Cookies are an essential component of a website. They improve the users’ experience, and they collect data about a user's behavior on the site. This information can then provide better content, personalized ads, and more. All this may sound great, but it quickly becomes problematic under most data protection laws.
Why are cookie policies important?
Studies estimate that by 2023, 75% of the world will be covered by a data protection regulation. And while browser support for third-party cookies may be going away, cookies as a whole will remain an important method for collecting users' data — and therefore will continue to be regulated by these data protection laws.
Many laws, starting with the General Data Protection Regulation (GDPR) also require transparency when it comes to data processing activities. Plus, users themselves prefer businesses that are transparent about these practices, and they value companies that put an emphasis on data privacy.
The GDPR is, to date, the most restrictive data protection law. Recital 30 talks specifically about online identifiers like cookies, making it clear they’re seen as a means of data collection.
Cookies can be an incredibly useful source of actionable information for businesses. They’re not all bad. Some are essential—without them, your website can’t function properly. Strictly necessary cookies are exempted from privacy laws and can load with or without the user’s consent.
Here are some things your policy should touch on:
- What types of cookies do you use?
- What personal data do the cookies process?
- Where in the world will the personal data be transferred to/processed?
- What are the purposes of these cookies?
- How long will they track the users?
- How can users opt-in or opt-out of cookie usage?
- What can users do if they give their consent but then change their minds?
To keep your policy up to date, you’ll need to perform regular scans of your site to take a catalog of the cookies at use on your site and what functions they perform. CMPs have the benefit of both managing cookie consent on your site as well as scanning and categorizing the cookies you use. After all, you can’t block or permit cookies based on user consent if you don’t know what cookies are on your site and what they’re doing.
Disclosure is key