Cookie Consent: Everything You Need to Know

Image by Tumisu from Pixabay

Cookies (the internet kind) have become an ubiquitous presence on the internet, thanks to the ever-growing data privacy regulations across the world. Most often, we see cookie popups and simply click ‘Agree’ to dismiss the popup and continue browsing. But, cookies deserve your attention as they are intrinsically linked to your online presence and in many ways affect your privacy. Let’s first see what cookies are and how they play a part in our digital lives.

What are cookies?

Cookies are small data files that a website stores on a user’s device (desktop, mobile, tablet etc.) for accomplishing a range of different purposes like remembering your device information, website login, shopping carts, site preferences, location data, and so on.

Cookies are often an indispensable component for the functioning of a website. These cookies called strictly necessary cookies are essential for a website to provide basic features like user registration, shopping carts, wish lists, e-payments, etc. to the users. Some others like tracking cookies are used by websites to track the activities and behaviours of users online to display targeted advertisements and track the browsing activities of users across the web.

Cookies and user privacy

Cookies used for advertising, marketing purposes can follow you around the web and serve up personalized ads based on your browsing history. These types of cookies are often persistent in nature and are usually installed on a user’s browser by third parties. Such cross-site tracking results in third parties collecting your browsing data across multiple websites.

Over a long period of time, these cookies can collect a lot of your personal information that may be invasive. This gave rise to increasing data privacy concerns among users. In order to address such issues, the member countries of the European Union (EU) and European Economic Area (EEA) amended the existing ePrivacy Directive(ePD) in 2009 and passed the General Data Protection Regulation (GDPR) in 2018.

Cookie consent in the EU

The ePrivacy Directive (or EU cookie law) and the GDPR work in tandem and require websites to get valid consent from users prior to their use of cookies. The ePrivacy Directive governs the use of electronic communications including cookies and the GDPR governs the use of personal data.

The Directive asks websites to get explicit consent for the use of cookies except for strictly necessary cookies. The exemption applies to cookies that are strictly necessary for a website to provide basic features like user registration, shopping carts, e-payments etc. to the user.

The GDPR classifies cookies as personal data and cookies are therefore subject to GDPR’s consent requirements for processing personal data. Consent according to the GDPR should be freely given, specific, informed and unambiguous indication given through affirmative action.

Cookie consent in the US

In the US, California Consumer Privacy Act (CCPA) governs the use of cookies, which are classified as unique identifiers that can constitute personal information.

The CCPA does not mandate opt-in consent for dropping cookies on a user’s device but has a provision for users to opt-out of the sale of personal information. Sale is defined as the selling, renting, releasing, disclosing, disseminating, making available, transferring of personal data. This means if the cookies on your website are used by third parties for advertising purposes, they can constitute a sale.

It’s therefore a best practice to make sure you’re giving users the ability to opt-out before setting cookies on their devices, especially cookies set by third-parties like advertisers.

How to implement cookie consent?

Implementing a cookie banner is the best and most effective way to get cookie consent. Adhering to cookie consent requirements will not only help you stay away from hefty fines but also helps build customer trust and loyalty. Here’s what you need to do to get cookie consent on your website and stay compliant with privacy regulations across the world.

1. Get active consent to set cookies

Users should have a free, genuine choice to accept or reject cookies. This means your cookie banner should have an option to accept as well as reject cookies. Users must be able to give specific, granular consent. This means cookie consent cannot be bundled with other terms and conditions or in the privacy policy. You should ask for explicit consent using a cookie banner or popup.

Pre-ticked boxes or ‘on’ toggles in a cookie banner does not represent a free choice. Similarly notice-only cookie banners without ‘Accept and ‘Reject’ buttons that offer no real choice to the user should not be used.

2. Provide clear information about cookie usage

Users must have clear information regarding what they are consenting to. The cookie banner should inform that a site uses cookies, the categories of cookies they use and their purposes. This way, the user can make an informed choice to either give or revoke consent.

The cookie banner should use plain language to explain what cookies are used, the information each cookie tracks, the duration of these cookies, the domains they are created by.

3. Provide the option to withdraw consent

Once the user consents to cookies, they should also be able to revoke/withdraw their consent at any time after. GDPR notes that it has to be as easy for the user to withdraw consent as it was to give consent. This means, there should be an easy way for the user to revisit their cookie preferences. Websites should display a widget to bring back the cookie banner with a click.

4. Block third-party cookies till the user consents

Prevent third-party cookies from running on your site until users consent. If you use a cookie consent solution like CookieYes, then this feature will be enabled by default. Your cookie banner will automatically block scripts like Google Analytics and other tracking pixels that you have in place until the end-user consents.

5. Record all user consents for proof of compliance

Websites should not just get consent, but should also record all user consents. They should be able to demonstrate that users have given consent, in case of scrutiny by data protection authorities. Proof of consent should include how and when consent was obtained, and the information provided to the user at the time of collecting consent.

6. Make cookie banners accessible

Consent banners and popups should be displayed on a user’s first visit to a website and their subsequent visits if they don’t take any action in the first visit. They should be optimized for devices such as desktops, mobile devices and tablets. As more and more people use devices like smartphones and tablets for browsing, a device-optimized banner is important for accessibility.

Checklist for cookie consent

Here’s what you need to keep in mind to achieve cookie compliance on your website.

• A cookie banner with transparent information about a site’s use of cookies.
• A cookie notice optimized for different devices.
• A banner that is available in languages as per the user’s preferences.
• Option to accept and reject the use of cookies with equal emphasis.
• Granular options to give consent to specific cookie categories such as functional, analytics, advertising.
• Cookie banner that automatically blocks cookies from storing till the user gives consent.
• Link to a cookie policy with detailed information on cookies, their purposes, duration and domain.
• A centralized record of all user consents for proof of compliance.
• A consent callback button, so users can change or withdraw consent anytime.

You can do all this and more with CookieYes, a cookie consent solution trusted by over 1.3 million websites worldwide for compliance with privacy laws like the GDPR, CCPA, LGPD and more. CookieYes will enable you to add a cookie banner to your site and manage user consent seamlessly. From website scanning, cookie auto-blocking, consent log to a cookie policy generator, CookieYes is an all-in-one tool that will help you effectively comply with cookie consent laws in the EU with ease.