GDPR Changes EverythingThe General Data Protection Regulation, more often referred to as GDPR, is a relatively new mandate that is causing all kinds of confusion, at least in the U.S. Its roots come from the EU and are intended to protect EU citizens' right to data privacy. These mandates are nothing new. In fact, the EU has had a similar, albeit more concentrated, data protection directive in place since as far back as 1980 and implemented the ePrivacy Directive in 2009.
While residents of the EU may be comfortable with the evolution of data protection regulations, many organizations in the U.S. are scratching their heads as to what they need to be doing to be in compliance with the GDPR. Specifically, there are questions about cookie consent requirements and cookie consent record keeping. Make no mistake, even if an organization operates outside of the EU, it must comply with GDPR or face hefty penalties, including fines and data processing bans, if it offers goods or services to EU data subjects.
What Are Cookies?A “cookie” is a technology to remember something about you. It's gotten a bad rap over the years. Cookies aren’t all bad. They can be good and helpful in some cases because they are like a short-term memory component that helps websites create an easier user experience (remembering items you put into your cart, for instance). On the other hand, some cookies track you for marketing and advertising purposes - and then sell the information they’ve collected about you to other companies.
A Quick Guide to Complying with Data Protection and Cookie LawsThe GDPR, CCPA, and many laws yet to come all have specific requirements. As data and technology continue to evolve, those requirements will inevitably change. Without a single set of requirements with which to comply, designing a compliant cookie notice and method of consent may seem impossible.
Here are a few options when it comes to ensuring your organization is cookie compliant:
2. Choose how you want your users to provide consentYou can allow users to opt-in, opt-out, or provide consent by continuing to use the site. The latter is likely the simplest way to obtain consent and requires minimal coding to your page, but does not meet consent requirements in many jurisdictions. Your users can also turn off cookies in their browser settings if they choose to control cookies.
3. Choose your cookie consent build toolFortunately, there are free, open-source resources to help organizations customize and build compliant cookie notices - even specific to each country’s cookie law, as well as paid resources that go a step further to help you modify your site if the user opts out or declines cookies.
While a paid version is similar to the free open source version of the cookie consent pop-up, paid versions provide more features than the free open source versions. The paid version by Osano, for example, automatically handles geolocation and language detection so visitors see the appropriate type of consent dialog and in the appropriate language. The paid version also tracks the consents, helping companies with their cookie consent record keeping.
While the GDPR and other privacy laws will ultimately benefit us all by promoting transparency, organizations must leverage the available tools available now to help them comply with these complex and sometimes confusing regulations. The genie is out of the bottle, so to speak. With the massive amounts of personal data already circulating, we can only play catch-up and try to provide meaningful protection going forward.