UK websites place more cookies but give more information than any other country surveyed
A cookie is a small file of letters and numbers that is stored on a device when it is used to visit a website. Cookies are used by many websites and can do a number of things, eg remembering your preferences, recording what you have put in your shopping basket, and counting the number of people looking at a website. Some cookies, known as third party cookies, can also be used to record information based on how the user is interacting with other websites.
The study involved an automated and manual examination of 478 websites by eight privacy regulators from the European Article 29 Working Party and other national regulators who have responsibility for enforcing the rules on cookies.
The key findings from the research are:
- The websites surveyed set a total of 16,555 cookies.
- The average website placed 34 cookies on a device during a person’s first visit. UK websites placed an average of 44 cookies on a first visit, the highest of any country surveyed.
- 70% were third party cookies (set by websites other than the one being visited). 30% of cookies set were first party cookies (set by the site being visited).
- 86% of cookies were persistent cookies (remain on a person’s device after use). 14% were session cookies (removed after a person’s browsing session has ended).
- The average cookie is set to expire after one to two years but some cookies were being set for as long at 10, 100 or even nearly 8000 years.
- 31st December 9999. Cookies set by three websites would not expire until 9999. One of these websites was based in the UK.
In the UK, 94% of the 81 websites surveyed provided information to explain to visitors how cookies were being used on the site. This compares favourably when compared to elsewhere across Europe where only 74% of the websites surveyed provided any information about cookies.
ICO Group Manager for Technology, Simon Rice, said:
“Any web developer will tell you that cookies are a vital tool for making the web work. However, the number of cookies out there may come as a surprise to many, particularly in the UK where the average website sets more cookies than for any of the other countries surveyed.
“There’s also clearly an issue with the lifespan of some of these cookies. Developers must consider the implications of using certain settings in their code. Setting a long expiry on a cookie means that it will not only outlive the usefulness of the device, but also the person using it at the time. While the length of time a cookie needs to remain on a device will depend on the reason why it was originally set, it is difficult to justify an expiry date in the year 9999 for even the most innocent of purposes.
The research was carried out between 15 and 19 September 2014. The number of cookies on each website was recorded and logged using a tool developed by the ICO. This was followed by a manual review of each website by the relevant national regulator to see what information was provided to consumers about the cookies placed by the website.
The report is available here, and will be also be published on the Article 29 Working Party website.