By Paul Byrne, chief executive, CookieScan
YOU may have heard about cookies and your requirements to comply with GDPR, relating to how cookies are used on your website. However, you will not find the word ‘cookie’ in GDPR because this regulation does not govern how cookies are to be used; it only provides the meaning of ‘consent’.
The ePrivacy Directive (better known as the Cookie Law), governs legislation to be implemented within EU member states. Under current UK legislation, the Privacy and Electronics Communication Regulation controls cookies and their use, among other things.
What is a Cookie?
Do cookies contain personal data?
Consent must be:
• Given through a clear affirmative action, such as clicking an opt-in box or choosing settings or preferences on a settings menu. Simply visiting a website does not count as consent.
• Given freely and genuinely.
It must be as easy to withdraw consent as it is to give it.
Do I have to comply with the Cookie Law?
The short answer is yes.
If you target and offer goods and services to residents in the EU or UK, you have to comply with that individual country’s Cookie Law. You are required to:
• Obtain consent before deploying a cookie on the user’s device.
• Provide clear information about the category of cookie, what the cookie does, who provides it and how long it will stay active on the device.
• Make it as easy to withdraw consent as it is to give it.
• In most countries, the site owner is required to keep a log of consent provided by the user in case they are contested.
• Provide a Cookie Notice giving information about cookies, the type of cookie used and what they do.
Fines of up to £500,000 can be imposed for non-compliance. Authorities in Ireland, Spain, Germany, Denmark and France are starting to investigate non-compliance with the Cookie Law and imposing fines for improper use.
What about the Channel Islands?
Currently, Jersey has no legislation regulating how cookies are used. Best practice would be to inform website visitors that cookies are used and to ask for consent. On the other hand, Guernsey has incorporated the Cookie Law requirements into local legislation; therefore compliance, as outlined above, is legally required.
How can I comply with all these requirements?
CookieScan provides an appropriate pop-up/banner. It informs site visitors that cookies are being used, what the cookie does and how long it remains on your device. The site visitor chooses whether to consent to the cookie or not and saves their preference. CookieScan will remember this chosen preference for any subsequent visits made to the website, from the same device.
CookieScan records the consent given by each user and saves them for the site owner in case they are needed. The site owner can customise CookieScan to the same colour theme of the website, select the pop-up/banner type, use Google Tag Manager, Google Consent Mode, or geo-location mode. This recognises the country in which the website is being viewed and displays the appropriate pop-up/banner to comply with that country’s cookie law.
These features are provided for a cost of just £5 per month, a small amount to pay for total compliance with any of the cookie requirements. Visit cookiescan.com for more information.