Untitled design (1)

Requirements of a GDPR Compliant Cookie Banner

Before knowing what a cookie banner is, one should know what cookies are, what they do and why do we need them. Cookies, unlike the tasty ones we eat, are the small text files that contain scripts and stores data of the users, for the website to function properly.

Cookies are of many types, there are necessary and non-necessary cookies. The former being essential for the functioning of a website, and the later are the ones that are added additionally by the website and are not really important for the functioning of the website.

First-party cookies are set by the website the user visits. And third-party cookies are put in by other websites that track the user for targetting relevant advertisements. There are session cookies, set when the user starts a session and expire once the session ends and there are persistent cookies, that stay on the user’s browser for a longer period till their expiration date is reached.

Although they are used by almost all websites and seem harmless, the user’s data can be stored within these files without their consent, thus encouraging the chances of misuse. To solve this issue, the ePrivacy Directive, more commonly known as the cookie law, introduced a cookie consent banner.

A cookie banner is a notice that appears on the website when the user first visits it. This banner might display a pop-up that cookies are being used and the consent of the user is needed for the same but it does not specify what cookies are used or what purpose they serve in the website.

Now if you are wondering why do we do not need cookies if they help in the functioning of the website, we do need them, but not all of them.

Cookies are of many types! There are session cookies, advertisement cookies, persistent cookies, third-party cookies and a lot more. But basically, they can be categorized into two main categories: necessary cookies and non-necessary cookies. Necessary cookies are the ones we need and the ones that help in the functioning of the website. Non-necessary cookies are the ones that can be opted out. These are mostly third-party cookies and are used for analytical or advertising purposes.

So what is this GDPR and why do we need it?

Consider this, someone tracking your everyday activities, knowing your likes and dislikes, everything you watch and do on the internet, your every next move, that's how eerie internet is getting. The cookies set by many websites that store your data can be led to track you without your consent. The need for stricter laws regarding user consent is why GDPR was introduced.

GDPR or General Data Protection Regulation was enforced recently and is known as the most noteworthy lead on data protection. GDPR imposes stricter laws on cookie consent. The following are some of the additions that are to be made:

  • The user needs to know all the information regarding what the cookies used in the website do and where the shared data go.
  • Along with the purpose of the cookies, the name, cookie id of the cookies should also be specified.
  • The user should have the authority to opt in or opt out of various cookies as per their requirement. Also, they need to get access to settings to make subsequent changes if desired.
  • The duration of the cookies needs to be mentioned, as some can be persistent while others die out after a single session.

Features of GDPR Cookie Banner

A GDPR cookie consent banner must include the following features.

  • All the cookies, excluding the strictly necessary ones, must be put on hold until user consent is given.
  • The information regarding the cookies used in the on the website must be specified in the banner in a simple and accurate way for all readers to understand.
  • Other than the necessary ones, all other cookies can be unchecked in this banner and opted out of. In case, if the user changes their mind they must be given a choice to opt in too.
  • The website needs to function properly even if the user opts out of certain cookies that were non-necessary.
  • The consent given by the user must be recorded and documented safely for any future need.
  • Consent renewal must be done in every 12 months when the user revisits the website.

Many websites have come under the scrutiny of changing their web policies ever since the introduction of GDPR. The feature “prior consent” set by GDPR and the ePrivacy Directive is of an utmost requirement now and indeed a change that would definitely be an improvement to the present cookie policies.  

Make Your Website GDPR Compliant With CookieYes

CookieYes is a new and easy solution to make your website comply with the GDPR Cookie Law from Cookie Law Info. Join the 500,000+ website using our solutions now!

Share this post