Websites must have in place a GDPR compliant cookie consent banner to ensure that they protect the data privacy of their website users, inform them about the cookies that are active on their website and address any privacy concerns that the users might have.
However, the users find the cookie consent banner as an annoying element on any website. The reason for this proliferation of the GDPR cookie consent is the lawmakers want you to take good care of the personal information of your users.
These consent alerts enforced by the two most influential regulations, known as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
The GDPR came into effect on 25th May 2018, whereas the CCPA came into force on 1st January 2020.
The issues related to a user’s/visitor’s privacy has been discussed often and grabbed the attention of many. The legislations are launched to address those issues.
The Directive, later updated in 2009 and in 2018 extended its scope and brought it more in line with the GDPR. Currently, the EU is still debating a total overhaul of the ePrivacy laws with the ePrivacy regulation, however, this has been delayed for the near future.
The GDPR and cookies
General Data Protection Regulation (GDPR) mentions cookies in one paragraph. In which they are defined as how they are used to track devices to associate a person with the websites that they visit.
Though, it also mentions how cookies can abuse a user’s privacy by creating a usage profile. In addition, a person can have a link with the online identifiers provided by their devices, applications, tools, and protocols.
This often leaves traces when combined with unique identifiers and the information by the server. As a result, it can create a profile or a user through which he/ she can be identified.
According to the GDPR, a person must, “document and store consent received from users”. In reality, it is not possible to store consent from every visitor.
Therefore, websites must implement a GDPR compliant cookie consent banner. Whenever a user visits the site, the cookie alert will appear on the page, and the consent can be given just by clicking “I Agree” on the banner.
The GDPR also suggests that “a website must allow users to access your service even if they refuse to allow the use of certain cookies”.
Consequently, if a user disagrees with the GDPR compliant cookie consent banner, they can still view the whole page. But, the banner will still be there on the bottom of the screen.
ePrivacy Directive (EDP)
The ePrivacy Directive has specified the rules one must apply for tracking, confidentiality, and monitoring. This law requires a person to provide consent before cookies are served to their device.
Nevertheless, a user must know if the cookies are used for tracking. Most importantly, if the usage of cookies is not for tracking, instead they are being used just for the site’s service provision, they are exempt from the consent requirement.
California Consumer Privacy Act (CCPA)
This regulation came into force on 1st January 2020. It has restrictions regarding the use of “unique identifiers” such as cookies, IP addresses, notification requirements and opt-out/in are the same as GDPR and EPD.
The number of GDPR-compliant companies is springing-up. They have completed the compliance tests of their websites and have cookie management solutions through scripts, plugins, and service. They have ensured that their websites are utilising a GDPR compliant cookie consent banner.
For a user, a cookie consent banner is just an annoying factor. They think that these cookie alerts are irrational and mar their experience slightly whenever they search for something.
Whereas, from an organisation’s perspective, these cookie consent banners ensure that the website is protecting its user’s privacy. And, avoid mutiny under the GDPR and EPD.
Well, as long as the websites are protecting a user’s personal information, what a user thinks, does not matter.
Lastly, these laws will keep on evolving as new technologies are introduced to the world by each passing day.
Organisations must protect themselves and ensure that they implement a GDPR compliant cookie consent banner on their website.