Whether you own a website or simply frequently visit them, you have most likely come across a variety of different cookie pop-ups as well as their related policies.
But what are cookies and why does everyone seem concerned about their use? Read on to learn more about cookie policies and why your website needs one.
Table of contents
What are Cookies?
Cookies are small text files filled with bits of information that are stored locally on a computer’s web browser. They allow for a better browsing experience as they store information about the website visitor, which can help create a more pleasant and personalized user experience.
For detailed information about cookies, read our article on the subject here.
What Type of Information is Stored by Cookies?
While that varies depending on the type of cookie and the website, cookies generally store information that can be used to keep track of a user’s activity on a specific website. Their preferences (language, location, currency), the pages visited, the time spent on a page, the items added to a shopping cart, etc.
The cookies generally do not store complete names and addresses, they are simply a combination of letters and numbers generated by the web browser and tracking the actions of a user on a website.
What are Cookies Used For?
Web cookies have various uses but their main purpose is to offer users a better browsing experience. They store information about a user, such as the primary language in which they browsed a website or the items that they viewed, in order to make relevant product suggestions and deliver targeted ads, for example.
Some permanent cookies can store log-in information, such as usernames and passwords, which is handy for the user but can become a security and privacy issue should someone get unauthorized access to a computer. However, as long as users know that cookies are being used, have consented, and clear their cache and cookies on a regular basis, there are more pros than cons.
There are various types of cookies that keep track of different information. Some are temporary and expire when the user leaves the website, these are called session cookies, others are more permanent, such as tracking or persistent cookies, and some are used by third-parties for marketing purposes, effectively allowing them to retarget people based on their interests and behaviors on the web, which is where privacy concerns can come into play.
More importantly, you need to let them know exactly what information you are collecting about them so that they are aware and comfortable navigating your website. This is essential in order to build trust between you and your users and to establish a legitimate presence online.
Users should be able to choose what they wish to share about them on the Internet, as they can with the information that they share in person.
GDPR & Cookies
As a reminder, the GDPR applies to any website that has visitors from the European Union and thus processes their data, in other words, pretty much every website on the Internet.
Indeed, the GDPR considers that cookies that can be used for the purpose of identifying users fall under the definitions of “personal data” as “online identifiers”. This means that consent is required from the user unless the website processing user data has a “legitimate interest” in doing so.
There are of course some exceptions for cookies that are considered “strictly necessary” to either transmit a communication or to provide the service requested by the user.
The definition of what is strictly necessary is up for debate, but logically includes any cookie that allows a user to use and navigate your website without a glitch. In the case of an e-commerce business, for example, cookies that allow the website to remember what items were added to a shopping cart in order to allow the customer to checkout seamlessly would be considered strictly necessary and thus would not require consent from the shopper.
Note that a few countries have adopted stricter or additional requirements in regards to cookies - you should always check local legislation to make sure that you are complying with applicable laws.
You should let your users know what information your cookies are storing about them, what you are doing with this information, how long and where this data is stored, and if you share it with any third parties.
Last but not least, you should let your users know that they can decide which cookies they allow, refuse all cookies or revoke their consent at any time while still being able to use your website, even though their experience may not be optimal.
It is good practice to link to external websites where your users can learn more about what cookies are, how they can be managed as well as the privacy challenges commonly associated with them.
The best way to do that is by using a cookie consent banner that includes a link to your detailed policy. It's usually displayed as a popup somewhat in the footer or header of your website, for example:
Click here for an article that contains examples of cookie banners and policies from some of the biggest online players as well as a template that you can customize and use on your website.
In this digital age, people are becoming more and more conscious about online privacy and it has become a frequent topic of discussion - as a website owner, you have responsibilities to uphold.
- Updated on May 19, 2021