Cookies & GDPR: what’s really important?
When you think about data law and privacy legislations, cookies easily come to mind as they’re directly related to both. So if your website's cookie implementation is not compliant you could be easily exposed to a GDPR breach that can damage the success of your business. Now it’s the time to learn more about the dealing with EU's GDPR, cookies, and data privacy compliance on your website.
You probably landed on this page because you’re concerned about the privacy-related regulations and you want to be sure that your website is compliant.
We believe you have every reason to do so because nowadays, consumer data privacy became a key focus for regulators and consumers alike, as many turned to online services and platforms to fulfil day-to-day functions.
As the last years passed, marketers had to become familiar with “the death of the cookie,” which was correlated with an increase in data privacy regulations, such as the General Data Protection Regulation (GDPR). And let’s face it, cookies can be seen as important tools that can give businesses a great deal of insight into their users’ online activity.
We advise you to keep reading to learn more about the most important things when dealing with EU’s GDPR, cookies, and data privacy compliance on your website.
What’s up with cookies?
You probably heard it before – cookies are advertisers’ weapons to track your online activity so that they can target you with highly specific ads.
Cookies are text files with small pieces of data that are used to identify your computer as you use a computer network. Some specific cookies are used to identify specific users and improve your web browsing experience. At the first glance, cookies are harmless and serve crucial functions for websites.
However, cookies can store a lot of data, enough to potentially identify you without your consent. Given the amount of data that cookies can contain, they can be considered personal data in certain circumstances and, therefore, subject to the GDPR.
Cookies and data privacy regulations
If you are operating a website with international traffic, you need to know how that data privacy and cookies are strongly connected. No worries, we’ve got you covered, just keep reading to discover the bigger picture.
It all started with the General Data Protection Regulation (GDPR), an EU legislation that governs all collection and processing of personal data from individuals inside the EU. Afterwards, browsers like Firefox and Safari abolished third-party cookie tracking along with Apple’s iOS update in 2020, while Google has announced it will deprecate cookies by 2023.
What you really need to know is that GDPR focuses on the legal responsibility of website owners and operators to make sure that personal data is collected and processed lawfully. It’s also relevant to mention that a website outside of the EU is required to comply with this regulation, if it collects data from users inside the EU.
GDPR requires a website to only collect personal data from users after they have given their explicit consent to the specific purposes of its use. And yes, you guessed right – cookies are identified as a part of personal data.
GDPR-compliant cookie consent
We’ve already established that GDPR cookie consent is fundamental to your GDPR compliance plan. But what exactly is cookie consent? It’s defined as clear, specific, and freely given consent to all cookies or to specific categories of cookies.
This consent relies on two essential aspects:
- Users’ awareness of your cookie use (including cookie categories and purposes). For that, you’ll need a comprehensive cookie policy that they can easily access and that is prominently displayed on your site.
- Users’ ability to consent, deny or set preferences for your use of cookies. In this case, you’ll need to institute a cookie banner or a comparable method like a popup.
A cookie policy can easily be integrated with your website’s existing privacy policy. However, it’s quite dynamic since your website is dynamic too.
Just don’t forget – cookies change and so must your cookie policy.
Cookie policy implementation process
1. Define your policy
Understand where your customers are in the world and what privacy laws your data strategy needs to consider. Remember, not all countries are governed by the same laws. If you have EU customers, you have to be GDPR compliant. France imposes further rules, California has a different policy.
2. Select a partner
Select a cookie consent management platform that can help you achieve compliance. It is not sufficient to deploy your Cookie Management Solution to the site. Installing the partner tag alone would not make you compliant, so you need to ensure your tracking is in sync with user preferences. Cookiebot or OneTrust are great examples.
3. Orchestrate
Your tags need to be categorized according to the management platform rules, then each category is triggered based on consent. Each tag needs to be identified in one of the categories: strictly necessary, functional, targeting or statistics. You need to add additional rules to your tag management to ensure they only fire when permitted as indicated by the cookie management platform.
After all that, take a look at your impact and implement measurement or mitigation. You can collaborate with a UX team to ensure your consent banners are user-friendly. Plan to implement server-side tracking where possible, move to new analytics platforms such as GA4, and implement Enhanced Conversions and Consent Mode for Google Ads.
Making Smart Decisions in the New Cookieless World
From GDPR and ePrivacy Regulation, to a post-cookie future, getting your data strategy right could be the difference between business survival and exponential growth. Here are some aspects you should consider to stay smart in a cookieless era:
API-based tracking – A number of advertiser platforms and 3rd parties such as Facebook and Awin have already released API-based tracking solutions to reduce cookie reliance, alleviate the GDPR impact and prepare for the removal of 3rd party cookies.
Enhanced conversions – The new recommended tracking method for Google Ads aims to improve the accuracy of conversion measurement by providing a mechanism to safely pass 1st party conversion data.
Google Consent Mode – Google’s mechanism of collecting users’ consent status from the cookie management platform allows the advertiser platforms to extrapolate accurate numbers of conversions.
1st party data activation – First-party data is the foundation for understanding your customers. Leveraging it by enriching your advertising technology gives your organisation a competitive advantage.
Considering sharing with others