Cookie Compliance – Some DOs and DON’Ts For Website Owners
Are you struggling with Cookies? We don’t mean the edible kind – we mean the digital kind.
Do you know what they are and that if a website uses them the website needs to tell users about them, explain what they do and why and have users’ consent to use them before they progress with viewing the website? From the website owner’s perspective there are a number of matters they need to address to ensure their use of cookies is compliant with current regulations.
Cookies are little pieces of text which are stored on the browser or hard drive of your computer or mobile device when you visit a webpage or application. Cookies work to make a user’s experience browsing websites as smooth as possible and they remember user preferences, so they don’t have to insert their details again and again.
There are different types of cookies. Some cookies come directly from the website and others come from third parties which place cookies on websites. Cookies can be stored for varying lengths of time on browsers or device. Session cookies are deleted from the user’s computer or device when they close the web-browser. Persistent cookies will remain stored on your computer or device until deleted or until they reach their expiry date.
So, what should a website owner do to ensure their website is Cookie Compliant? Here are some key considerations:
- Know what cookies are on your website. In particular check to see if any have been pre-loaded as you will need to list these in your Cookie Policy and ensure they are disabled before launch.
- Have a clear and concise Cookie Policy which amongst other things details what cookies you use, their type and purpose. This should be a separate document from your Privacy Statement although it may be referenced in the Privacy Statement and should be highlighted in your Cookie Banner or Pop Up so that user’s are aware of what you do and their rights before you launch the website.
- Get user consent to the use of Cookies. This has to be freely given, specific and informed. This means it has to be opt-in and is usually done by having a Cookie Banner or Pop Up the first time someone visits your Website. You also need records of that consent. The more sensitive the information tracked, the more important this is.
- Ensure you have a Cookie Banner. The Cookie Banner must give people the ability to reject certain types of cookies. Only necessary or essential cookies do not require consent. Functional/performance and advertising or targeting cookies, in particular, need to be expressly opted-in to so all non-essential cookies should be disabled and only triggered if accepted.
- Equal prominence should be given in the Banner to the ability to Accept or Reject/Manage Cookies. Implied consent i.e. statements that say by entering our website you are deemed to accept our use of cookies are not compliant.
- Do not have a Cookie Wall. This is a screen which blocks a viewer from entering the site unless they accept all cookies.
- Ensure you are up-to-date with changes in the law and regulations in this area particularly post-Brexit and where you are dealing with website users who are outside of the UK.
- Continually review your website and any changes to it and update your Policy and Banner appropriately.