We’ve all been asked to “accept” or “reject” cookie consent banners at least once when visiting a website.
Not only does it protect your site visitors, but it also helps you comply with the EU Cookie Law and General Data Protection Regulation (GDPR).
Privacy laws only exist on a state level to regulate online data processing and cookie usage to some extent, such as:
- California Consumer Privacy Act (CCPA)
- California Privacy Rights Act (CPRA)
- Virginia’s Consumer Data Protection Act (CDPA)
The European Union established the General Data Protection Regulation (GDPR) and ePrivacy Directive (aka the cookie law) to protect their residents’ personal data.
The European Data Protection Board (EDPB) clarifies that these privacy laws work to complement each other.
EU member states have also updated their own laws to adhere to EU directives.
Under the EU cookie laws, online businesses that target EU citizens need to inform users what data they collect and how the personal information collected will be used.
An important requirement of the EU directive is to obtain consent from users before placing cookies on their devices.
What Is a Cookie?
A cookie is a small text file from a web server that is placed into a user’s device to collect data.
You can think of cookies as the web’s “short-term memory.” They allow websites to remember bits of information about users during each visit.
Most cookies are meant to enhance a user’s web experience, which is generally a positive thing.
There are four main types of cookies:
- Essential cookies – Necessary for a website’s core functionality
- Preference cookies – Remember website visitors’ preferences during a session
- Analytics cookies – Assess how website visitors use the site
- Marketing cookies – Tracks website visitors across different sites to target them with relevant ads
There are also third-party and first-party cookies.
First-party cookies are unique to the website that are essential to its operation, while the latter are created by advertising services to display ads.
When people think about cookies, their biggest concern comes from persistent, third-party cookies that continue to track users even after they leave a site.
These cookies pose a risk to users’ digital privacy.
The GDPR and the ePrivacy Directive have set up safeguards to ensure their citizens’ online privacy.
Cookie consent gives visitors more control over how their personal data will be collected and used.
It must be CLEARLY and EXPLICITLY shown through a cookie banner or pop-up.
What Will Happen if I Don’t Have a Cookie Banner?
Non-compliance with data privacy laws will risk enforcement action from data protection authorities.
The GDPR imposes two levels of fines for businesses that violate regulations:
- Less severe: €10 million, or 2% of the company’s worldwide turnover from the preceding financial year
- Severe: €20 million, or 4% of the company’s worldwide turnover from the preceding financial year
Depending on the severity of the offense and the amount of traffic your website gets, the fine could add up to hundreds of millions of dollars.
It’s crucial that you comply with the Cookie Law and its cookie consent requirements to avoid these hefty fines.
If your website collects personal data using cookies, it’s recommended to have BOTH to comply with the GDPR and the ePrivacy Directive.
In comparison, a cookie banner allows visitors to give their consent to a website for data collection and processing.
It must outline what type of cookies a website uses and how website visitors can set their preferences.
Alongside these details, below are other essential information you need to incorporate:
- Information about what cookies are and what type of cookies your site uses
- The types of cookies your site or third parties may use
- How the data collected from cookies will be used
- How visitors can opt out of having cookies placed on their devices
- How visitors can withdraw consent after giving prior consent
- How your website will store data
- Your company’s contact information
1: Types of Cookies You Need to Use
The first step is to find out what cookies your website will set and what they will be used for.
You can do this using a cookie audit or a website cookie scan tool.
The types of cookies can be classified into different categories (e.g., essential vs. non-essential, session vs. persistent, etc.).
Cookie policies should also inform users about other technologies that track users’ online activities.
3: Get Visitors’ Consent
Once you’ve listed what cookies you’ll use and how they’ll be used, you need to obtain their consent before placing cookies.
Opt-out options must exist for users who don’t want to consent to certain cookie usage (e.g., preference cookies, analytics cookies, etc.).
The options to “accept” and “reject” cookies should be EQUALLY PROMINENT on the cookie banner.
Implied consent via continued browsing is NOT considered compliant with Cookie Laws.
Transparency is KEY for privacy notices. That’s why it’s critical to highlight the types of cookies your website will use.
There are certain cookies that require consent, while necessary cookies do not.
These are temporary cookies that only exist during a certain session. Session cookies help websites track a user as they navigate web pages.
Once the user exits the site, session cookies are deleted.
These cookies are commonly found on e-commerce websites.
In contrast to session cookies, persistent cookies are permanent.
They are kept in local storage on a user’s device and remain there even after the user exits the website.
This cookie type is responsible for remembering login information. Although it can save time for users, it can also pose a risk to privacy.
Third-party cookies are created and placed by third-party advertising services.
These cookies are used to track users’ online activities across different sites to deliver behavioral advertising.
They are known for displaying ads that are personalized to the user based on their activities.
Flash cookies stay on users’ devices permanently, even after cookies have been deleted.
This type of cookie is stored in multiple locations, which makes it difficult to remove.
Zombie cookies don’t depend on standard cookie protocols. Web browsers can continue recreating them even when deleted.
Frequently Asked Questions
Below are related questions about cookie policies and how you can integrate them into your site:
You simply need to install a plugin, activate it to add a code snippet, and save it to your WordPress website.
A comprehensive cookie consent gives users control over their online privacy.
Consult with web developers or legal experts to learn more about protecting your website from liability.