Cookies are a potential privacy risk, because they are able to track, store and share user behaviour.
With the enforcement of the EU law on personal data on May 25, 2018, the General Data Protection Regulation (GDPR), website visitors have a right to receive specific, up-to date information on what data is registered about them at all times, for what purpose, and where in the world it is sent (along with the possibility to prevent it from happening).
- What types of cookies are set,
- How long they persist on your user’s browser,
- What data they track,
- For what purpose (functionality, performance, statistics, marketing, etc.),
- Where the data is sent and with whom it is shared,
- How to reject cookies, and how to subsequently change the status regarding the cookies.
- Firstly, cookies tend to change often. This means that the policy, having to be updated and correct, also must be revised accordingly.
- Secondly, cookies operate out of sight. Most website owners don’t even know themselves, what cookies are in operation on their own website.
- Thirdly, the majority of the cookies in operation on a website are usually set by third parties, i.e. have another provenance than the website itself.
Therefore, it can be hard to have a complete overview at all times of the cookies in operation on your website, what information they gather, for what purpose, and where in the world the data goes to.
Read more about cookies in our introduction Internet Cookies – What are they and what do they do?
Cookiebot is one of the only fully GDPR-compliant cookie solutions on the market.
We enable you to take care of all that is cookie-related on your website, so that you can have peace of mind, knowing that your website complies with the regulations.
Does the EU cookie law affect sites in the US and the UK?
The short and simple answer to this is: Yes.
First and foremost, the GDPR is a universal law for the European Union.
This means that the GDPR not only regards all websites that are operating within the EU but also, all websites that are dealing with users from the EU.
So, with its enforcement in May 2018, all sites but strictly local ones outside of the EU will be affected.
In a PwC survey of American multinational organisations, 92 percent said GDPR compliance was a top priority, and 71 percent had already started preparations (in January 2017). These included privacy policies, IT security and discovery of all the data they currently had.
In regards to the UK specifically, it is still a part of the EU upon the date of enforcement of the GDPR. Also, the UK government is preparing for a new Data Protection Bill that will follow the same requirements as the GDPR, so that the same rules still will apply, once the UK leaves the European Union in 2019.
In the US, the laws on the protection of data are more fragmented, because they are a patchwork of sector specific laws, regarding for example healthcare companies or financial institutions, or restricted to specific states, like California.
However, the GDPR being the most thorough and far-reaching data protection regulation ever passed, it is likely to go global or in the least to serve as a model for future regulations the protection of data.
Therefore, it is in any case relevant to take measures to comply.
The regulations might here and now seem like an annoying obstacle for companies, but in the long run they are helping to restore the trust and equity between companies and consumers in a data driven world.
More info on ico.org website regards to privacy notices.