What should I expect from a cookie banner

what should I expect from a cookie banner?- CookieScan

Without the banner, it would be a data-fest for these companies, and you would be bombarded with advertising material from every angle.

Cookie banners are designed to protect your rights as an individual. They are there to prevent the website owners, browsers, search engines and large social media companies from harvesting your data to use in ways you could not imagine.

Without your knowledge or control, your data would be used in AI algorithms, by statistics companies, etc.

Is this a world you would like to live in?

Is it GDPR that controls Cookies?

No, the Privacy and Electronic Communications Regulation (PECR) and the ePrivacy Regulations are the two primary laws in the United Kingdom and Europe that control cookies, not GDPR.

The link with GDPR is the definition of consent. PECR and ePrivacy have stated they will use the exact definition for consent as laid out in GDPR.

GDPR does not mention Cookies, Pixels, Beacons or any other tracking technology in the law anywhere.

So, when you see something about GDPR controlling what happens with Cookies, you now know it is wrong. GDPR only provided the meaning for consent, which is:

“consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by clear affirmative action, signifies agreement to the processing of personal data relating to him or her”

What should a banner do about cookies?

It is simple, really. When you first visit a website, the banner should appear informing you that cookies are being used on the site.

The cookies should be split into appropriate categories to inform users what they are for.

Main cookie categories

Essential – these cookies are there to help with the website’s main functionality. Without these cookies, the site would not work.

For example, an e-commerce website needs a shopping basket. The cookie that remembers what the user put into the basket is essential. If this cookie were not consented to, the e-commerce site would not work if it is not put into this category.

The law allows essential cookies to be placed without the users’ consent. It is for the data controller (website owner) to justify why they have deemed the cookie as essential if challenged.

Other cookies are essential and control the font size, colour theme, picture display, and some videos. Anything that makes the website usable for the user.

Marketing – This is self-explanatory. These cookies remember your search terms, what sites you look at, what items you look at and send you adverts based on your interests.

They build up a profile on your interests and send you items they think you will buy.

Have you ever looked up something out of the ordinary on the internet, and a few days later it appeared on your FaceBook page as an advertisement.

That is down to marketing cookies.

Statistic – These cookies collect information about what pages you viewed, how long you spent on a page, what country you come from, what device you use, your browser, how you found the site, and what search terms you used to find the site and so on.

The personal data collection is your IP address and, in some cases, your location and GPS information.

Preference – This is all the information about how you want to interact with a site, the font size, theme, special arrangements for a disability etc.

Unclassified – There is a considerable amount of unclassified cookies out there. No one knows what they do, but websites use them.

They have been created for a reason, but the reason has not been made public.

This is a massive issue for cookie management systems (CMS) and data subjects. Most CMS providers will not list unclassified cookies on the banner, so you have no idea what information they are collecting or how long they remain active on your device.

What else should a banner do?

The banner should do a lot more than just list cookies. The guidance of Supervisory Authorities like the ICO in the UK, CNIL in France or the Information Commissioner in Ireland is unambiguous.

The banner should also:

  • Tell you what each cookie does. In simple terms, the function of the cookie should be explained so the user has an idea of what it will do if it is allowed to be loaded onto the user’s device.
  • Who provided the cookie. This can be the website itself or a 3rd party like Google. No matter what, the banner should let the user know who has provided the cookie to the website and who will load the cookie onto the user’s device.
  • The expiry date. This is very important. The banner should tell the user how long the cookie will remain active once allowed to be loaded on the user’s device. Some cookies we have found have an expiry date of 9999 years, a ridiculous amount of time.

How can I change my mind?

The law says it must be as easy to withdraw consent as to give it. The CMS should allow the user an easy method to re-establish the banner and change their preferences.

Once you make your initial selection, some banners vanish and can never be seen again. Always check that you can change your selection before giving consent.

TIP – Deny all cookies and see what happens to the banner. If it places an icon on the bottom of the screen that, when clicked, opens the banner again so you can change your preference, it is a good CMS.

Put in your desired preference, then.

I own a Website; what CMS should I use?

CookieScan™ does everything I have explained above and more. It will scan your website regularly to ensure no additional cookies have appeared.

It will automatically generate a Cookie Notice for users to read with your site’s updated list of cookies.

It put unclassified cookies into their category, allowing users to deny consent as no information can be provided.

CookieScan™ is the only CMS to bland data privacy rights with the banner and allow site users to make subject access requests to the data controller using the features on the banner.

Not only subject access requests, any of the seven data protection rights, plus the CCPA right not to sell data.

CookieScan™ will recognise the country the site is being viewed in and automatically apply that country’s cookie requirements to your website. So, if no consent for cookies is needed, consent will not be asked for.

Try it for free, either our Standard account or our Premium account for 30-days.

Ensure your website is PECR and ePrivacy compliant

Create a FREE CookieScan account today and start managing your cookie consent.

Get Started