Cookies are tiny bits of code that identify you and your browser for a variety of reasons. Some simply enable a website to function in a way that is compatible with your device and other settings while others are potentially more intrusive – used to track locations, on-site actions and more. And if you’re asking whether your company needs to have a policy or consent banner that notifies your users of your own cookie practices, you’re likely no stranger to the conversations around them and their relation to data privacy and the regulations that ensure it. Your need for a cookie banner can be somewhat defined by the data privacy laws your company is subject to.
Disclosure: while these are our opinions, we are not lawyers. If you have legal concerns, we strongly suggest you seek the advice of legal professionals.
Cookie Policies and Consent If Your Company is Subject to GDPR
GDPR also requires a further level of consideration called “prior consent.” In essence, this means that you must first ask for permission before setting a cookie on a user’s browser as opposed to setting it and then giving the user an option to opt out. This is problematic because in most cases, cookies are set when a page loads. This means that a user must be presented with the option to opt in for cookies, have that opt-in recorded and only then have the cookie set. This can be tough to manage given that most websites lack the native functionality to – Load page > pause cookie set > opt-in/out > load no cookies or only the opted in cookies.
Cookie Policies and Consent If Your Company is Subject to CCPA or Similar State Regulations
While there are considerations for cookies under CCPA, they vary greatly from the requirements of GDPR. Under CCPA, many cookies frequently used by marketers and advertisers are still deemed to be personal information in many circumstances. This means that they should be part of a CCPA compliance plan.
Cookie Policies and Consent If Your Company is Not Subject to Data Privacy Laws