All posts Web

Lloyd vs Google: Have You Got Your Cookie Policy?

7 min read
Mitchel Goodwin
By Mitchel Goodwin Co-founder · Technical · About

Lloyd vs Google has been dragging through the courts like a soggy tissue in a puddle, and while the legal nerds argue about the finer points of representative actions and damages, the rest of us have a much more practical problem. Your cookie banner. Is it actually doing its job, or is it a little pop-up lie you have been telling visitors since 2018?

Be honest. You probably do not know. That is the point of this article.

What the Case Is Actually About

In very rough terms, Richard Lloyd brought a claim against Google on behalf of millions of iPhone users, arguing that Google had bypassed Safari privacy settings to track them without consent. The specifics are legally dense and genuinely interesting if you enjoy reading about the Data Protection Act at bedtime. The wider point, though, is simple. Regulators, courts and, crucially, users are no longer willing to accept "we track everything, deal with it" as a business model.

Your Cookie Banner Is Probably Wrong

We audit websites all the time and the cookie compliance picture is grim. Common offenders include:

  • The pre-ticked box: Non-essential cookies cannot be set by default. If your analytics fires before the user clicks anything, you are in breach.
  • The "accept or get lost" banner: Refusing must be as easy as accepting. A giant green ACCEPT ALL next to a tiny grey "settings" link is not compliant, no matter how pretty it looks.
  • The fake cookie policy: A generic template that lists cookies you do not actually use, and omits the ones you do. Impressive commitment to inaccuracy.
  • The silent tag manager: Google Tag Manager firing every pixel known to humanity the moment the page loads. Classic.

Why This Matters Beyond Fines

Yes, the ICO can fine you. Yes, those fines have teeth. But the bigger risk for most small businesses is reputational. A single screenshot of your dodgy consent banner shared on Twitter can do more damage than any regulator. Users are savvier than they were five years ago, and they notice when a website treats them like a product.

There is also the small matter of your data being rubbish if your consent process is broken. If people are rejecting cookies and you are tracking them anyway, your analytics is technically illegal and probably inaccurate. A wonderful combination.

What a Proper Cookie Setup Looks Like

You do not need to spend thousands on a consent management platform, although for larger sites one is sensible. You do need:

  • A genuine scan of your site: Know exactly which cookies are being set and by whom. Most businesses are horrified when they find out.
  • Granular consent: Users should be able to accept analytics but reject advertising, or vice versa. All or nothing is not acceptable.
  • Blocked scripts until consent: Nothing fires until the user has said yes. This is the bit most sites get wrong.
  • A cookie policy that matches reality: Written in plain English, updated when you change your tech stack, linked from the footer of every page.
  • An easy way to change your mind: A little "cookie settings" link in the footer is standard practice.

Not Sure If Your Site Is Compliant?

We run technical website audits that cover cookies, consent, privacy and the rest of the boring but critical compliance bits. Sleep better at night.

Request a Website Audit

The Google Consent Mode Question

Google Consent Mode has muddied the waters. Used correctly, it lets you collect modelled data even when users refuse cookies, which is genuinely useful. Used badly, it becomes a fig leaf for sending personal data to Google anyway. If you are implementing it, make sure whoever configured it can actually explain what it does without reading from a slide.

Do Not Rely on Your Web Designer

And no offence to the web design community, but most web designers are not data protection experts. They installed a cookie plugin, ticked "enabled", and moved on. Which is fair enough, because they are web designers, not lawyers. But it does mean the compliance sits with you, the business owner.

If you are about to commission a new site, our notes on questions to ask before hiring a web designer might save you a future headache. And while we are at it, understanding how your tech connects to your SEO is worth an afternoon of your life.

The Takeaway

Lloyd vs Google may have ended without the huge payout some predicted, but the direction of travel is clear. Privacy is no longer a nice-to-have, it is a default expectation. Get your cookie policy, your consent banner and your actual on-site behaviour aligned, and you will be ready for whatever the next case brings. Ignore it, and you are just waiting for your turn in the spotlight.

Go check your banner. Now. We will wait.

Keep reading

More from the Journal

SEO

How to Rank #1 in Newcastle (Without Selling Your Soul)

Local SEO, explained without the buzzwords. If you're not in the top 3, you're invisible. Here's how to fix that.

Read post SEO

What to Watch at brightonSEO Spring 2026 and How to Apply It to Local SEO in Newcastle

The bits of brightonSEO Spring 2026 that actually matter, translated into local SEO wins for Newcastle businesses.

Read post Strategy

The Newcastle Marketing Playbook (for people who hate playbooks)

Everything a Newcastle business actually needs to know about digital marketing. No fluff. No 200-page e-book. Just the bits that work.

Read post