There's 'clearly an issue with the lifespan of some cookies' warns ICO

Information Commissioner's Office discovers some website cookies are set up to last almost 8,000 years

The Information Commissioner's Office (ICO) has criticised the way some websites use cookies, after an international privacy study revealed that a cookie can last up to 7,984 years.

The study, led by the ICO, revealed that some websites are placing cookies on computers and other devices that will outlast the usefulness of the device - sometimes by a huge margin. Of the 16,555 cookies surveyed, three were set to expire on 31st December 9999. The average lifespan was one or two years.

It's also been revealed that UK websites placed an average of 44 cookies on a first visit, the highest of any country surveyed - the global average was 34.

"Any web developer will tell you that cookies are a vital tool for making the web work. However, the number of cookies out there may come as a surprise to many, particularly in the UK where the average website sets more cookies than for any of the other countries surveyed," said ICO group manager for technology Simon Rice, who warned that there's "clearly an issue with the lifespan of some of these cookies".

Rice stated that "developers must consider the implications of using certain settings in their code".

"Setting a long expiry on a cookie means that it will not only outlive the usefulness of the device, but also the person using it at the time," he continued, adding "it is difficult to justify an expiry date in the year 9999 for even the most innocent of purposes".

Nonetheless, Rice praised the UK for "performing better than our European counterparts when it comes to informing people about the use of cookies on their website". But he warned: "We will be writing to those who are still failing to provide basic information on their website before considering whether further action is required."

The study involved an automated and manual examination of 478 websites by eight privacy regulators from the European Article 29 Working Party and national regulators who have responsibility for enforcing the rules on cookies.

Recently, the ICO was left red-faced when its website security certificate expired.