COOKIE BANNER APPROACH
What is a Cookie?
For almost any modern website to work properly. it needs to collect certain basic information on its users. To do this, a site will create files known as cookies —which are small text files — on its users’ computers. These cookies are designed to allow the website to recognise its users on subsequent visits, or to authorise other designated websites to recognise these users for a particular purpose.
Lou Montulli of Netscape Communications invented the cookie in 1994 in an effort to improve the online commercial transaction experience. The name "cookie" was taken from an older programming phrase, "magic cookie," which referred to a packet of data programmes that preserved data even after being repeatedly delivered and received.
Kinds of Cookies
1. Session-based cookie
Cookies used during a session are sometimes known as transitory cookies or per-session cookies. Session cookies retain information for the duration of a user's visit to a website. When the user terminates their session, these cookies are removed.
2. Persistent cookie
Persistent cookies are kept for a certain period of time. These cookies are stored on your device until they either expire or are erased. Persistent cookies are frequently referred to as tracking cookies since they are used to gather user information such as browsing preferences and browsing behaviour.
There are both first-party and third-party cookies.
First-party cookies are those that are placed by websites that users visit directly. These cookies often hold site-related or relevant information, such as the user's preferred settings or location.
Third-party cookies are cookies that accompany third-party content, such as embedded videos, advertisements, web banners, and scripts, on a user's visited website. Marketers often use third-party cookies to monitor user activity.
Supercookies are similar to session cookies in that they additionally monitor user activity and browser history. Yet, they are also capable of recreating user profiles, even after standard cookies have been removed. Moreover, supercookies are stored in distinct locations than ordinary cookies. This makes it harder for the typical user to notice and remove them. Sometimes, supercookies are referred to as "zombie cookies" or "evercookies."
4. Internet cookie
Flash cookies or "local shared objects" [LSOs] are data files kept on PCs by websites that use Adobe® Flash®. Flash cookies, like browser cookies, may save user data in Flash applications. Flash cookies are sometimes utilised as a "backup" after the browser cookie has been removed.
Laws related to Cookies.
The most notable change in privacy standards has been the management of cookies. The GDPR comprises approximately 50,000 terms, yet "cookie" is not one of them. Notwithstanding this, the GDPR has important ramifications for the Cookies Policy of your website. Several websites continue to be non-compliant despite the lack of clarity in the legislation.
Do You Need a Privacy, Cookies, or Both Policies?
A Privacy Statement is required by EU legislation if businesses handle the personal data of EU residents. This includes cookie use. Article 12 of the GDPR mandates that businesses give information about any personal data they handle "in a brief, transparent, comprehensible, and readily available manner, using clear and simple language."
Steps to be followed.
1. You should begin by explaining what cookies are and what they do.
2. It is hard to avoid using technical jargon totally; nonetheless, you should do your best to place everything into a context that is easy to understand.
4. Third Party Cookies- Article 13 of the GDPR mandates that "the receivers or categories of recipients of [your users'] personal data" be disclosed. This indicates that you must inform your users if their information will be shared with other parties- It is usual for websites to enable third parties to set information-collecting cookies on visitors' devices. If you utilise a programme such as Google AdSense, Google's terms of service require you to advise your consumers that Google displays targeted advertisements on your website.
5. If your website interacts with social networks, this may have consequences for your Cookies Policy, which you should disclose.
7. Remarketing- Remarketing, which is often referred to as "retargeting," is an extremely effective kind of advertising. It gives you the ability to "follow" visitors who have left your website and show your advertisements on other websites that those users visit. If you make use of remarketing, then your Cookies Policy must make a particular note of this fact.
8. Other Tracking Technologies- There are many websites that make use of various tracking technologies, such as web beacons and pixel tags, in order to identify and keep tabs on its visitors. While they are not cookies, there may be privacy concerns associated with them, and they may interact with cookies. These technological advancements must likewise be included in your policy about cookies.
9. Inform the users that:
· You make use of these technological devices.
· What they are in a nutshell
· How you put them to use (for what purpose)
· How do users have the ability to restrict any of this
10. Cookie List- It is considered standard practise to provide a comprehensive list of all of the various types of cookies used on a website, including first-party cookies, along with an explanation of what each one is responsible for doing.
11. How to Control Cookies- A lot of websites include something called a "privacy centre" or a control panel that users may use to enable, decline, or revoke their consent for different kinds of cookies.
12. How to Request Acceptance of Cookies based on the GDPR- According to Recital 25 of the ePrivacy Directive, "users shall have the option to prevent cookies and similar devices from being kept on their terminal equipment." This implies that authorization must be obtained before using the majority of cookies.
When the EU uses the term "consent," it means: The GDPR prohibits opt-out consent. It fully adheres to the opt-in paradigm of consent.
Article 7 of the GDPR stipulates that consent must be:
· Freely provided,
· Provided via a clear, affirmative act, and
· Simple to revoke at any moment.
The majority of websites seek cookie consent through a banner or landing page. It is crucial to implement features on the website that enable users to accept, decline, and revoke consent for various kinds of cookies.
13. Consent By an Extremely Clear, Affirmative Act- Users must affirmatively agree to cookies with clear action. The user should be able to click "I accept" or "OK" or anything similar when asked to agree to cookies.
14. Easily Withdrawn- Article 7 of the GDPR states that "it should be as simple to withdraw as it is to obtain consent." When it comes to this issue, following the "letter of the law" is quite challenging. One can do everything right with the cookie banner, but it's probably going to have to be a bit tougher for users to withdraw their consent than it was for them to provide it in the first place.