session/Persistent Link
Care Quality Commission (CQC) Yes No Partial (Privacy page) No Session/Persistent Link
Charity Commission Yes No Yes (Privacy page) No Session/Persistent Link
Civil Service Yes No (Direct link) Yes No Session/Persistent Link
Department for Communities and Local Government Yes No (Direct link) Yes No Session/Persistent Link
Companies House Yes No (Direct link) Yes No Persistent Link
Competition Appeal Tribunal Yes No (Direct link) Yes No Session/Persistent Link
Competition Commission Yes No Yes (via Privacy page) No Session/Persistent Link
The Crown Estate Yes No Yes (via Privacy page) No Session/Persistent Link
Crown Prosecution Service (CPS) Yes No (Direct link) Yes No Session/Persistent Link
Department for Culture, Media and Sport (DCMS) Yes No (Direct link) Yes No Session/Persistent Link
Department of Energy & Climate Change (DECC) Yes No (Direct link) Yes No Session/Persistent Link
Department for Environment, Food and Rural Affairs (DEFRA) Yes No (Direct link) Yes No Session/Persistent Link
Ministry of Defense (MoD) Yes No (Direct link) Yes No Session/Persistent Link
Department for Internation Development (DFID) Yes No (Direct link) Yes No Session/Persistent Link
Department of Finance and Personnel of NI (DFP) Yes No (Direct link) Yes No Session/Persistent Link
Department for Education Yes No Yes (via Legal information) No Session/Persistent Link
Department for Transport (DfT) Yes No (Direct link) Yes No Session/Persistent Link
Department of Health (DH) Yes No (Direct link) Yes No Session/Persistent Link
UK Debt Management Office (DMO) Yes No No No Session x
Driver and Vehicle Licensing Agency (DVLA) Yes No (Direct link) Yes No Session/Persistent Link
Department for Work & Pensions (DWP) Yes No Yes (via Privacy page) No Session/Persistent Link
The Electoral Commission Yes Yes Yes No Session/Persistent Link
The Environment Agency Yes No (Direct link) Yes No Session/Persistent Link
European Consumer Centre for Services (UK ECC) No Yes Yes Yes None Link
UK Export Finance (ECGD) Yes No Yes (via Privacy page) No Session/Persistent Link
Equality and Human Rights Commission (EHRC) Yes No No No Session/Persistent Link
Office of Fair Trading (OFT) Yes No (Direct link) Yes No Session/Persistent Link
Financial Ombudsman Service Yes No Yes (via Privacy page) No Session/Persistent Link
Financial Services Authority (FSA) Yes No Yes (via Privacy page) No Session/Persistent Link
Food Standards Agency Yes No (Direct link) Yes No Session/Persistent Link
Foreign and Commonwealth Office (FCO) Yes No (Direct link) Yes No Session/Persistent Link
http://www.forestry.gov.uk Yes No (Direct link) Yes No Session/Persistent Link
Gambling Commission Yes No (Direct link) Yes No Session/Persistent Link
Office of Gas and Electricity Markets (OFGEM) Yes No (Direct link) Yes No Session/Persistent Link
Government Actuaries Department (GAD) Yes No No No Session/Persistent Link
Government Communications Headquarters (GCHQ) No n/a Yes n/a None Link
GCN Yes No Yes (via Privacy page) No Session/Persistent Link
General Register Office for Scotland No Yes Yes Yes None Link
Health and Safety Executive (HSE) Yes No (Direct link) Yes No Session/Persistent Link
HM Inspectorate of Constabulary (HMIC) Yes No (Direct link) Yes No Session/Persistent Link
HM Revenue & Customs (HMRC) Yes No Yes (via Privacy page) No Persistent Link
HM Treasury Yes No Yes (via Privacy page) No Session/Persistent Link
Higher Education Funding Council for England (HEFCE) Yes No No No Session/Persistent x
Highways Agency Yes No Yes (via Terms & Conditions) No Session/Persistent Link
Homes and Communities Agency Yes No Yes (via Legal) No Session/Persistent Link
Home Office Yes No (Direct link) Yes No Session/Persistent Link
The Independent Case Examiner (ICE) No n/a n/a n/a None x
Independent Police Complaints Commission (IPPC) Yes No (Direct link) Yes No Session/Persistent Link
Intellectual Property Office (IPO) Yes No (Direct link) Yes No Session/Persistent Link
Department for Justice Yes No Yes (Privacy page) No Session/Persistent/Third Party Link
Land Registry Yes No Yes (Privacy page) No Session/Persistent Link
Legal Ombudsman Yes No Yes (Privacy page) No Session/Persistent Link
Legal Services Commission (LSC) Yes No Yes (Disclaimer) No Session/Persistent Link
Local Government Ombudsman Yes No Yes (Privacy page) No Session/Persistent Link
Greater London Authority (GLA) Yes No Yes (Privacy page) No Session/Persistent Link
Medicines and Healthcare Products Regulatory Agency (MHRA) Yes No Yes (Terms & Conditions) No Session/Persistent Link
MET Office Yes No (Direct link) Yes No Session/Persistent/Third Party Link
MI5 No n/a Yes No n/a Link
Money Advice Service Yes No Yes (Privacy page) No Session/Persistent Link
The National Archives Yes No (Direct link) Yes No Session/Persistent Link
National Assembly for Wales Yes No Yes (Privacy page) No Session/Persistent/Third Party Link
The National Health Service (NHS) Yes No Yes (Privacy page) No Session/Persistent Link
National Parks Yes No Yes (Terms & conditions page) No Persistent/Third Party Link
National Policing Improvement Agency (NPIA) Yes No Yes (Legal) No Session/Persistent Link
National Savings and Investments Yes No (Direct link) Yes No Session/Persistent Link
Natural England Yes No Yes (Privacy page) No Session/Persistent Link
Northern Ireland Assembly Yes No No No Session/Persistent x
Northern Ireland Office (NIO) Yes No Yes (Privacy page) No Session/Persistent Link
The Nuclear Decommissioning Authority (NDA) Yes No Yes (Privacy page) No Session/Third Party Link
10 Downing Street Yes No (Direct link) Yes No Session/Persistent Link
Ofcom (Office of Communications) Yes No (Direct link) Yes No Session/Persistent/Third Party Link
Ofsted (Office for Standards in Education) Yes No (Direct link) Yes No Session/Persistent Link
Office of Rail Regulation (ORR) Yes No (Direct link) Yes No Session/Persistent Link
Office of the Parliamentary and Health Service Ombudsman Yes No Yes (Site Info) No Session/Persistent/Third Party Link
Office of Qualifications and Examination Regulation Yes No (Direct link) Yes No Session/Persistent Link
Office for National Statistics Yes No Yes (Privacy page) No Persistent Link
Office of Water Services (OFWAT) Yes Yes Yes Yes Session Link
Public Services Ombudsman (Wales) Yes No Yes (Privacy page) No Session/Persistent Link
Ordnance Survey Yes Yes Yes No Session/Persistent Link
Pensions Ombudsman No n/a Yes n/a n/a Link
Parliament.uk Yes No (Direct link) Yes No Session/Persistent Link
Planning Portal Yes No Yes (Privacy page) No Session/Persistent Link
Prisons and Probation Ombudsman Yes No Yes (Terms & conditions page) No Session/Persistent Link
Government Procurement Service Yes No No No Session/Persistent Link
The Royal Mint Yes No (Direct link) Yes No Session/Persistent Link
Royal Parks Agency Yes No Yes (Disclaimer) No Session/Persistent Link
Scotland Office Yes Yes Yes Yes Session Link
Scottish Government Yes Yes Yes Yes Session Link
Serious Fraud Office (SFO) Yes No Yes (Privacy page) No Session/Persistent Link
Serious Organised Crime Agency (SOCA) Yes No Yes (Privacy page) No Session/Persistent Link
Stabilisation Unit Yes No Yes (Privacy page) No Session/Persistent Link
Transport Scotland Yes Yes Yes Yes Persistent Link
Treasury Solicitor’s Department (TSOL) Yes No (Direct link) Yes No Session/Persistent Link
UK Border Agency Yes No Partial (Privacy page) No Session/Persistent Link
UK Office of the European Parliament Yes No No No Session/Persistent x
UK Trade & Investment (UKTI) Yes No (Direct link) Yes No Session/Persistent Link
Universities and Colleges Admission Service (UCAS) Yes No (Direct link) Yes No Session/Persistent Link
Service Personnel and Veterans Agency Yes No (Direct link) Yes No Persistent Link
Wales Audit Office Yes No No No Session x
Wales Office Yes No No No Session/Persistent Link
Welsh Government Yes No Yes (Privacy page) No Session/Persistent Link

Conclusion…

If the sites listed do not change by tomorrow this means that 90% of those government sites will be breaking the law.

This is not a list to poke holes at privacy issues, but to show the confusion… what is the right method in being open/honest about cookies? And why is the UK government so lacklustre in this department.

Should there be a prompt about consent and cookie usage? According to The ICO and the law it does, but only 6 sites actually complied with this rule… And only 2 of those used the same method as The ICO by not allowing any cookies when first visiting their sites.

Hopefully we’ll see more sites changing in the coming days; not expecting any miracles though.