If you are reading this, chances are you’ve been hearing a lot about cookies, GDPR and ePrivacy. And yes, it can be confusing and even frustrating at times, we know. But if you have a website these days, you should be familiar with those terms and there’s no way around it. That is why we did our best to collect everything you need to know on the subject in a single, simply written article. Hopefully it can help you make more informed decisions about your website.
What are cookies?
You have probably noticed that since May 2018, a notification shows in nearly every website you visit for the first time. It informs you that the website collects information using cookies and asks you to allow that. But what exactly does that mean?
Cookies are small text files that websites place on your device as you are browsing. They are processed and stored by the web browser. Cookies are essential for every website to function properly, improve user experience and collect data for marketing and statistics purposes. If you consent to the Cookies policy, you agree on being tracked while browsing or having your data saved for the next time you visit the website. However, by law every website user must have the right to choose their “cookie preferences”. Besides some exceptions described later in this article, user data can’t be collected or used without the user’s consent.
Types of cookies
There are three classes of cookies, depending on their specifications:
- Duration
- Session cookies – these are temporary cookies that expire once you close the browser or your session ends.
- Persistent cookies – the duration of these cookies may vary, depending on the expiry date set into their code. According to the ePrivacy Directive, they should last for at most 12 months.
- Provenance
- First-party cookies – these are the cookies saved to your device directly from the website you are visiting.
- Third party cookies – these cookies are saved to your device by a third party website (e.g advertiser)
- Purpose
- Strictly necessary cookies – these are cookies which are essential for the purpose of the website. Such cookies hold your items in the shopping cart of an online shop, for example. As they are strictly necessary, the user does not have to consent to their use, but still needs to be informed about their existence and the way they work.
- Preferences cookies – when you save your username and password for future visits of a website, or select your preferred language, this data is stored in preferences (functional) cookies.
- Analytics cookies – the purpose of these cookies is to measure the performance of the website. While this includes third party cookies that track your activity on the website, the data can only be used by the sole owner of the website. The collected information is anonymous and therefore can not identify you.
- Marketing cookies – these are mostly third-party cookies, used by advertisers to provide more relevant advertising or to control how many times a user sees certain ad. These are persistent cookies and the collected data can be shared with other organisations.
GDPR and ePrivacy directive
GDPR
The General Data Protection Regulation (GDPR) does not say much about the cookies:
“Natural persons may be associated with online identifiers provided by their devices, applications, tools and protocols, such as internet protocol addresses, cookie identifiers or other identifiers such as radio frequency identification tags. This may leave traces which, in particular when combined with unique identifiers and other information received by the servers, may be used to create profiles of the natural persons and identify them.”
Simply put, this means that companies do have a right to collect and process personal data, as long as they get consent or they have legitimate interest.
As a website owner, violation of GDPR may cost you a fortune, so it is essential that you don’t collect data illegally.
ePrivacy directive
The purpose of the ePrivacy directive, also known as the Cookie law, is to secure the user’s privacy through data protection. It is all about what companies, website owners and service providers can do with your consent and what they are not allowed to do without it.
Unfortunately, a lot of the websites only inform you that they use cookies and the single choice left to the user is “OK”, meaning that your data will be used in any case.
How to be cookie compliant?
If you are a website owner, you must make sure that the following requirements are covered by your website’s cookie extension:
- You need user’s consent to use any cookies except strictly necessary cookies.
- You have to provide clear information about what information is being collected through each cookie and how is the data used.
- You need to store all users’ consents.
- You should still allow your users to access your website, even if they did not agree on the use of cookies.
- You should provide as easy way for the users to withdraw their consent as it was when they agreed on the cookies.
Conclusion
Many companies have already suffered the consequences of cookies not being compliant. While some websites only get a request for adding the cookie pop-up, others get fines which are not to something to underestimate. Besides, your website’s visitors thrust you when they visit your website – why punish them by stealing their data?
Now that you’re aware of how important cookies and their proper use are, you have no excuse but to make sure you are all set cookie-wise. The good news is that we at boldit.studio have a solution to that and if we are going to build your website, it will be 100% cookie-proof. Because, well, we love cookies 🙂
“People have got to learn: if they don’t have cookies in the cookie jar, they can’t eat cookies.”
~ Suze Orman, personal finance expert