Internet cookies are set on users’ browsers by websites, and from there, they can track and monitor the users.
What laws your website must obey depends on a variety of factors, such as the type and purpose of your website, what sector it belongs to, your location, and where your users come from.
On 25 May 2018, the EU enforced the most strict and encompassing regulation for data protection ever formulated. The General Data Protection Regulation (GDPR) affects all types of websites and blogs, that have users from the EU.
This means that even if your website is based in e.g. the US or Asia, the regulation applies to you, if you have EU citizens amongst your users.
Next in line from the EU is the ePrivacy Directive, which is in the process of becoming an actual regulation.
See the world map of data protection laws by the law firm DLA Piper for a visual overview of protection laws defined by geography.
Personal data in the GDPR is any information relating to a person, directly or indirectly, including data regarding their “physical, physiological, genetic, mental, economic, cultural or social identity” (Article 4 in the law text).
Within this broad definition, cookies that track users’ location or IP address, hold contact information or invoicing details, or that process data about their habits, interests and online behaviour, are all subject to the GDPR.
If you have any such cookies in operation on your website, you need your users’ consent prior to the setting of the cookies.
For the cookie consent to be compliant, it has to meet the following GDPR and ePrivacy requirements:
See Article 7, Conditions for consent, for the original phrasing in the GDPR.
In reality, cookies in and of themselves cannot be compliant. It’s what you do with the cookies that matter, e.g. that they are paused until proper consent has been obtained for their operation, and that the data they track is sent to adequate countries, etc.
To meet the requirements and obtain full cookie compliance on your website, you need to implement the following on your website:
You can develop and maintain these elements yourself, or you can subscribe to a consent management tool that takes care of these processes for you.
Cookiebot is a fully compliant consent management solution for your website featuring the following functions:
Read more about the functions on Cookiebot’s functions page.
Many website owners themselves don’t have the complete picture of what cookies are in operation on their own website.
This is due to the nature of cookies: They can be of first or third party provenance, be temporary or permanent, and serve a vast number of different purposes.
In other words, website cookies are numerous and inconsistent, and getting an insight once and for all won’t do, as they tend to change often.
Try our website scan, if you are in doubt about the cookies on your website.
The free version audits up to five pages of your website and sends you a complete report about the cookies and known tracking technologies in use on these pages, including information about their provenance, duration and purpose.
Sign up to Cookiebot if you want a complete and regular scan of all of the pages on your site. With Cookiebot, you can easily take care of all of the aspects of your website cookies, so that their use is compliant with data protection regulations and privacy laws.
A compliant cookie message gives full transparency and disclosure about the cookies in operation on the website, without overwhelming the user (this is an actual requirement in the GDPR).
The compliant cookie message informs the user about what cookies are in operation, for what purpose, their duration and their provenance, along with the possibility to prevent them from being launched.
The compliant cookie message displays on the website upon the user’s first visit to the site, and then again, if the user has consented to cookies, upon the user’s first renewed visit once 12 months have elapsed (the GDPR only requires the consent be “regularly renewed”, the ePrivacy Directive suggests once a year).
Here is one of Cookiebot’s cookie message templates:
The user can opt in and out of the different categories of cookies directly in the banner. Detailed information about all of the cookies folds out directly from the banner: