The Cookie Law
The Information Commissioners Office (ICO), provided clarification regarding the GDPR cookie regulations in July 2019 and many other Data Protection Authorities (DPAs) across Europe have followed suit. Whilst there are some minor differences across countries, they all agree on the following:
a)You must tell people if you set cookies, and clearly explain what the cookies do and why
b)You must also get the user’s consent. Consent must be actively and clearly given.
c)There is an exception for cookies that are essential to provide an online service at someone’s request (e.g. to remember what’s in their online basket, or to ensure security in online banking).
Why Now?
The law has been clarified and enforcement across Europe has begun…but it’s about much more than avoiding fines. It’s an opportunity for brands to earn trust, encourage visitors to give consent and provide a positive user experience in return. As this article by Janus Boye explains, “trust is a prerequisite for great customer experiences”.
Practical Steps for Direct Commerce Organisations
1: Don’t assume compliance
Website owners should not be setting non-essential cookies before visitors have consented. Instead, website owners should be confirming the purpose of each ‘essential’ cookie and ensuring that they meet the regulators definition of an ‘essential’ cookie. No further cookies should be set until consent has been given.
2: Review the user-experience
Website owners should be aiming for consistency across sites so that visitors don’t get confused. At the same time, they shouldn’t expect visitors to wait while a consent management system opts out of cookies before offering the content or be redirected to different pages for more information. And, most importantly, they shouldn’t ask the user for consent and preferences, only to ignore them. See our recent article for more on user-experience.
3: Risk Assessment – Use the anonymous cookies checker
Do a quick assessment of your website(s) for the likely level of privacy risk using the Risk Calculations Engine (RICE) at www.rethinkingprivacy.com This free tool allows users to find out what cookies are actually being set by a website, ahead of visitors’ consent being gained and returns results in about 90 seconds.
4: Review current CMP deployment
You will need a cookie Consent Management Platform (CMP) that helps you earn trust. You may have a CMP deployed currently but very few are up to the job, as this recent report shows, with more than 89% of UK websites non-compliant. It’s imperative to utilise a CMP that provides clear options for opting in or out and makes getting information about cookies simple.
5: Get your CMP RFP Template
In light of the above, many organisations are reviewing their CMP implementations and rethinking privacy. To help with this, Privacy & Cookies (P&C) has developed an RFP template which will be available to download via the P&C website shortly. If you would like me to send you a copy directly in advance, please email me at randrews@rethinkingprivacy.com with ‘RFP’ in the subject line.
About Privacy & Cookies | rethinking privacy.
We offer a proven, compliance-led Consent Management Platform that is focused on gaining visitor trust and earning consent. Our automation removes inconsistency and offers secure, efficient, fully scalable deployment. P&Cs clients include the world’s largest single deployment with thousands of websites across hundreds of countries.
Share