Skip to Content

Are Travel Companies Complying with the ‘EU Cookie Law’?.

The author

Drew Brigham

Technical Director

We’ve recently blogged about the EU e-Privacy Directive which is often referred to as the ‘Cookie Law’ and what our advice is. Although the law doesn’t come into force until 26th May 2012, after being postponed for a year – how compliant are travel industry websites?

Travel industry websites are great test cases because they get extremely large volumes of visitors, are often well-known both offline and online plus many already extensively use cookies in their analytical and advertising practices too. I’ve scoured the most popular travel sites out there which should fall under the law and the results are very interesting. You can see a full table of results at the end of this post. Overview • No site surveyed had an explicitly opt-in or opt-out of cookies option • All sites used cookies extensively • 53 sites were surveyed on 25/04/2012 • Sites were providers of holidays, flights or holiday review websites 2 Sites Didn’t Have a Defined Privacy Policy Two sites didn’t have a defined privacy policy at all. does have ‘terms and conditions’ and ‘data protection’ pages but not a separate privacy policy page, only has a ‘disclaimer’ with very limited information – it does mention cookies but doesn’t cover any privacy concerns. 8 Sites Privacy Policy Didn’t Cover Cookies At All Nearly 20% of sites didn’t mention cookies in their privacy policy whatsoever. Some didn’t even have a privacy policy or cover their privacy policy details in another part of their website – such as ‘legal’, ‘terms and conditions’ or ‘site conditions’. This includes some big names and well known sites such as,,, and 26 Sites Didn’t Cover Cookies Well Enough Just under half of the sites didn’t cover cookies at all or offer any more information besides the generic ‘we use cookies’ statement that is found in the majority of privacy policies and fails to explain what cookies are or how they are used. 3 Sites Had Great Cookie Explanations Travelocity, Fred Olsen Cruises and NCL Cruises had really good explanations of cookies; what they were, how they used them and how third party’s used them. They were written in clear and easy to understand language. 2 Sites Listed the Cookies They Used – 51 Didn’t It’s important to list all the cookies that are used on your site. Only British Airways and Fred Olsen Cruises listed all their cookies. Although British Airways did not explicitly give the cookie file name – only their general name, such as “Country Choice Cookie”. 0 Sites Made Their Privacy Policy Details Prominent None of the sites displayed a link to their privacy information anywhere apart from the footer of the site – the last part of the site. The new law requires that privacy policy information is displayed prominently. Not all sites had a direct link to their privacy policy or cookie policy in their site design. Those that displayed a link in the footer of their site didn’t make it prominent or stand out, a few were even extremely-hard to find such as the Ryanair privacy policy link. Some sites had a privacy policy but had not linked to it from their footer or their general site template, it could only be found via Google. A few sites had a dedicated ‘cookie information’ page, but this was linked to from their privacy policy or other parts of the site. Thomson have a link to their cookie information page in their footer – but it fails to clearly explain what a cookie is. Cruise Companies are Lagging Behind Although in general, most travel sites aren’t anywhere near compliancy. Very few of the sites provided much information at all, most of the cruise holiday based websites didn’t explain in their privacy policies what cookies were or how they were used, whereas the majority of other holiday websites did. Summary Overall it’s not a great picture, none of the sites comply with the strict letter of the law, none allow the user to opt-in or opt-out of cookies and only two provide both clear and extensive information about cookies, how the use cookies and list the cookies they use on their site – British Airways and Fred Olsen Cruises. Let me know your thoughts on this directive and compliance to it - leave a comment below. More information and data can be see here: The full CSV of data is also available to download here:  Travel-Site-Cookie-Compliancy-Data