Keep updated on thoughts, facts and knowledge!
Please set a blog tag to enable Related blog posts
From time to time, we get questions from customers about the usage of cookies and cookie-compliance tools. This article contains a summary of the laws covering cookies in the European Union and some of the tools you should use to make sure you are GDPR-compliant.
What are cookies
According to Wikipedia, a cookie is "a small piece of data stored on the user's computer by the web browser while browsing a website". They are harmless and serve vital functions for a website. Often they are used to collect and hold user information but cannot follow you across different devices.
Due to the quantity of data a cookie may contain, including your personal information, a website's cookies usage is often subject to the rules and regulations within the GDPR.
Cookies are subject to the GDPR and the ePrivacy Directive (EPD), amended in 2009. The EPD was supposed to be replaced by the ePrivacy Regulation (EPR) in 2018, but that never happened.
The General Data Protection Regulation (GDPR) is the most widespread data protection legislation passed by any governing body. However, throughout its' 88 pages, it only mentions cookies directly once, in Recital 30.
Natural persons may be associated with online identifiers provided by their devices, applications, tools, and protocols, such as internet protocol addresses, cookie identifiers, or other identifiers such as radio frequency identification tags. This may leave traces that, particularly when combined with unique identifiers and additional information received by the servers, may be used to create profiles of the natural persons and identify them.
When using cookies to identify visitors, it qualifies as collecting personal data and is, therefore, a matter of GDPR. What does it mean to you? You have the right to process and store visitors' data, as long as they give their consent or if you claim to have a legitimate interest.
Consider the following to comply with the regulations governing cookies under the GDPR and the ePrivacy Directive:
Cookiebot is a GDPR and ePrivacy compliant cookie and online tracking solution. Cookiebot is leading in Travel & Tourism, Heavy Industry & Engineering, and Home & Garden. It is easy to use and a simple UI for administrating your cookie consent settings. It is a bit limited regarding styling your cookie banner or pop-up. Cookiebot offers both free and paid options.
Fully automatic core functions: cookie consent, cookie monitoring and cookie control. Cookiebot enables true compliance with privacy legislations through respectful and transparent data exchange, based on consent between end-users and the websites they visit.
OneTrust is a more robust GDPR, Privacy Management Software, and Cookie consent service with many features, yet easy to use. It has better usage coverage in more websites categories – including Computers Electronics & Technology, Business & Consumer Services, Finance, Science & Education, and 17 other categories. OneTrust offers both free and paid options too.
Scan your website for cookies, create customised cookie banners, enable preference centers and auto-generate consent records to demonstrate compliance over time.
Quantcast is a cloud-based GDPR compliance management platform that helps publishers, marketers, agencies, and consultancies manage content publishing and advertising of relevant data. It is part of a more extensive audience intelligence and measurement tool and a bit tricky to administrate.
Quantcast Choice is provided for free.
Build privacy into every product, feature, and decision that we make around data. Individuals can easily access information about Quantcast's data practices, including what data we collect, what we use it for and with whom we share it."
I hope this article gave you some guidance of the laws covering cookies in the European Union and inspired you in some of the tools you should use to make sure you are GDPR-compliant.
Get in touch with me or one of my colleagues if you have any questions.