Cookies are an essential part of the modern web. Without them we’d be unable to provide the interactive sites and web applications that modern users of the web have come to expect. The web was designed to be stateless — no information about a session was carried between page loads. Cookies are the thread that modern sites use to tie together sessions — they’re how we know who our users are and they’re how we combine a group of page loads into a coherent journey. They’re also how we track users across our sites and the wider web.

It’s the tracking aspect of cookies that has user privacy implications. There are a million reasons that site owners would want to track users, and most of them are benign, but the European Union feels that in the light of the potential for privacy violations, sites should be required to give specific permission for the use of cookies. The Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011, which was adopted into the laws of EU member countries made it compulsory to ask for permission when accessing information stored on user’s machines, which includes cookies.

If you’re based in the US, it’s possible you’ve never come across a site asking for permission to use cookies, but if you’re based in the EU, which include the United Kingdom, you’ll come across them on a daily basis.

If you own a site hosted in the UK, you’re theoretically obligated to issue a cookie permission request to every new user of your site. In practice, the consequences of not doing so are minimal. The techniques used to get permission vary, some sites have an opt-in banner that requires a click from users, others simply display a banner that says by using the site the user implicitly consents to cookies being placed on their computer.

Before I discuss methods of making your Magento site compliant, lets be clear about what falls under the regulation and what does not. Cookies that are essential to a site’s functioning are not included — an example would be the cookies that your site uses so that the checkout process works. It’s more than likely that your site is using cookies to which the law applies though. Almost everyone uses tracking cookies, social media cookies, or analytics cookies, and they’re the ones that require permission.

Implementing the cookie permission requests on Magento sites is fairly straightforward: there are a number of plugins that will do it for you with a minimum of fuss. One of the most popular is Creare EU Cookie Law Banner, which will add a discrete banner to your Magento store. Cookie Law Compliance does much the same thing.