Cookie Banner Rules
On 3rd July 2019, the ICO (the UK data protection authority) updated their guidance on the rules regarding the use of cookies and other similar technologies. Here, we discuss in further detail what these new guidelines include and whether you your business needs to make any changes to your website in order to be completely compliant.
What are cookies?
Cookies are text files which typically contain 2 pieces of information: a site name and unique user. They work when you visit a site that uses cookies for the first time, as a cookie is then downloaded onto your computer. The next time you visit that site, the computer checks to see if that cookie is still relevant and sends the information in that cookie back to the website. This all means that the company then knows that you have visited the website before. Some cookies are more sophisticated than others and can record information such as how long you have spent on that website, where you have clicked and what is in your shopping bag, providing the business with valuable information. Cookies are good in the way that companies can use this data to provide a better online experience for their customers, however there are some concerns over privacy and how the companies use this data.
The Court of Justice of the European Union (CJEU) has recently ruled that any consent box that are pre-checked within a cookie banner is not legally valid. If you currently have a cookie banner which involves a user having to untick a box to opt out of cookies, then you need to redesign the banner.
The new guidelines the ICO have released also includes the following information that businesses should adhere to:
You can never imply that a customer has provided consent. - Avoid using statements such as “by continuing to use this website you are agreeing to cookies”. Statements such as these do not comply with GDPR (General Data Protection Regulation) which requires the customer to clearly state they want to be part of it. Pre ticked boxes, and sliders defaulted to ‘on’ are also not allowed if the cookies are not essential.
Be careful with use of banners and pop ups- Pop ups highlighting the use of cookies to obtain consent are useful however you need to ensure that non-essential cookies are not used if the customer doesn’t click on the accept button in the banner and instead continues to click on a different part of the page. This is suggesting that they didn’t directly give you permission.
Cookie walls are not allowed- You cannot use cookie walls which restrict access to a service until the customer consents to cookies. This is because the customer has no genuine choice to opt out, even if they wanted to.
Remember GDPR- If you are a company not in the EEA (European Economic Area) but still do business within Europe, you will still have to comply to GDPR legislation which will impact the use of cookies.
Considering these guidelines, it is important for businesses who currently use cookies to evaluate how they use them and ensure they are being presented to customers in the correct way.
If you would like any more information on cookie consent or would like help changing your cookie policy then the DBS web development team will be happy to help. Give us a call on 01522 811688.