€10 Billion lawsuit for misuse of marketing cookies
Class-action lawsuits filed in the UK and Netherlands will accuse tech giants Oracle and Salesforce of breaching GDPR in the way they…
Read MoreIn-depth blogs, how-tos and compliance strategies on privacy laws and guidelines
The ePrivacy Directive (also known as EU cookie law) sets out guidance on protecting the personal data of users online, especially around the use of Cookies on websites. It enforces the importance of protecting the personal information of users online from online tracking, personal profiling, unsolicited marketing tactics, and collection of personal data by third parties without the users’ consent.
The ePrivacy Directive is applicable in all European Union member States and implemented in their own way. Under the General Data Protection Regulation (GDPR), cookie consent is required from the user to put cookies onto their device.
To be GDPR cookie compliant, website owners are required to obtain cookie consent from the user when putting cookies onto a device. In this article we will discuss the use of cookies, what you need to do to ensure your website is compliant with EU Cookie Law and GDPR, the importance of a Cookie Policy and Cookie Banner for your website, and how CookieScan can help your business achieve compliance!
There is no mention of “cookies” within GDPR. However, the use of consent in GDPR is applied to the cookie law, so they work hand in hand. The EU cookie law sets specific guidance concerning privacy and electronic communications around the use of cookies, whereas the GDPR gives guidance on the general collection of personal data. The EU cookie law takes into account GDPR’s standards for consent, which means that cookie consent is needed for certain cookies that are put onto a user’s browser.
Get all your consent worries out of the way by using CookieScan. CookieScan will collect the consent provided by your website users and record them for you. If needed you can request the consent log for your site, very handy if you have to defend your company against a wrongful marketing complaint.
As mentioned, to put cookies onto a user’s device, user consent is required. GDPR and EU Cookie Law go hand in hand, so the rights of the user need to be considered when putting cookies onto a user’s device. By law, all website users have the right to decide their cookie preference settings, this gives the user more control of their personal data privacy online and how the personal information collected from them will be used.
There are different types of cookies, and some don’t require user consent. This depends on the purpose of the cookies. For example, Strictly necessary cookies are necessary for the general running of the website.
Without these cookies, the website would not be able to function. For strictly necessary cookies, cookie consent is not required. But, where cookies are not essential for the general running of the site and are used for tracking a user’s activity for analytical and marketing purposes, you need to have user consent before you can put them onto a user’s device.
The following cookies require cookie consent from the user:
CookieScan will set the appropriate pop-up on your site depending on the country the site is being viewed in. This Geo-location feature is available to all Standard account holders and can be turned on and off in your admin dashboard.
To comply with both GDPR and the EU Cookie Directive, organisations need to inform users of the website’s use of cookies. You must clarify what cookies are active on the site, the purpose of each cookie, what personal data is being collected, and how long the cookie will remain on the user’s device. Cookie Consent will be required for most cookies on the site, so the option to accept, decline, and manage cookies is needed for each user.
Each website GDPR cookie compliance requires:
CookieScan can help you to achieve compliance with GDPR and Cookie law! First, our CookieScan platform will complete a scan of the cookies operating on your website, our database will then automatically categories your cookies, and build your own compliant Cookie Notice and Cookie Banner for your website. CookieScan will regularly update your cookies descriptions if they change and the use of our portal will help you easily manage your account. CookieScan makes compliance with Cookie Law and GDPR quick and simple!
CookieScan provides all of this, a fully automated Cookie Notice or Policy, a full description of the cookies used by your website, their purposes and the time they are active on your device.
To ensure GDPR cookie compliance, you need to be doing the following on your website:
To ensure the compliance of your website in each of these areas, CookieScan will ensure you have a comprehensive cookie banner and cookie policy that complies with cookie regulations and is put in simple language and easy to read format for every user. The use of your own Portal will enable you to access and update cookie preferences and settings on your website easily.
To ensure compliance with GDPR on your website you must explain to the user how their personal data is processed in an accessible and easy-to-read manner. The best way to do this is by the use of a Privacy Policy that explains to the user what personal data your organisation processes on your customers and how their data is used. This does not just apply to cookies, but rather the collection of personal data throughout the entire organisation.
It is important to consider the following when creating a Privacy Policy that is GDPR compliant:
If your website targets individuals within the EU, you must comply with GDPR. Also, If your website targets individuals in the US, specifically in California, you must comply with the California Consumer Privacy Act (CCPA). In many cases, websites will target individuals in all these jurisdictions, so compliance with both these laws is essential.
What is the California Consumer Privacy Act (CCPA)? The CCPA was effective on 1st January 2020. Currently, the only Data Protection law in the US! Much like GDPR, the CCPA sets guidance on how businesses from all over the world can collect, store and process the personal data of those in the state of California.
While CCPA doesn’t require businesses to gain opt-in consent for cookies, it does require them to disclose what data is being collected by cookies and what is done with the data. The law aims to protect individuals from the resale of their personal data to third parties. These requests can be made in a similar way to a Data Subject Access Request.
To comply with both GDPR and CCPA you must consider both laws when aiming to achieve compliance. Within your Privacy Notice and Cookie Policy, it is important to reference both laws and demonstrate your compliance with them. Both laws are similar, both state the website must specify the cookies that are in use (first and third-party cookies), the purpose of processing, what personal data is being collected, and the option for the user to opt-out of the use of certain cookies and make a DSAR request when required.
CookieScan will help you make your website compliant with any countries cookie requirements. We are even going to go a step further, CookieScan will soon help you with your data protection compliance and offer your site users an easy way to request their data from you. The pop-up will have a feature to allow the site user to put in a ‘do not sell my data’ complying with the CCPA requirements, put in a data subject access request, and any of the other rights you have under GDPR.
Show your site users how serious you are about protecting their data.
CookieScan will help you ensure your website cookie disclosure is in full compliance with ePrivacy and GDPR. Our platform will complete a scan of the cookies on your website, then our database will automatically categories your cookies, and build your own compliant Cookie Policy and Cookie Banner for your website.
CookieScan will regularly update your cookies descriptions if they change and the use of our portal will help you easily manage your account.
If you want to see what CookieScan is like for yourself, try out our 30-day trial!
Begin your journey to cookie compliance with our easy-to-follow guides.
Class-action lawsuits filed in the UK and Netherlands will accuse tech giants Oracle and Salesforce of breaching GDPR in the way they…
Read MoreIf we start with what a cookie is and what cookies are used for; A computer “cookie” is more formally…
Read MoreIt’s 2022, and the dynamic Data Protection world has seen substantial changes in using Google Analytics (cookies) in the European…
Read More