GDPR What Are Cookies and Why Do I need a Cookie Notice On My Website

GDPR What Are Cookies and Why Do I need a Cookie Notice On My Website

Cookies are tiny little data files that websites drop on internet web browsers in order to provide a certain function. The nature of that function varies from providing better website functionality to full scale tracking of the viewers web activity. Any website worthy of the name will use at least one cookie, so if you have a modern, well functioning website then you can be sure that it uses cookies.

Countdown To GDPR Compliance





For clarity there are 3 types of cookies that websites use, namely:

  1. Session Cookies: Theses Cookies expire once you close your browser and provide a function that allows your website to operate more efficiently. They track and store pieces of information that should not identify the user in any personal way, for example it might store that you have added an item to a shopping cart on an ecommerce website, but does not store your credit card or other personal information.
  2. Permanent Cookies: These are persistent Cookies that remain on your browser even after you have closed it. While persistent, by law they can not be stored on your browser for a period longer than 6 months. These can be beneficial to returning visitors like providing the function of storing usernames and passwords to assist in login without the need to enter either of these every time.
  3. Third-party Cookies: From a GDPR point of view it is these third party cookies which cause the most headaches. As the name suggests these cookies are left by third party websites such as Google or Facebook, and they track your visitor even after they have left your website, in fact they follow them all over the entire world wide web. The purpose of these cookies is to collect data to build profiles on users primarily to better target advertising toward them, though they can also be used more nefariously.

In this follow on post I discuss in more detail how GDPR is changing the rules on the permissions required for the use of website cookies, and in particular the requirement to be able to control and turn off the unnecessary ones.

Related to this cookie control requirements, websites are now also required to have a cookies policy which clearly and transparently discloses:

  • The ID of the cookie (name)
  • the kind of cookies that the website uses (type)
  • who the author of the cookie is (provider)
  • for what purpose it is being used (purpose)
  • when the cookie expires (expiry)

The cookie policy should also give clear instructions on how the viewer can opt out of, or turn off non essential cookies. Most web browsers offer the ability to turn off cookies at browser level and google provides an add on for browsers that allows you to turn off Google analytics. However the additions of these instructions to your website may not be enough to make your website GDPR compliant from a cookies point of view.

Disclaimer: GDPR is a serious topic and can have financial & legal ramifications for business owners that do not correctly comply. As I am not a legal professional I make no claim that this article or subsequent articles definitively covers everything that website owners should know, as such I would highly recommend that you do further research on the topic and seek legal advice should you deem it necessary. You should not rely on the contents of this article as legal proof of anything and I accept no responsibility or liability for its accuracy.

Latest news

ready to improve your online presence?

Time to Get Your Website Working For You

YES I'm ready! let's Go!