Does your website need cookies? | InfoLore Ltd

A new website is an exciting project, and you want to get it right. Not only should it work the way you planned, but it should clearly show the products and services you offer. Attracting more visitors and prospective customers. One key thing to remember when designing and developing a new website is user experience – which is where cookies come in.

Your web designer will embed various cookies into your site, enabling it to function in the way that you require. With GDPR you need to be careful about only collecting data that is relevant for your business.

Do you need cookies on your website?

If you have either a website or blog, with visitors from the EU, you need to display either a cookie warning or a pop-up notice to make visitors aware. In theory, only websites that collect user data via cookies need to get consent for doing so. However, virtually all websites set cookies that track users – think about Google Analytics for example.

What are cookies?

Cookies are files that you can delete. You probably don’t want to block all cookies, as this would really limit the quality of your browsing experience. You are able to set your browser to ask your permission before accepting a cookie though. Enabling you to only accept them from websites you trust.

Can you be tracked across domains by cookies?

Cookies are the go-to method for tracking website visitor information. First-party cookies are those which are set on the current domain you are browsing. They allow tracking for data on a single domain or subdomains. These first-party cookies will not work across top-level domains.

Changes in the law

Under the new 2019 Cookies Guidance, you are no longer allowed to reply on implied consent for cookies. This means that:

  1. Your user must take a clear and positive action to consent to non-essential cookies.
  2. Your website and apps must tell users clearly what cookies will be set, and what they do. This should also include any third party cookies.
  3. Pre-ticked boxes and any equivalents, such as sliders defaulted to ‘on’, cannot be used for non-essential cookies.
  4. Your users must have control over any non-essential cookies.
  5. Non-essential cookies must not be set on the landing pages before you gain consent.

The main thing to remember here is that if a cookie is essential to make the website work, and is strictly necessary, then it does not require consent.

What are non-essential cookies?

Non-essential cookies collect information for reasons such as web analytics and advertising. These type of cookies require full consent. Pop-ups which include wording along the lines of ‘by continuing to use this website you are agreeing to cookies’, is no longer valid consent.

A quick test for you… here is a cookie statement from a popular website:

By clicking or navigating this site, you agree to our use of cookies, including for analytics and to enable our partners to serve interest-based ads for our products and services. To learn more and about your privacy choices, please read our Cookie Use statement.

Can you see what is wrong there? There is no option to refuse to give consent.

Putting things into place

Even if you have a website which does not have any non-essential cookies, we still suggest that you inform website visitors about how you use cookies. A cookie or privacy policy is a great way to include this. Remember that GDPR is all about lawfulness, fairness and transparency.

Now that your cookie consent mechanism is in place, you can choose to add a pop-up cookie consent screen.

InfoLore are available to offer support on your journey to GDPR Compliance. If you like our articles / blogs and would like to be kept up to date with GDPR and cyber security, please sign up to our newsletters. We promise not to send more than one a month, and only if we have sufficient information to impart.