Google Analytics EU Cookie Law

Most modern websites have some kind of web tracking solution for collecting information about visitors to the site, which is largely used by marketing staff to make decisions to improve the site to increase traffic volumes.

Google Analytics is the most popular  analytics package available, not least because it is both free and extremely powerful. Google Analytics (GA)  is found in use at around 57% of the 10,000 most popular websites – including the likes of New York Times, Washington Post, Mashable and Twitter. For smaller websites, this figure is even higher.

However much site owners think of it as an essential website tool, Google Analytics is covered by the requirements of the EU Cookie Law.  This means the website owners must seek consent for the use of GA, using tools like Optanon.

Optanon will help you tell your visitors about GA, and provide them with the ability to opt-out without having to leave your site. All it requires is a slight change to how you add Google Analytics into your pages, which is very easy for most websites to implement.  If you use Google Tag Manager, it is even easier to use Optanon to control Google Analytics, subject to user consent.

Optanon also provides you with some simple language describing what analytics is – which you can use in your privacy policy, along with an accurate list of the cookies used, with a single line of code.  See how this works within our own How We Use Cookies page

Most sites can rely on Implied Consent for Google Analytics using Optanon.  However, if a user chooses to opt-out, Optanon uses a first party cookie to remember your visitors’ choice for 12 months.

However, for those countries where explicit consent is required, Optanon enables you to get consent for Google Analytics before the cookies are set.

Further Guidance

The ICO has issued guidelines on how to interpret the new EU Cookie Law. In the PDF document entitled “Changes to the rules on using cookies and similar technologies for storing information” they say: “An analytic cookie might not appear to be as intrusive as others that might track a user across multiple sites but you still need consent.

Further advices and opinions on analytics cookies can be found in the opinion published by the influential Article29 Working Party

Google Analytics sets first party cookies, however many accounts have the opt-out setting active to “true” which Google allows to anonymously track website metrics for the purposes of “benchmarking”. Google says this information is used to categorize a website and show a relative performance line in visit graphs. This shows how well a website benchmarks for that category.

The ICO guidance says: “If the information collected about website use is passed to a third party you should make this absolutely clear to the user.  You should review what this third party does with the information about your website visitors.” Therefore in the instance of “benchmarking” it is clear consent must be achieved for a website to pass information to Google.

Website owners should probably also tell visitors that they are sharing the visit data with Google for benchmarking purposes, as part of their disclosure about how cookies are used.

For more on Google Analytics please also see: The Analytics Crunch

About the Google Analytics Cookies

Google Analytics sets first party cookies via a piece of JavaScript code which must be added to every page that site owners want to track. It sets four cookies automatically, and a fifth via opt-in (this relates to sharing information about your traffic with Google).

Globally and in the European Union member states Google sets the following cookies:

__utma Cookie
A persistent cookie – remains on a computer, unless it expires or the cookie cache is cleared. It tracks visitors. Metrics associated with the Google __utma cookie include: first visit (unique visit), last visit (returning visit). This also includes Days and Visits to purchase calculations which afford ecommerce websites with data intelligence around purchasing sales funnels.

__utmb Cookie & __utmc Cookie
These cookies work in tandem to calculate visit length. Google __utmb cookie demarks the exact arrival time, then Google __utmc registers the precise exit time of the user.

Because __utmb counts entrance visits, it is a session cookie, and expires at the end of the session, e.g. when the user leaves the page. A timestamp of 30 minutes must pass before Google cookie __utmc expires. Given__utmc cannot tell if a browser or website session ends. Therefore, if no new page view is recorded in 30 minutes the cookie is expired.

This is a standard ‘grace period’ in web analytics. Ominture and WebTrends among many others follow the same procedure.

  __utmz Cookie
Cookie __utmz monitors the HTTP Referrer and notes where a visitor arrived from, with the referrer siloed into type (Search engine (organic or cpc), direct, social and unaccounted). From the HTTP Referrer the   __utmz Cookie also registers, what keyword generated the visit plus geolocation data.

This cookie lasts six months. In tracking terms this Cookie is perhaps the most important as it will tell you about your traffic and help with conversion information such as what source / medium / keyword to attribute for a Goal Conversion.

__utmv Cookie
Google __utmv Cookie lasts “forever”. It is a persistant cookie. It is used for segmentation, data experimentation and  the __utmv works hand in hand with the   __utmz cookie to improve cookie targeting capabilities.

Related Pages

Be in the Know

Subscribe to our newsletter

Onetrust All Rights Reserved