GDPR & Cookies Privacy Law: will the new regulation be the death of Cookies?

There is a great deal of debate on how GDPR will affect cookies privacy law when it finally becomes law.  Some are of the opinion that mobile device ID will replace cookies and that desktop technology used to collect data will be banished.

Despite the outpouring of fake news on the subject of cookies privacy law and GDPR, the actual truth is that there is no likelihood of reform on the ability to track users.

The underlying spirit of the new Regulation is that of consent, albeit implied consent. As with most legislation, there is room for subjective interpretation by legislators. The ICO is crystal clear with its 12 steps guideline, which provides that it is apparent that you inform users of the use of cookies, reasons for their use, and allow readers to indicate clear acceptance, then all is satisfactory.

According to the GDPR:

  • “It is a mouthpiece of a person. Should not be altered.”
  • Provided that you alert visitors that the site is using cookies. Also, provide a way to actively opt-in then all is good with GDPR.
  • The only real deviation from the original cookie technology is that content writers will need to add more about user experience.

There is, however, a further caveat that might yet see the death of browsing cookies.  Currently, many sites plant dozens of cookies in the browsers of users who visit their websites, collecting browsing history and sending out signals to advertisers so that future sites will show details of their products.

ePrivacy Law soon to Replace PECR

The ePrivacy law, soon to replace the current PECR (Privacy and Electronic Communications Regulations), online marketing rules and will provide for greater protection for internet users in this regard.

Anyone with an internet business who collects data this way will need to ensure strict adherence to the privacy regulations. It must allow users to understand the process of personal data. What is the purpose of the data, with substantial financial penalties for companies breaching provisions?

Many businesses rely on their website. The difficulty will be about balancing the growth of their business by ensuring the personal privacy of website users.

For many small businesses that rely on analytics to collect data, they must tell the data is not intrusive or personal. Any risk to the user then this data will not fall under the strict regulations of GDPR or ePrivacy.

Smaller companies should be able to take advantage of some leeways. Similarly, they can show that their businesses demonstrate trust on behalf of their consumer.

There are numerous technological resources available to meet limited budgets. Many giving free advice on common problems such as the use of Google Analytics and WordPress cookies.

Larger companies and internet giants with significant resources expected to invest more and implement further advanced measures than expected. And, to stay updated in line with regulations frequently due to available finances compared to smaller organizations and SMEs.

In conclusion, an ever-pressing desire for consumer privacy combined with the ever-growing threat of malicious hacking has forced regulation to come to the rescue.  With significant fines for non-compliance, professional advice from Seers specialist GDPR list of advisors is highly recommended, to ensure your business is fully compliant come May 25th.