Cookies are small text files of information collected from the user’s browser. Some third-party cookies track the browsing activities of the user. These cookies are set on the user’s browser. This tracking and monitoring of user data without the consent of the user are against GDPR.
GDPR is an EU law enforced on May 25th, 2018. It protects the data rights of users. All organizations that deal with EU citizens are to be compliant with GDPR.
What are cookies and what do they do?
As mentioned before, cookies are small text files that store information in your browser. When the user visits a website it might store some cookies to recognize the user in future visits. When you visit that website again, it will remember you from your last visit. These cookies keep track of your time, customize your browsing experience and display targetted ads.
Cookies on websites save your login details, measure the usage and time the user spends on the website, target relevant ads for users. GDPR makes sure that the website honors the rights of data subjects (users) and user consent is asked before any kind of data is collected or processed.
Different cookie types
Cookies can be classified based on different characteristics,
- Based on their purpose
There are basically two types of cookies, necessary and non-necessary. The necessary cookies are the ones that are essential for the functioning of a website, and the non-necessary cookies are the ones that are added additionally by the website and are not really important for the functioning of the website.
- Based on their origin
Cookies can be divided into first-party and third-party cookies. First-party cookies are set by the website itself that the user is currently visiting, say, check whether the user is logged in or not. Whereas third-party cookies are put in by other websites that track the user for targeting relevant advertisements.
- Based on their duration
Cookies can be divided into two, persistent and session cookies. Session cookies are set when the user starts a session and are temporary cookies. They expire once the browser is closed and the session ends. Persistent cookies, on the other hand, stay on the user’s browser for a longer period and only die when they reach their expiration period.
GDPR requirements for cookies
Ever since the implementation of GDPR, cookie policies have been required to not just ask for the permission of the user for running but also get the following included in the policy.
- The name and type of cookies used. There are many types of cookies available, the ones used should be specified in a cookie list along with the cookie name and ID.
- The purpose of the cookies used. Along with the type, the purpose of each cookie used should also be specified in the cookie list.
- Cookie duration. Some cookies die out after a user session and some are persistent ones, that stay along for a year or so. The duration to which a cookie will stay in your browser must be specified.
- The whereabouts of the data shared through the cookies should be specified.
- Cookie rejection and acceptance policy should be mentioned. Users should know how to opt-out of cookies.
What is a cookie consent banner?
A cookie consent banner is a pop-up or notification that appears when a user opens a website asking permission to set cookies. The user can accept or reject to provide their consent.
For a website to be GDPR compliant, it should meet all the requirements of GDPR.
Below are the requirements for creating a cookie banner to make your website GDPR compliant:
Consent must be freely given
Consent must be always freely given by the user. That is the user should not feel cornered or compelled to give their consent to use the service. Consent should not be presented as a condition for the fulfillment of a service or contract if not necessary for the performance of the service or contract.
Consent must be given prior to processing
The user must give their consent before any processing begins. The website needs to pause any tracking or collection of user data before any proper consent is obtained from the user.
Consent must be transparent and legible
Consent must be given by the user in response to transparent and legible information provided by the organization. The request for consent should be asked in a clear and plain language that can be understood by anyone.
Consent must be reversible
The consent users give while they first visit the website must be reversible. They should be able to withdraw from the consent as easily as they provided it.
Consent must be renewed
The consent of the user must be renewed every 12 months. This means a consent banner should be shown to a returning user after a period of 12 months.
What constitutes a cookie banner?
A cookie banner consists of a cookie compliance message with information about the cookies, script, and processing of user data. The cookies used along with their purpose, duration and with an option to prevent them from launching should be present on the cookie banner.
Setting up Cookie Banner for different websites
One of the tools to set up a cookie banner is CookieYes. CookieYes helps create and display a cookie banner, that you can customize to match your website as per your preference. It also helps manage cookie details set on the website and block these cookies prior to consent. Using CookieYes you can provide granular control over the cookies for your users.
In WordPress, there are two methods to implement a cookie banner using CookieYes. The first way is to edit the theme of your WordPress website and paste the installation code you get when you sign up.
Another method is to use a plugin to edit your Wordpress header and footer eg: Insert Headers and Footers. You can paste the installation code once you install this plugin.
Once the CookieYes code is implemented on your Wordpress website, you can view the cookie banner.
For step by step procedure, read CookieYes Code Installation on WordPress.
To implement the CookieYes code on Drupal, create an account of CookieYes and copy the installation code.
Go to the Site admin page of your Drupal website and edit the block layout. Place a block in the header or footer and add the code in the blanks. Once the code is implemented the cookie banner will be visible on the website.
For further guidance read Implementing CookieYes on Drupal.
To implement the CookieYes code on the Wix website copy the CookieYes code and go to Wix website settings. There, in the tracking and analytics section, go to custom and add your code there.
Note that in Wix websites you need to be a Premium member to use this feature.
Read CookieYes Code Installation on Wix for step by step instructions.
To implement the CookieYes code on your Squarespace website, copy the CookieYes verification code, that you will get once you Sign Up in CookieYes.
Go to Advanced settings of Squarespace, and search for Page header code injection. With this option, you can paste the code on your website.
To know more check out Implementing CookieYes on Squarespace.
To implement the CookieYes code on your Joomla website, copy the CookieYes code.
Go to templates in extensions, on your Joomla website and edit the index.php file of your template. Paste the code between the <body> </body> tags and save the changes. The cookie banner will appear on your website.
To get step by step instructions, read Implementing CokkiYes on Joomla.
To implement the CookieYes code on your Blogspot website or Blogger, copy the CookieYes code.
Go to themes in your blogger website and edit the HTML code. Paste your CookieYes code here and save the changes. You will now be able to view the cookie banner on your website.
To get the step by step instructions to check out Implementing CookieYes on Blogger.
Do note that the cookie banner created can be further customized in CookieYes.