Five key things to do to achieve cookie compliance

Stine Mangor Tornmark
Written by
Stine Mangor Tornmark
March 12, 2020

Your website is one of your most valuable assets. It is a way of attracting customers, and also getting to know more about the people who visit your site, sign-up to your service and buy your products. Placing cookies is crucial in this context.

Cookies can provide insights into which activities support growth and revenue best and where to focus time, effort, and ad spend. However, with the California Consumer Privacy Act, EU cookie directive, and a new cookie regulation on its way in Europe, the requirements for consent and compliance are increasing. Data authorities around the world have started to issue fines against companies with non-compliant cookie-banners, which has only increased the incentive to do the right and compliant thing. But, where do you start, in the journey to compliance?

We have outlined the 5 key things you need to do in order to collect cookie consents the right way.

1. Make sure you have a cookie policy

To be compliant, you have to define and inform your website users about your cookie practices. This is done through your cookie policy. This policy must include information about;

  • which types of cookies you use,
  • the purpose of each cookie type,
  • the cookie expiration date,
  • which cookie service providers you use,
  • whether the cookies are first or third party.

Remember that the cookie policy must be accessible on your website and in your cookie banner.

2. Make sure you have a privacy policy

A privacy policy describes how you are processing your users’ personal data. The policy is necessary because you are collecting personal data about your users when you are using cookies.

A privacy policy should outline:

  • how you will process your users’ personal data,
  • which data you are collecting about them,
  • what you will do with the data,
  • who you will share it with,
  • for how long you keep it,
  • and how you will keep it safe and secure.

The policy needs to exist as a separate page on your website. You must link to this whenever you collect data about your users, e.g., when they are signing up for your service.

3. Make sure you have a cookie banner

We all know the cookie banner, the pop-up that greets us whenever we enter a new website. This is the form where your user accepts or rejects your use of cookies, e.g cookies for statistics. You cannot legally start to track your users before they have consented to this.

You must always include the following information in your cookie banner:

1) what the purpose of the cookie is

2) the expiration of the specific cookies

3) what cookie services providers you are using

4) the types of cookies you are using

5) you must give your users the option to say “yes” or “no” to the specific cookies/purposes.

Finally, the information in the banner must be written in a way that is easy to understand, and you cannot pre-tick the consent options for the user. It must be left up to the user to tick the boxes.

4. Your users must be able to change their settings

You have to make sure that it is easy for your users to change their cookie consent settings at any given time. When they retract a given consent, this must be respected, and tracking must stop immediately. A user must still be allowed to use or access your website, regardless of whether they have consented to any of your cookies.

5. Documentation, documentation, documentation

One of the most important aspects in achieving compliance is documentation. You have to be able to prove the steps you have taken to be compliant, by documenting and storing the consents you have obtained. If you don’t have adequate documentation in place, then essentially any consent you may have obtained does not exist in the eyes of data authorities.

Collect and store cookie consents the right way with Openli

We know how frustrating it can be to keep track of your cookie consents. That’s why we have built a cookie consent solution to help you obtain, track, process, and store compliant cookie consents.

We have built a cookie solution with compliance in mind, where the user is asked for consent, at a time where it actually provides value for them - and you.