Security, privacy and related topics have appeared in the news in recent months. Most of them are due to the introduction of the new legal rule gdpr (general data protection provisions), that is, the way to process personal data. Of course, gdpr is not the only topic of discussion. Cookies have become a topic again. Unfortunately, website owners have a lot of wrong information about how cookies relate to gdpr, consent, and security, and what your responsibilities are. The goal of this article is to solve the confusion around cookies after gdpr. In addition, in order to obtain effective consent to the use of cookies, let’s take a look at the necessary matters. Go ahead! The
Do cookies comply with general data protection regulations (gdpr)? General data protection regulations (gdpr) are a series of rules and requirements related to the personal information of users on the web. You can control how more individuals collect, store, and use personal data. However, there is a lot of confusion about how gdpr relates to cookies. A cookie is a small file that is transmitted on a website and stored on the user’s computer. Send information about visitors’ activities back to the site. As a result, the site can provide a more personalized user experience. In fact, cookies do not actually fall within the scope of gdpr. Instead, cookies are handled by eprivacy directive (or \
It is important to understand the changes brought about by gdpr and ensure that the website complies with the regulations. However, there are other requirements to consider for cookies. What is biscuit method? The electronic privacy guide, which is generally regarded as the cookie law, came into force in the EU in 2002. Since then, it has been modified several times, but remains relatively consistent, involving the electronic personal information of website cookies. In short, the cookie method requires each user to provide prior consent before saving a file to a computer or other device. This means that visitors should be told that the site uses cookies in a clear and visual way from the beginning. You must also provide details of how and why cookies are used. Most importantly, visitors must be given the opportunity to agree, withdraw, or reject. The site cannot run cookie related scripts until consent is obtained. Typically, this is done by displaying a banner ad on the site when each user first visits. You may have seen the following banner ads on the Web: The
The banner should be eye-catching and cannot be missed. It must also contain all required information (including links to the entire cookie Policy) and clearly define the organization’s actions for information-based consent. In fact, creating cookie banner ads and policies is very simple. There are many online tools that can help you get things done quickly. However, we must first accurately understand the consent function in cookie law. What is required by the cookie act with respect to consent? Agree with the seemingly simple concept, but in fact it is not difficult to understand. But it is important not to assume here. Before implementing (or updating) your own cookie solution, you should understand the matters required by the cookie law and the matters deemed as valid consent, as well as other matters. The
In order to be considered valid, the user’s consent to the cookie must be \
. However, this does not mean that it is necessary to provide a method to close cookies directly through the website. In fact, in most cases, the cookie masking settings built into the main browser are considered an effective way to withdraw consent. The
You must notify the user that the browser settings can be used to block the use of cookies. Although this is not a legal requirement, it is also a good method to provide a link to help users find the correct settings for managing cookies on the device, or find a direct method for managing users’ consent to cookies. Most importantly, before the user agrees (or refuses), it must be confirmed that the installation or data collection has not been performed. In addition, the use of your service or website cannot be conditional on whether the user accepts the use of cookies. This is seen as a way to force people to provide consent that is not allowed under the cookie act. The
What is not required by the cookie method? Understanding what you don’t need to do is as important as knowing what you need. In the end, a lot of wrong information spread. Clarifying responsibilities can save a lot of time and energy. For example, you mentioned earlier that your site should state whether cookies are used and why. However, you do not need to list each active cookie or provide specific details of the actions performed by the cookie. This information is likely to overwhelm visitors. Instead, you only need to specify the category of cookies you are using and their purpose. The
And it is not necessary to keep the activity records agreed by each user. This is a typical confusion area, because according to gdpr, consent records are required in many cases. However, if necessary, you only need to provide evidence of consent. The best approach is to use a cookie management solution to block scripts, usually until the activity agrees. Therefore, if you need to prove your consent, we have taken sufficient consent measures to indicate that cookies were initially installed. What will happen to the cookie method in the near future? I mentioned the legal name of cookie law eprivacy directive. However, these guidelines will be replaced by eprivacy regulation in the near future. Although it cannot be implemented at present, this provision will continue to affect the way your site uses cookies in the near future. The
The major changes can be seen in the names of the two policies. \
At this point, it is difficult to say what changes this new rule will make to cookies and consent. However, all site owners should know this. Keeping the law up to date is the best way to ensure that your site is compliant and secure for all users. A good place to find this information is the European Parliament’s legislative train website. In addition, the iubunda blog is an accurate and easy to understand resource that enables simpler and more user-friendly legal updates. Finally, the ICO website is more specific to the UK, but it is also another useful source of information. The
Conclusion current implementation
It’s easy to get lost if you want to keep track of many ongoing rules related to personal information protection. In particular, what laws affect you and your site users? The new gdpr is really important, but it is not the only regulation that needs to be known. Laws such as the cookie law (and the future eprivacy regulation) are still valid and enforceable. Knowing the requirements of this law is very important to protect your interests (avoid breaking the law) and provide safe and reliable services to all users. Do you have any questions about the quqifa? Is there any other way to ensure compliance? Please ask questions in the comments section below! Image credit: pxhere
