cookies

GDPR, cookies and my website

The General Data Protection Regulation, GDPR for short, is a privacy law designed to protect the personal data of European Union (EU) residents. The GDPR took effect on May 25, 2018, and affects all companies, regardless of origin, if they possess the personal information of an EU citizen in their database.

Prior to the GDPR, websites would drop cookies onto their visitors’ browsers without their knowledge or consent. However, all that changed with the GDPR legislation. Recital 30 of the General Data Protection Regulation considers cookies as part of personal data. It requires websites to obtain valid consent when collecting personal data from its users. The law now gives its citizens rights over their data.

Why do we need cookies?

Cookies are lines of code that a web server sends out along with the requested website the very first time it is called out by the browser. Once in the browsers, these cookies transmit data like user ID, session ID, and settings, back to the web server. The cookies will remain in the browsers until it gets flushed out through the “clear cookies” action.

Cookies help to improve user experience on the site. They stored information to identify you and provide personalized content and settings.

For example, one of the significant backend applications that use cookies is Google Analytics.  Google Analytics uses cookies to monitor site traffic information and user behavior.

Why do the regulators care so much about these cookies?

Like all things good, cookies can be misused in the wrong hands. While cookies can be convenient for website users, they can turn sinister by tracking and remembering user behavior for monitoring and marketing purposes.

Regulators aim to make users conscious of what they allow, rather than granting marketing companies unrestricted access to collect personal data. Users should be given the opportunity to refuse cookies when they visit a site. Hence, the rise of cookie consent and its management.

How does one be GDPR-compliant with regard to cookies?

For starters, you would need to have a prominent cookie consent banner on the front of your home page. The purpose of the consent banner is to inform your visitors that you are using cookies on your website. The visitor then has a choice of whether to accept and proceed. Should they disagree on the use of cookies, they would not be able to proceed further and have to exit the website.

The banner could be either a pop-up or a banner bar. The bar could be either at the top or the bottom of the page. The pop-up or the banner should have clear and precise information about the purposes of cookies that are placed on the user’s browser. Pre-ticked boxes for cookie consent are now allowed. What regulators would like to see is affirmative action like “accept” or “reject”.

Next, you need to have a cookie policy to inform visitors what cookies are being used on your website and their purpose. This provides visitors with some knowledge and comfort of how their data will be used.

Next, you have to keep a cookie consent log to document cookie consent for proof of compliance in case you come under regulatory scrutiny.

If you need help in implementing any of the above, let’s connect.

Spread the love

Leave a comment

Your email address will not be published. Required fields are marked *