How to comply with EU GDPR Cookie Compliance Regulation?

A cookie is a small piece of data stored on the user’s computer by the web browser while browsing a website. Cookies enable organizations to track, use and store user behavior. Data Privacy regulations such as EU GDPR, EU e-Privacy Directive have defined cookie compliance differently, but hefty penalties for non-compliance are found in all of them.

Cookies provide a great deal of insight into their users’ online activity. Despite their importance, the regulations governing cookies are split between the GDPR and the e-Privacy Directive.

With the passing of Directive 2009/136/EC, known as the Cookie Law, the European Parliament has mandated organizations to obtain informed consent from all the website visitors before they drop or store cookies on a visitor’s computer. Policies have been modified from time to time by all the countries in the EU.

The EU Cookie Legislation specifies four basic requirements from website owners:

• Let visitors know the cookies that are in use when users access their website.
• Provide information to users about the purpose and the data each cookie tracks.
• Let visitors have an option to accept or decline cookies.
• Do not place cookies if the website visitors decline them.
• Maintain documentation of all the cookie consent logs.

The first step is to know which cookies does your website place on your visitor’s device. There are essentially two types of cookies – first-party and third-party cookies that need to be identified by scanning your website.

First-party cookies are created and stored by the host domain – the domain user is visiting, allowing website owners to collect analytics data, remember language settings and perform other useful functions that help provide a good user experience.

Third-party cookies created by domains other than the one user is visiting and are mainly used for tracking and advertising purposes. For example, Providers of advertising, retargeting, analytics?and tracking services, etc.

Cookie consent banners are small pop-up notifications that appear on the first visit to a web page. It displays information about the cookies the page will load and takes user consent before loading them.

GDPR specifies the website owners to obtain explicit consent from visitors for dropping cookies, which can be implemented through Cookie Consent Banner.

A cookie policy is a declaration to your website visitors on what cookies are active on your website, what data they track, what purpose and where the data is sent.

The basic rule is to tell visitors that the cookies are there and explain what these cookies are doing and why, and get the person’s consent to store a cookie on their device.

A cookie policy includes:

• Kind of cookies placed.
• Detailed purpose of cookie collection.
• Third-party cookies and their respective policies.

Kinds of cookies and their purposes:

• Essential: Essential Cookies are necessary for the website to function and store the preference settings selected by a user for this website. These cookies cannot be deactivated by the user and do not store any personal information.
• Marketing: Marketing cookies are used to target advertising to a user or track the user on a website or across several websites for similar marketing purposes often served by third-party companies and track a user across websites.
• Analysis: Analysis cookies allow us to analyze website visits and traffic sources (e.g., number of visits, time spent on the site) to measure and improve our website’s performance.
• Functional: These cookies allow enhanced functionalities when accessing or using organizations’ websites and services.

Cookie consent to collect the personal data under GDPR must be informed, explicit and unambiguous.

Cookie consent?is the term for when users ?consent?to letting a website activate its?cookies?and trackers that process personal data and the cookie law needs informed consent of the user before storing cookies?on a user’s device and/or?tracking?them.

You must allow visitors to provide, withdraw or refuse cookie consent. No?cookie-related scripts can run on your website unless consent is obtained.