Have you ever had the need to purchase something online, went on a website, click on that item and ever since then no matter what website you open you see advertisements relating to that item? Well, you’re not alone there. Ever wondered how this happens?

These are the work of cookies that are set on the user’s browsers or devices by the website visited by the user. These cookies stay on the browser until their expiration time or until the user clears the browser cookies.

These cookies are set on the browser store information about the user’s behavior on the browser. these data are then used by the third-parties to create a profile of the user’s preferences and provide them with targeted advertisements, that are more likely to be clicked by the users.

They track the user behavior, what links they click on and even their user history to target relevant ads. Almost like a stalker, stalking all your moves. It feels creepy now doesn’t it? Such concerns are why online privacy laws have been introduced. GDPR is a set of such laws introduced in 2018.

So what’s the hype with GDPR?

The EU General Data Protection Regulation or GDPR as it is often abbreviated to is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA). GDPR helps protect user’s data by asking user’s consent before setting cookies on any website they visit.

But before we go further into that, let us first look into what cookies are, why we need cookie policies and what they do.

Almost all websites today need some basic cookies to function properly, that access information about the user. This information is stored within small text or script files called cookies. These cookies perform many functions, like recognizing the user, targetting advertisements, etc.

Cookies can be classified into different types based on different characteristics.

  • Based on their purpose, there are basically two types of cookies, necessary and non-necessary. The necessary cookies are the ones that are essential for the functioning of a website, and the non-necessary cookies are the ones that are added additionally by the website and are not really important for the functioning of the website.    
  • Based on their origin, cookies can be divided into first-party and third-party cookies. First-party cookies are set by the website itself that the user is currently visiting, say, check whether the user is logged in or not. Whereas third-party cookies are put in by other websites that track the user for targeting relevant advertisements.
  • Based on their duration, cookies can be divided into two, persistent and session cookies. Session cookies are set when the user starts a session and are temporary cookies. They expire once the browser is closed and the session ends. Persistent cookies, on the other hand, stay on the user’s browser for a longer period and only die when they reach their expiration period.

Although cookies are these harmless small text files that are locally stored and can be easily viewed and deleted, a lot about the user’s activity and can be stored without the user’s consent, with chances of misuse. This is where cookie policies come in.

A cookie policy is a declaration given to the user, stating what cookies are used in the website, why they are used, where the information will be shared to and if the user’s consent is involved with the same.

Most website owners include the cookie policy in their terms and conditions. Ever since GDPR came into play, cookie policies have been required to not just ask for the permission of the user for running but also get the following included in the policy.

  • The name and type of cookies used. There are many types of cookies available, the ones used should be specified in a cookie list along with the cookie name and ID.
  • The purpose of the cookies used. Along with the type, the purpose of each cookie used should also be specified in the cookie list.
  • Cookie duration. Some cookies die out after a user session and some are persistent ones, that stay along for a year or so. The duration to which a cookie will stay in your browser must be specified.
  • The whereabouts of the data shared through the cookies should be specified.
  • Cookie rejection and acceptance policy should be mentioned. Users should know how to opt out of cookies.

GDPR is the most significant change in data protection in 20 years. It brings about major strict requirements on data handling procedures, transparency, documentation and user consent. With no processing of sensitive personal data being allowed without a person’s explicit consent, it is considered a vital step towards protecting the fundamental rights of privacy of the users.

The user now has the right of data portability, right of data access and the right to be forgotten. GDPR doesn’t just provide users the right of user consent but also asks the website to save the same as evidence for any future obligations. Even in the case of loss of data or data breach, the policy affirms there is an immediate notification sent to data protection authorities as well as the users.

To conclude, complying with GDPR is definitely going to be a task, bringing in consent management changes to your website cookie policies. It may seem all a bit too overwhelming at first. However, on a longer term, it will be serviceable and favorable to one and all.