How you handle the personal data of visitors to your website can make or break their trust in your business.
Today, there are more and more laws that govern how you collect and use personal information online.
Cookie policies have become a controversial subject for website owners and visitors alike.
Cookies are small bits of data that websites create and store (as text files) when they load. Web browsers use these cookies to track user activity on a page.
For example, it can save your password, so you don't have to log into Instagram every time you want to access your account.
So, you can think of a cookie as the short-term memory of a website. It stores the website's URL, the cookie's lifespan (or, if you prefer, its "use by"), and an individual ID for every user.
Cookies can also show ads or offer a customized user experience. They enable a website to "recall" details between pages or visits stored in your browser.
In addition, cookies store information that can be highly valuable, especially for users. It may keep track of user activity on the website, where they left off, customization preferences, log-in information, cart contents, and more.
There are several types of cookies, just like in the real world.
Based on lifespan, the two types of cookies are —session and persistent.
Once you exit a website, a session cookie created in your browser's cache is permanently deleted.
On the other hand, persistent cookies enable websites to identify you when you return by staying in the browser's cache for a specified period.
Several types of cookies are used for data collection. They include:
These cookies anonymously track user activities on a website for internal research. But users can reject certain cookies.
These cookies are crucial for a page's performance; hence, they are not optional.
It depends on how you use them - cookies may target ads or add users to marketing lists.
Until recently though, most internet users didn't know their online behavior was being tracked, But now that they do, it doesn’t sit right with them!
It should go without saying that a website using no cookies at all would be the exception rather than the rule. If you manage a small business website (or any business), think about this.
For some context on the kind of functionality cookies enable, let's quickly review some common uses for cookies:
First-Party cookies are managed directly by website or app owners. Conversely, third-party cookies are handled by others, and it helps them offer their services.
So, when your website or app uses third-party services to include features like photos, social media plugins, or ads – it features third-party cookies.
It serves as a notice to users about the cookies active on the website, their function, and what happens to the data, including identifying third-party cookies.
Laws from data regulation bodies, such as the European Data Protection Board and General Data Protection Regulation, state that website owners must get consent from visitors to collect or store data. With this, users are aware of how their data is collected, and they can manage cookies.
This can be done with a simple cookie audit or by scanning your website's cookies using tools like CookieYes, OneTrust, etc.
This involves clearly stating how your website collects user data, processes, stores, and uses it online.
You need to get visitors' consent before using cookies or give them the option to decline for better control over their online privacy.
For compliance with GDPR, website owners must get users' consent to collect their personal data. Of course, you can only do this by telling them about the type of cookies on your website and their functions.
Since taking effect on May 25, 2018, the GDPR, also General Data Protection Regulation, protects user data and ensures data privacy. It keeps businesses accountable for how they collect, use, and preserve information by imposing fines for noncompliance.
While the US does not require affirmative consent for cookies, website owners must comply with the GDPR if they collect user data from the EU.
The GDPR applies in the following situations:
Note: The entity in this context could be a government agency, private or public organizations, individuals, non-profits
In the context of the GDPR, "personal data" is any information that pertains to a named or identifiable individual. It comprises details that, when collected collectively, can help recognize a person.
Examples of personal data include fundamental identity data of users like names, genetics, biometric data, and web data like IP addresses, personal email addresses, political opinions, and sexual orientation.
You must include cookie consent banners or privacy policies on your website if it uses visitors' data. It is crucial for companies and websites worldwide as the internet has no geographical limits.
Otherwise, you could be sanctioned for noncompliance if a user visits your website (that collects data) from a location under the EU Cookie law or the CCPA. So, your website must be GDPR compliant to be safe.
In addition, WordPress.com sites and plugins that collect or store data are subject to GDPR. It includes membership plugins, email marketing campaigns, and contact forms.
Here are some important facts to note about the Cookie Law:
Since the GDPR's introduction, the ICO has provided guidance that helps to clarify this matter to some extent. Currently, we are aware that:
Consent is the only acceptable legal basis for the placement of cookies on a website (you cannot, for example, rely on any other GDPR lawful grounds like Legitimate Interest). Before any cookies are set, you must obtain consent where it is necessary.
So, sure, consent is needed unless your cookies come under the exception conditions.
No affirmative consent is needed for these kinds of "essential" cookies. Such "essential" cookies include those used to track items in a shopping cart when making purchases online.
You don't need to display the cookie banner again after the user's first visit. Nevertheless, it could be a great idea to reshow the cookie banner from time to time.
Also, remember that several factors and situations could imply the need to "reconsent" visitors and, as a result, cause the banner to reappear.
For instance, when you use a fresh, non-exempt third-party cookie. In this case, you would need to get new consent because the earlier one you had from the user would only apply to the third parties you declared when you first collected it.
If you found this article helpful, check out similar articles on Abralytics.
Other related articles