What is the role of cookies?
Cookies are small snippets of information, typically comprising a string of letters and numbers that websites provide when accessed by users. It allows the website to recognise a user’s device and store some information about the user’s preferences or past actions for when they next visit.
Cookies can be used for various purposes, including digital shopping carts, assisting logging in, analysing traffic to a website or monitoring the browsing behaviour of the user. Some cookies are strictly necessary for a website to function properly. Data from cookies also forms the basis of advertising technology (AdTech) which comprises tools used to analyse and manage information (including personal data) for online advertising campaigns and automate the processing of advertising transactions, such as Real-Time Bidding.
What are the rules governing cookies?
Here are some of the key points to bear in mind:
- “Legitimate interests” cannot be relied upon for cookies.
- Users must give express, informed, opt-in consent for cookies.
- Implied consent is no longer valid.
- Pre-ticked boxes or slider bars defaulted to “on” should not be used.
- Websites and apps must tell users what cookies will be set and what they do, including any third-party cookies – using clear and plain language.
- There is an exception for strictly necessary cookies.
- Strictly necessary is measured from the perspective of the user not the website publisher, so cookies necessary for data analytics are not strictly necessary.
- Non-essential cookies should not be set on landing pages before you gain the user’s consent.
What should my business be doing?
Good practice is to display a pop-up, a banner or an overlay for cookies when a user first visits a website. This should briefly summarise the website’s use of all cookies on a per cookie basis using clear and plain language.
The pop-up should contain an opt-in consent mechanism for analytics cookies and the like. You can use a slider bar that is set to “No analytics cookies” or “Off” by default or let the user tick one of two equivalent boxes to consent or refuse analytical cookies, without having a default or pre-set position.
What else should I be aware of?
We are expecting a further overhaul of the rules regarding cookies once the delayed e-Privacy Regulation is agreed by the EU. The timing of this legislation remains unclear, so we are monitoring developments here.
How can we help you?
If you need some further advice and guidance around Cookie policies or any other aspect of data protection – we’d be happy to help.
Please get in touch with Rebecca Steer at firstname.lastname@example.org