In this post, we’ll look at cookie consent and the GDPR and what businesses can do to make sure they’re compliant.
What are website cookies?
Cookies are generally classified by:
Cookies may expire at the end of a website session or when a user closes their browser. Persistent cookies are those that remain on a user’s hard drive until their pre-set expiration date, or until a user deletes them.
This includes first-party cookies, placed by the website a user is visiting, and third-party cookies, such as advertising cookies.
- Strictly necessary cookies — These are first-party, session-based cookies essential to website functionality. Consent is not required for these, but the website must notify visitors that these cookies are in use and explain their function.
- Preference cookies — These cookies store information about user preferences, such as location and login credentials.
- Statistics cookies — These cookies collect information about how users interact with a website, then aggregate the data to offer a view of website performance, such as the most popular pages.
- Marketing cookies — These are persistent (and usually third-party) cookies that track users' online behavior for the purpose of delivering targeted ads. These cookies may share information with other entities.
GDPR vs. ePD
GDPR language covers how data is collected and used, and affords consumers certain rights to protect their privacy. That’s why it’s applicable to cookie policies.
The GDPR and Cookie Consent
Cookie consent should be affirmative
Cookie consent should be freely given
Cookie consent should be informed
Cookie consent should be accessible
Cookie consent should be recorded
Cookie consent should be changeable
Best practices for cookie management
To avoid potential fines, businesses can implement the following best practices:
Look into which cookies are on your site
Explain what cookies are
Allow users to change their cookie preferences
Review the accessibility of your cookie notification
Consult an expert
Do all cookies require consent in the EU?
Is GDPR cookie consent applicable to US websites?
Monsido's Consent Manager