The below questions and answers summarise this article for those who do not have the time to read in detail (although we strongly advise you do).
A: There is a high chance it does.
Q: Does it need to?
Q: Are there laws around Cookies?
Q: What are they?
A: You need to notify your website visitors about your website’s current cookies, the data they store and give them the option to participate or not.
Q: Are there risks to my business if I do not?
Q: How can I find out more and avoid these risks?
A: READ ON…and email email@example.com 🙂
What is a Cookie?
There are two main types of cookies, one temporary and one more permanent;
Session cookies – The session cookie is a temporary cookie. It stores information, via the website browser, in a temporary file location on the website visitors device. The common purpose of these cookies is to store information that is necessary for that visitor’s session only, such as shopping cart information or a visitor logging in. They are not necessary once the session has finished and therefore they are not retained after the browser is closed.
Persistent cookies – Persistent cookies store user information after the session has ended and the browser is closed, although they do have an expiration date. They are commonly used to help customise the visitor’s further website visits based on behavioural tendencies of previous visits.
There are a few main reasons why a website requires cookies and we have listed some common purposes below;
Customisation – The storage of cookie information means that users revisiting your website can have their experience customised based upon behavioural tendencies of their previous visits. Google Adwords and Google Analytics use these to assist with remarketing campaigns by which the cookie has store information based on what pages the user had previously visited.
Essential Site Functionality – Cookies help with common website functionalities that are today recognised as ‘standard’ functionality and are the types of functionality that make your visitor’s website experience more enjoyable. Keeping customers logged into your website for a certain session duration and storing shopping cart item information are both only possible thanks to cookies.
Data Storage Sharing – Cookies store a small amount of information based on the individual visitor, however all added together this potentially could be a lot more, depending on your average website sessions. If you were responsible for storing this information within server storage space you may find you need more storage, however this is not required because the cookie stores the information in the visitor’s device (computer/laptop/mobile phone for example) and only retrieves the information upon the next visit.
Security – Elaborating on the above point, if this data was not stored within a cookie file on the visitor’s device, then it would need to be stored on the server with your website and then you may become responsible for the safe storage and protection of that data.
What is the Cookie Law?
The General Data Protection Regulation (GDPR) came into force across the EU from 25th May 2018, and with it major press coverage! The cookie law now falls within the GDPR remit and therefore the importance to comply with it just took a major leap.
Taken from Recital 32.
Consent should be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the data subject’s agreement to the processing of personal data relating to him or her, such as by a written statement, including by electronic means, or an oral statement.
The two other basic steps for compliance are identification and notification.
How do I comply with the Cookie law?
Compliance requires consent, identification and notification as listed above. The most efficient way to get consent is with a cookie notification message such as the one we have installed our website (see screenshot below).
- Option 1) Create a cookie notification message within your website. Audit your website on a reasonably regular basis to identify new cookies and list their names and purposes. All handled by you internally.
- Option 2) See Verve’s solution below.
If, for example, on an eCommerce website a visitor disabled all cookies then this will render the site unusable and therefore the visitor would not be able to make a purchase, which is obviously not desirable for them or for the eCommerce site.
This service is exceptional value for money and peace of mind. We offer separate rates for retainer and non retainer clients so please email firstname.lastname@example.org for a price or call us on 01743 360000.
Prices start from £20 + VAT per month for a smaller web – £30 + VAT per month for a typical medium size website.
What are the risks if I do not comply with the Cookie law?
This is not a scaremongering article but we will be honest with the level of risk you are taking by not complying with the Cookie law.
For starters this is a law, so if you choose not to comply you do run the risk of enforcement action from regulators, which in the UK is The Information Commissioner’s’ Office (ICO). Although this would be an exceptional case, non-compliance can mean a fine. The following case is extreme, but in 2015 a Dutch company was fined 25’000 euros for non-compliance with the Cookie law so it is being acted upon.
Taking fines out of the equation I believe the most important risk you run by non compliance is representation of trust and credibility – or lack of should I say. The Cookie law isn’t going away and more and more websites are taking steps to ensure compliance and as such more websites than ever are including the Cookie notification message. This is likely to soon become commonplace and website visitors may soon expect to see this message on all websites because of that. Visiting a website without the cookie notification message in the future therefore may raise eyebrows as to what potentially the website is hiding or not revealing.
For more information about the Cookie law, Cookie policies or the GDPR regulation in general and how to become compliant please email email@example.com.