Cookies can provide insights into which activities support growth and revenue best and where to focus time, effort, and ad spend. However, with the California Consumer Privacy Act, EU cookie directive, and a new cookie regulation on its way in Europe, the requirements for consent and compliance are increasing. Data authorities around the world have started to issue fines against companies with non-compliant cookie-banners, which has only increased the incentive to do the right and compliant thing. But, where do you start, in the journey to compliance?
We have outlined the 5 key things you need to do in order to collect cookie consents the right way.
To be compliant, you have to define and inform your website users about your cookie practices. This is done through your cookie policy. This policy must include information about;
Remember that the cookie policy must be accessible on your website and in your cookie banner.
A privacy policy describes how you are processing your users’ personal data. The policy is necessary because you are collecting personal data about your users when you are using cookies.
A privacy policy should outline:
The policy needs to exist as a separate page on your website. You must link to this whenever you collect data about your users, e.g., when they are signing up for your service.
We all know the cookie banner, the pop-up that greets us whenever we enter a new website. This is the form where your user accepts or rejects your use of cookies, e.g cookies for statistics. You cannot legally start to track your users before they have consented to this.
You must always include the following information in your cookie banner:
1) what the purpose of the cookie is
2) the expiration of the specific cookies
3) what cookie services providers you are using
4) the types of cookies you are using
5) you must give your users the option to say “yes” or “no” to the specific cookies/purposes.
Finally, the information in the banner must be written in a way that is easy to understand, and you cannot pre-tick the consent options for the user. It must be left up to the user to tick the boxes.
You have to make sure that it is easy for your users to change their cookie consent settings at any given time. When they retract a given consent, this must be respected, and tracking must stop immediately. A user must still be allowed to use or access your website, regardless of whether they have consented to any of your cookies.
One of the most important aspects in achieving compliance is documentation. You have to be able to prove the steps you have taken to be compliant, by documenting and storing the consents you have obtained. If you don’t have adequate documentation in place, then essentially any consent you may have obtained does not exist in the eyes of data authorities.
We know how frustrating it can be to keep track of your cookie consents. That’s why we have built a cookie consent solution to help you obtain, track, process, and store compliant cookie consents.
We have built a cookie solution with compliance in mind, where the user is asked for consent, at a time where it actually provides value for them - and you.