By Chloe Parker
Industry and regulatory changes are shaking up the world of digital marketing. These changes mean that many website owners are no longer compliant when collecting and storing data through cookies.
Read on to find out everything you need to know about cookies…
Firstly, what is a cookie?
HTTP Cookies (we’re not referring to the edible kind) are small data blocks. They are downloaded on to a computer or device and collect information about each user’s ‘session’ on a website.
Cookies identify users to help website owners collect data, with a goal of improving the website browsing experience on your site.
This may sound a bit daunting, but overall cookies are helpful for website users. They retain data such as login details, so you don’t have to log in every time you enter a site. They also hold the data on what’s in your shopping basket if you click off the page and need to get back.
Overall, the internet wouldn’t function the way it does today without cookies.
There are different types of cookies you can outline in the policy, including:
- Essential cookies
- Performance cookies
- Targeting cookies.
Whilst you may not require consent for all of them to be tracked (such as the essential cookies), you still need to disclose that you will be using them to collect data.
What is a cookie banner?
A cookie banner is a pop-up notice that is displayed on websites. It requests user consent for the placement of cookies on their device. This is often managed by a Consent Management Platform (CMP).
To comply with PECR, users should be able to see and interact with your consent mechanism when they first visit your website. This does not need to be repeated every time the same person visits your website. But you are required to have a link on your site so the user can return to your CMP to amend their preferences at any time.
The cookie banner should stop any cookies from firing until the user has acted on your cookie banner.
So, why should you check your cookie banner?
There are requirements each website must meet for your cookie banners to be compliant. These include:
- Giving the user the option to accept or reject all non-essential cookies, with both options having equal prominence
- Providing the option to select or deselect any non-essential cookies
- Providing clear and comprehensive information
- Having a separate cookie ‘consent’ mechanism from other terms and conditions.
It is no longer considered compliant to serve a notice-only cookie banner. This informs the users about cookie usage but does not request consent for the cookies to load.
If you don’t comply as a business in the UK, you risk enforcement action from the Information Commissioner’s Office (ICO). This is the UK’s independent regulator. You could also face a fine of up to £500K for failure to comply with PECR. And under the UK GDPR and DPA, fines of £17.5m or 4% of annual worldwide turnover – whichever is greater – may be applicable.
What steps can you take now?
- Check your policies – do you provide clear and comprehensive information?
- Make sure users can manage their preferences – users must be able to update their choices
- Consider whether you have consent for your intended purposes – consent must be specific and informed
- Be aware of the changing laws – there are upcoming changes all the time such as a new data reform bill and browser-based cookie settings.
How AB Brand and Marketing can help
Our in-house digital marketers and developers can work with you to:
- Look at whether your cookies fire before users have consented
Get in touch today and let’s chat about your cookies!