View more on these topics

Are your cookie processes ready for new European rules?

Marilyn Cole, founding partner of Space01, sets out how a new European directive on internet privacy will affect financial services firms in the UK

Cookies are small text files which are stored on an individual’s computer allowing websites to recognise a user from previous visits and deliver particular messages to them.

Cookies are used almost universally on the internet not just to target advertising and marketing but also to recognise past behaviour and then to channel a user to a particular section of a website. For example, if you are an IFA visiting a provider website, cookies left on your machine from previous visits are likely to route you to the intermediary part of the website rather than the consumer site.

Many internet firms say cookies help the smooth running of the internet on an anonymous basis but the EU has decided there is a substantial risk to individuals’ privacy.

The specific regulations are included in the EU directive, the Privacy and Electronic Communications Regulations 2003. These were updated in 2009, became law in the UK last May, and come into force on May 26 this year. The regulations will be policed by the Information Commissioner’s Office.

In general there will be two types of cookies – those deemed necessary to something the website user has asked to do and those deemed not strictly necessary, which will require a website to obtain consent from the user to use them.

Cookies used for security on bank accounts will be allowed but those used in analysing web traffic, for advertising or personalising websites to a particular visitor will require user consent.

For cookies deemed not strictly necessary, a website will have to tell people it wants to use cookies, explain what for and then obtain their consent to store the cookie on their device.

This is going to be a big headache for online advertising and certainly targeted online advertising because websites will be expected to ask users for permission for ads specifically targeted at them.

It could also have implications for advisers. First, IFAs’ client-facing sites may have incorporated cookies to direct those clients to a particular area of their website. Cookies may also be used where a website pulls in information from other sources, for example, a Twitter feed, a news feed or perhaps a graph of the latest stockmarket performance.

The regulations could also stymie some analytic software which monitors traffic to a website.

For bigger intermediaries which use extensive internet marketing, it could bring problems where they are buying targeted marketing and advertising.

It could disrupt IFAs using provider websites and is yet another cost for insurers, fund managers and lenders.

More generally, it could disrupt some comparison site links to providers, although IFAs may be a lot more relaxed about such disruption.

The price for not complying with these regulations can range from an enforcement notice to a fine of up to £500,000 but a breach has to have led to “substantial damage or distress” to attract a big fine.

As with all new regulations, the ICO itself is getting up to speed with the regulations. For example, the ICO’s messages on cookies used for analytics is a little confused, with it saying it may not prioritise this type of cookie for enforcement despite the fact they appear not to meet the “strictly necessary” definition.

Our opinion is that website owners can adopt several methods of complying with regulations for obtaining consent. For example, you could incorporate the cookie request into an initial registration form which is fine for those businesses that do not use cookies before this point.

You might use a pop-up window with a yes or no choice which has to be clicked before the user can proceed but this risks a high bounce rate of people leaving your website altogether.

Alternatively, you could use a warning banner with a request message, which does not have to be clicked but it is important to get the wording correct and to give the message enough prominence to meet the regulations.

When it comes to third-party content, both the website owner and the third party are responsible for obtaining permission or avoiding using cookies without consent.

Third-party content can include banner advertising systems, social media buttons, YouTube videos, analytics packages and some other embedded widgets. All these connections may have big implications for advisers and other financial firms, depending on how extensively they use them.

Those third parties may already be working on cookie-less services. YouTube has videos you can embed without cookies, for example, while some other content providers offer guidance but others are still working on their approaches.

In terms of what advisers and providers should do, we suggest they need to audit their websites and assess their marketing and advertising strategy for cookie use to check for compliance.

As part of this process, you will need to update your privacy policy if it is not compliant.

We understand that advisers are facing a host of regulations. The last thing adviser business owners want is another set of regulations. It is unlikely that advisers will be first in the firing line when the ICO comes to enforce its new rules but it would be prudent to make sure you do not fall foul of them any way, in particular if the web is an important part of your marketing and customer relationship management.

A full report on the new regulations, including examples of how you can ask consent for using cookies, can be downloaded from


Are tech stocks fit to burst?

Is Facebook’s startling $1bn purchase of two-year-old company Instagram proof that a technology bubble is about to pop? Joanne Ellul reports

Kestrel flies with global multi-asset

Boutique firm Kestrel Investment Partners has introduced a global multi-asset fund that will use a dynamic asset allocation tool that has been developed and fine-tuned for more than 20 years.

Is this the endgame for the current mergers & acquisitions boom?

Last year, worldwide mergers and acquisitions (M&A) rose to an unprecedented $4.7tn, according to Thomson Reuters, a 41 per cent increase over 2014. Anthony Forcione, senior equity analyst at Loomis Sayles, an affiliate of Natixis Global Asset Management, looks at what’s been driving this particular wave of mergers. Click here to view full article: Loomis-Sayles


News and expert analysis straight to your inbox

Sign up


There are 2 comments at the moment, we would love to hear your opinion too.

  1. What a load of rubbish, haven’t they anything better to do in Europe, are they bored or something?

  2. A very good piece! It’s true that the ICO will not come knocking on advisors’ doors on the morning of May 26th, but firms will still have to show they have a strategy in place and a roadmap for delivery. You can get news, debate and advice on approaches to compliance at

Leave a comment


Why register with Money Marketing ?

Providing trusted insight for professional advisers.  Since 1985 Money Marketing has helped promote and analyse the financial adviser community in the UK and continues to be the trusted industry brand for independent insight and advice.

News & analysis delivered directly to your inbox
Register today to receive our range of news alerts including daily and weekly briefings

Money Marketing Events
Be the first to hear about our industry leading conferences, awards, roundtables and more.

Research and insight
Take part in and see the results of Money Marketing's flagship investigations into industry trends.

Have your say
Only registered users can post comments. As the voice of the adviser community, our content generates robust debate. Sign up today and make your voice heard.

Register now

Having problems?

Contact us on +44 (0)20 7292 3712

Lines are open Monday to Friday 9:00am -5.00pm