Whilst third-party cookies are still allowed by default, it is important that individuals’ rights are respected when tracking site visits.
“The use of data monitoring is subject to regulations of the GDPR. Compliance when using cookies online can still currently be identified through the cookie policy, the cookie banner, and the privacy policy of a website.
Under the GDPR, cookies that are not necessary for the basic function of a website must only be activated after end-users have given their explicit consent to the specific purpose of the operation as well as the collection of personal data. We can look at managing cookies with 3 important steps…”
Nathan Onojeghuo
Data Protection Executive
1. Cookie Policy
The cookie policy is required by companies so that users understand how their data is being processed. The policy should list all cookies that are being used on a website, along with detailed information to tell site visitors exactly how their personal data is being processed when visiting a specific domain.
For example, the analytical cookie allows for data to be collected for reporting purposes only, with no option to automate campaign optimisations or to target/exclude users. On the other hand, targeting cookies can be used to re-engage with users at a later date.
2. Cookie Banner
One of the most significant requirements of the GDPR cookie policy includes the cookie banner. The cookie banner, often referred to as CMP (Consent Management Platform) is a notice that is displayed as a user enters a website or app. The banner informs users of the purpose of cookies and their rights regarding those cookies.
The cookie banner importantly gives users the option to accept, manage or reject cookies, which ties into the GDPR legal basis of consent.
This process needs to be relied upon to lawfully process the data of an individual. The cookie banner is important to all companies as the absence of consent when collecting users’ data is deemed unlawful under the GDPR.
3. Privacy Policy
A Privacy Notice is implemented to provide a list of the company’s processes involving the use of the individual’s data. By listing the company’s practices when processing data, web browsers are made aware of the company’s GDPR principles and use of data.
When reviewing a privacy policy, users should look out for the purpose of processing, the customers’ rights, who the data is shared with, how long the data is stored, and if the company wishes to transfer the user’s data to countries outside Europe or the EEA.
FEATURED READS
