UK Cookie Law - are there now thousands of "illegal" Drupal 6 sites in the UK?

We encourage users to post events happening in the community to the community events group on https://www.drupal.org.
Andy Inman's picture

Drupal 6 tends to set an anonymous cookie by default. I recently did a quick check of UK sites and found many which are indeed setting cookies but don't have one of the available compliance modules installed. From my understanding of the law, the standard D6 anonymous cookie may be exempt if it could be proven that:

  • it is required for proper use of the site (probably not the case) and

  • isn't used in a way that would identify the user on returning to the site such that displayed contained would be customised for them in some way.

But, with potentially large fines, I don't think I would personally want to take the risk, nor advise clients to do so.

I would be interested in what others here have been advising their clients/employers with relation to Drupal 6's use of anonymous cookies. I have created this page on my own site and have been advising all my clients to read it and make appropriate decisions (which basically boils down to installing one of the existing compliance modules if not already installed).

This thread on drupal.org on the topic is worthwhile reading too.