Common types of cookies are:
First-party cookies –These are placed on the user’s system directly by the website.
Third-party cookies – These are placed by a third-party, and they are commonly used for advertising and analytics.
Session cookies – This type of cookies expires once the user’s session on a website expires.
Persistent cookies – This type of cookies remain in the user’s system unless they delete it, or the site does. They usually have expiration dates coded in.
Strictly necessary cookies – They are often mandatory for a website to function smoothly. This type of cookies is essential for the users to use certain features of a website, such as remembering past activity in the site or holding items in the shopping cart.
Learn how cookies track you on the web here.
Cookies and GDPR
EU parliament in 2018 implemented GDPR, which was a turning point for the EU member states. The strict law left no room for organizations or individuals to be careless about people’s data. Otherwise, they are at risk for hefty fines and penalties. If you serve people in the EU, regardless of where you are from, follow the GDPR standards!
In the sea of words in the Regulation, the cookie is only mentioned once, but it is worth serious consideration.
Here is an excerpt from Recital 30 of GDPR:
“Natural persons may be associated with online identifiers provided by their devices, applications, tools and protocols, such as internet protocol addresses, cookie identifiers […] This may leave traces which, in particular when combined with unique identifiers and other information received by the servers, may be used to create profiles of the natural persons and identify them.”
Data that cookie collects may be used to identify an individual if combined with additional information. This alone makes cookies worthy of close reviews if you want to make your website GDPR compliant.
GDPR, along with ePrivacy Directive 2009/136/EC – also known as the EU Cookie Law because of its exclusive mandate about the usage of cookies – redefined how cookies should be managed and gave the users more control over them. The laws want you to be honest about what data you collect and for what, and you cannot collect or process the data without their consent.
Cookies are usually beneficial, but imagine not being aware of something following your online activity or not being able to do anything about it. Alarming, right? That is why there is public reluctance towards cookies. Cookies are dynamic; they change according to user behavior. They stay hidden. Also, it may sound concerning that the cookies from third parties can access user data. So, they pose a bigger threat to internet users.
It comprises of following parts:
- What are cookies
- List of cookies you use with their purpose
- How to delete or opt-out.
- It should be easily accessible from any page at any time by including a link to it in the cookie banner and the website footer.
- Present it in a concise, clear, and plain language.
- List all the cookies (including strictly necessary) that the website uses.
- Include the type, purpose, and duration (if applicable) of these cookies.
- Mention if there are any third-party cookies and their purpose.
- Details about how to delete or opt-out of the cookies if the users wish to.
- Keep it up to date and accurate.
The key to GDPR compliance is being pro-user. The more you provide control and transparency to the users, the more committed you will be to the law. Make sure your website policy stays within the framework of the Regulation.
|Disclaimer: This article does not represent legal advice. The purpose of this article is to provide general information only. Hence, for any legal advice, please contact a lawyer specialized in the area.