If you own a business, are in a management position or simply have a website that operates within the jurisdiction of the European Union (EU), you have probably heard about GDPR and have a “Cookies Consent” on your website.
It all started in 2002 when the EU started regulating online data usage and protection. In 2002 EU drafted the ePrivacy Directive. This directive obliged website owners to get consent from their visitors for the gathering and storing of cookies on their PCs and mobile devices. The ePrivacy directive – more specifically Article 5(3) – requires prior informed consent for storage, or for access to information stored on a user’s terminal equipment. In other words, you must ask users if they agree to most cookies and similar technologies (e.g. web beacons, Flash cookies, etc.) before the site starts to use them. After this directive website owners started showing banners and pop-ups to their website visitors. The EU went further with regulation attempts and introduced GDPR (General Data Privacy Regulation) which came into effect in 2018. The GDPR rules and regulations are stricter and more specific, as well as imposing heavier fines if not complied with.
What are cookies?
So, what are cookies and why do you need them? What’s all this fuss about? Cookies are small text files that get downloaded into users’ devices such as desktops, mobile phones, laptops, etc. that store information about the user, their preferences, past actions etc. This allows websites to recognise user devices and their preferences upon their next visit.
Before the 11th December 2019 (when GDPR came into effect) website owners could simply notify their visitors that cookies were being used and by continuing to browse the website the visitors accept/consent to cookies use. However, now website owners have to get acceptance of cookies, in other words, they have to actively opt-in giving website owners or webmasters permission to use and/or store their data. So what are the obligations of webmasters in terms of cookie usage? Below are the main principles:
- Give users an opportunity to opt-in and opt-out of any type of cookie
- Get the user to consent (usually in the form of a cookie banner) before collecting the data
- Keep the records of all the collected consents
- Allow visitors to withdraw their data that they have given consent to
- Delete visitors’ data upon their request
What Shall You Do in Terms of Cookies and GDPR?
Since you can’t control who visits your website and you most likely use tracking technologies (Google Analytics, Facebook Pixel, HubSpot, plugins, social media buttons), it is wise to have a cookie banner to protect yourself. Now that we know what cookies are and what the GDPR requirements are (REGULATION (EU) 2018/1725 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC), we have a general understanding of what needs to be done.
First of all, you will need to create a “Cookie Notice Page” where you provide general information to the user, regarding what cookies are, how do you use cookies and give the user the information that they can control or delete the cookies as they wish.
Here you can download the multilingual template to create your own cookie notice page.
Then, you will need to create a banner/popup window notifying visitors about the fact that you are using cookies and provide them with options to opt-in, opt-out or learn more on cookies that you, as a webmaster, are using to gather and store their personal data with. Here is the “Cookie Consent” banner from the European Commission website:
Source: http://ec.europa.eu/ipg/basics/legal/cookies/index_en.htm
This example includes:
- The cookie header banner is displayed on all pages of a site using cookies that require informed consent.
- A link to the specific cookie notice page is also available.
- This element of the page will only display its content once the user chooses to accept the site’s cookies.
The Information Commissioner’s Office – The UK’s independent authority set up to uphold information rights in the public’s interest, promoting openness by public bodies and data privacy for individuals – has a nice guideline on its website about Cookies, that you can download as a PDF file as well as comprehensive and detailed information on Cookies. You can check it out below:
For The Information Commissioner’s Office website – click here.
For the “Guidance on Cookies” PDF file – click here.
Keep following our blog for more information on new cool ways to improve your website performance and push your SEO efforts to new heights. Get in touch with us if you have any questions about this or any other digital marketing topics we discuss in our blog, or if you would like to make an enquiry about our digital marketing services.
