Logo Logo
Cookiebot

 

The General Data Protection Regulation (GDPR) and the ePrivacy Directive (ePR) affect how you as a website owner may use cookies and online tracking of visitors from the EU.

 

Try our free compliance test to check if your website’s use of cookies and online tracking is GDPR/ePR compliant.

GDPR compliance is the new reality for websites across the world: cookie compliance is the new law of the digital lands.

Is your website GDPR compliant?

What are the risks of non-compliance? 

And what's the deal with cookies?

In this article, we'll circle the topic of GDPR compliance, and enlighten you on your legal and ethical responsibilities as a website owner and/or operator under the new law of the digital lands.

Stay with us.

GDPR compliance: what are the rules for the use of cookies?


Cookies are set on a user's browsers by websites to track and monitor their behavior.

That’s why the use of cookies and similar tracking technologies are subject to rules and regulations protecting personal data and privacy.

What laws your website must obey depends on a variety of factors, such as the type and purpose of your website, what sector it belongs to, your location, and where your users come from.

The General Data Protection Regulation (GDPR) was enforced in May 2018 and affects all types of websites and blogs that have users from the EU.

This means that even if your website is based in e.g. the US or Asia, the regulation applies to you, if you have EU citizens amongst your users.

See the world map of data protection laws by the law firm DLA Piper for a visual overview of protection laws defined by geography.

As a website owner it is your responsibility to bring your website up to GDPR cookie compliance. You are legally responsible to handle your users' data as required by the GDPR. 

GDPR compliance checklist for use of cookies

Your website may use cookies, but you need to have your users’ consent to it first. Or, alternatively, have another lawful reason for processing data. In most cases (such as marketing and analytics cookies) however, consent is the only lawful reason that applies.

Personal data in the GDPR is any information relating to a person, directly or indirectly, including data regarding their “physical, physiological, genetic, mental, economic, cultural or social identity” (Article 4 in the law text).

Within this broad definition, cookies that track users’ location or IP address, hold contact information or invoicing details, or that process data about their habits, interests and online behavior, are all subject to the GDPR.

If you have any such cookies in operation on your website, you need your users’ consent prior to the setting of the cookies.

Here is a nifty GDPR checklist to move you toward GDPR cookie compliance --

See Article 7 (conditions for consent) for the original phrasing in the GDPR.

Cookies & GDPR - how do I get compliant cookies?

In reality, cookies in and of themselves cannot be compliant.

It’s what you do with the cookies that matter, e.g. that they are paused until proper consent has been obtained for their operation, and that the data they track is sent to adequate countries, etc.

Cookie compliance according to the GDPR is therefor not about the cookies themselves, but how you use them, how they operate on your website - and most importantly, whether you obtain prior consent from your users before activating them.

To meet the requirements and obtain full cookie compliance on your website, you need to implement the following on your website:

You can develop and maintain these elements yourself, or you can subscribe to a consent management tool that takes care of these processes for you.

Cookiebot is a fully compliant consent management solution for your website featuring the following functions:

Read more about the functions on Cookiebot’s functions page.

And click here to check out how our cookie scripts protect privacy on your website, if you're nerdy enough.

GDPR compliance checklist - website scan and consent by Cookiebot

Many website owners themselves don’t have the complete picture of what cookies are in operation on their own website.

This is due to the nature of cookies: they can be of first or third party provenance, be temporary or permanent, and serve a vast number of different purposes.

In other words, website cookies are numerous and inconsistent, and getting an insight once and for all won’t do, as they tend to change often.

Try our website scan, if you are in doubt about the cookies on your website.

The free version audits up to five pages of your website and sends you a complete report about the cookies and known tracking technologies in use on these pages, including information about their provenance, duration and purpose.

Sign up to Cookiebot if you want a complete and regular scan of all of the pages on your site. With Cookiebot, you can easily take care of all of the aspects of your website cookies, so that their use is compliant with data protection regulations and privacy laws.

What is a GDPR compliant cookie message?

A compliant cookie message gives full transparency and disclosure about the cookies in operation on the website, without overwhelming the user (this is an actual requirement in the GDPR).

The compliant cookie message informs the user about what cookies are in operation, for what purpose, their duration and their provenance, along with the possibility to prevent them from being launched.

Go deeper into compliant cookie texts here.

The compliant cookie message displays on the website upon the user’s first visit to the site, and then again, if the user has consented to cookies, upon the user’s first renewed visit once 12 months have elapsed (the GDPR only requires the consent be “regularly renewed”, the ePrivacy Directive suggests once a year).

Here is one of Cookiebot’s cookie message templates:

compliant cookie banner 
The user can opt in and out of the different categories of cookies directly in the banner. Detailed information about all of the cookies folds out directly from the banner:

Cookiebot banner displaying cookies grouped by categories 
Test your website and get a quote or sign up to Cookiebot directly, get hassle-free cookie compliance for your website today!

Resources


The GDPR (official law text)

The ePrivacy Directive (official law text)

World map of data protection laws by DLA Piper

Lawfulness of processing (Article 6 GDPR)

Conditions for consent (Article 7 GDPR)

Make your website’s use of cookies and online tracking GDPR/ePR compliant today

Try for free