Cookies: What are they all about?

By Paul Byrne, chief executive, CookieScan

YOU may have heard about cookies and your requirements to comply with GDPR, relating to how cookies are used on your website. However, you will not find the word ‘cookie’ in GDPR because this regulation does not govern how cookies are to be used; it only provides the meaning of ‘consent’.

The ePrivacy Directive (better known as the Cookie Law), governs legislation to be implemented within EU member states. Under current UK legislation, the Privacy and Electronics Communication Regulation controls cookies and their use, among other things.

What is a Cookie?

Typically, cookies are small text files that are stored on your device. Cookies are created when you use your device to visit a website that uses cookies to keep track of your movements within the site. Cookies help you to resume where you left off, remember your registered login, theme selection, preferences and other customisation functions. Cookies are also used for marketing and analytical data. It is fair to say that most websites use cookies in one form or another.

Do cookies contain personal data?

If you use cookies to uniquely identify a device or the person using that device, it is defined as personal data under the GDPR. This means that cookies used for analytics, advertising and functional services fall within the Cookie Law. To be compliant (in most countries), you will need the consent of the site visitor to place cookies on their device before doing so.

Consent must be:

• Given through a clear affirmative action, such as clicking an opt-in box or choosing settings or preferences on a settings menu. Simply visiting a website does not count as consent.

• Given freely and genuinely.

It must be as easy to withdraw consent as it is to give it.

Do I have to comply with the Cookie Law?

The short answer is yes.

If you target and offer goods and services to residents in the EU or UK, you have to comply with that individual country’s Cookie Law. You are required to:

• Obtain consent before deploying a cookie on the user’s device.

• Provide clear information about the category of cookie, what the cookie does, who provides it and how long it will stay active on the device.

• Make it as easy to withdraw consent as it is to give it.

• In most countries, the site owner is required to keep a log of consent provided by the user in case they are contested.

• Provide a Cookie Notice giving information about cookies, the type of cookie used and what they do.

Fines of up to £500,000 can be imposed for non-compliance. Authorities in Ireland, Spain, Germany, Denmark and France are starting to investigate non-compliance with the Cookie Law and imposing fines for improper use.

What about the Channel Islands?

Currently, Jersey has no legislation regulating how cookies are used. Best practice would be to inform website visitors that cookies are used and to ask for consent. On the other hand, Guernsey has incorporated the Cookie Law requirements into local legislation; therefore compliance, as outlined above, is legally required.

How can I comply with all these requirements?

If you are looking for a simple answer, use CookieScan. This is a total cookie-management system that scans your site regularly for cookies and creates an automatically updated cookie notice.

CookieScan provides an appropriate pop-up/banner. It informs site visitors that cookies are being used, what the cookie does and how long it remains on your device. The site visitor chooses whether to consent to the cookie or not and saves their preference. CookieScan will remember this chosen preference for any subsequent visits made to the website, from the same device.

CookieScan records the consent given by each user and saves them for the site owner in case they are needed. The site owner can customise CookieScan to the same colour theme of the website, select the pop-up/banner type, use Google Tag Manager, Google Consent Mode, or geo-location mode. This recognises the country in which the website is being viewed and displays the appropriate pop-up/banner to comply with that country’s cookie law.

These features are provided for a cost of just £5 per month, a small amount to pay for total compliance with any of the cookie requirements. Visit cookiescan.com for more information.

– Advertisement –
– Advertisement –