Every time you visit a website, a cookie file is saved to your device. This stores the website’s name and gives you a unique ID so it knows you’ve been there before.
Cookies can also be used to store other information including:
- How long you spend on the website
- The links you’re clicking on
- The options, preferences or settings you’ve chosen
- Accounts you log into
- The pages you’ve visited
- Which items you’ve placed in a shopping basket
All your previous browsing behaviours allow the server to deliver a page tailored to you.
It should also tell people how they can opt out or change their settings. Because the cookies used on a website tend to change, it’s important to update your policy on a regular basis to ensure it’s still accurate.
Although cookies are generally used to improve user experience, they’ve generated a lot of controversy in recent years as users have become increasingly conscious about their online privacy and security.
Cookies are a potential privacy risk because they have the ability to track, store and share what an individual is doing when they’re on a website. For this reason, it’s now a legal requirement that websites have to get clear consent from visitors in order to store or retrieve information based on their browsing habits.
You need to notify your site’s visitors that you’re using cookies, you must get consent for this and consumers also need to be made aware of how they can opt out if they wish. This applies to any business based in the EU or to those who are targeting their services to EU citizens.
GDPR gives consumers the right to receive specific, up-to date information which details the data that’s registered about them, what its being used for, where it’s being sent and what options a user has with regards to accepting or rejecting them.
As long as you do this the first time you set cookies, you don’t have to repeat the process every time the same person visits your website. However, bear in mind that devices may be used by different people so you may want to consider repeating this process at suitable intervals.
Find out what cookies are being used on your website
The first step is to find out exactly which cookies are being used on your website. This is fundamental for creating a specific and accurate policy because every website uses them differently.
If you’re unsure how to find this information, you can use Cookiebot to complete an audit. This tool analyses your website and sends you a report with a complete overview of all the cookies in use, including their purpose and provenance.
Design a pop-up
Plan the content for your policy
As laid out in GDPR compliance regulations, your language needs to be plain and intelligible and should include the following information:
- The type of cookies you’re using
- The data you’re tracking
- How long cookies stay on a user’s browser
- Why you’re using cookies (for marketing purposes for example)
- Where the data is sent and with whom it’s shared
- How to reject cookies and how to change cookie settings
Some great resources for free cookie templates include:
Your final option is to ask your website provider (if you have one) to put together a policy for you. If you’re using an agency, they will have multiple clients and should therefore already have a template they can send you. Alternatively, they can put together the whole document from scratch although this will probably cost more than simply receiving a template.
What if a user rejects cookies?
There are strict rules on gaining consent and in order for it to be valid, it must be freely given, specific and informed. Consent must involve some form of unambiguous positive action – for example, ticking a box or clicking a link. The person must also fully understand that they’re giving consent.
Don’t forget to provide an easy-to-find link to your policy and simple instructions for opting out of your cookies use. For further information about complying with the UK cookie law and the penalties of failing to do so, please head over to privacypolicies.com.