The demand for data privacy by Internet users is at its peak, and it will continue to grow. Anything that does not give them enough control, especially when it comes to their data, will be frowned upon. And rightfully so. With proofs of data leaks and privacy violations coming up far more frequently, users’ concern for their data privacy is not far-fetched. According to Pew Research Center, eight-in-ten or more Americans feel that they have very little or no control over their data collected by organizations. This includes the (in)famous website cookies. Cookie control is, in fact, one of the most vital parts of a website’s privacy compliance.
When data privacy seems elusive, people will naturally gravitate towards solutions that offer them more control over their personal data. Tools that complicate privacy compliance is more of a burden than a solution. In today’s digital age, automated systems are far superior.
But first, let us look at the cookie control around the world and then how CookieYes’ automatic cookie control works.
What is cookie control?
What are the rules on cookies?
Cookie control has been carried out by many privacy regulations in the world. Among these, the EU’s GDPR, ePrivacy Directive, and the US’ CCPA (California Consumer Privacy Act) have stricter rules and wider territorial reach. Both the EU and US laws give users the right to deny websites from using third-party cookies that sell or share their data with third parties.
Scan your website for cookies and receive a detailed report on cookies on your website.
Cookie control in the EU
The EU has the most stringent rules for data protection in the world. Their laws are comprehensive and have a wider reach. Perhaps, that is why they are the blueprint for many other data protection laws that have been implemented all around the world. We can say that cookie control in the EU member countries set a benchmark for other countries.
Understand what makes a cookie strictly necessary here.
To summarize, you must follow these best practices to comply your website with the EU Cookie Law and GDPR:
- Inform users about cookies and their purpose and who sets them
- Obtain consent to use non-essential cookies via an explicit mechanism such as a button, toggle, or checkbox.
- Do not use pre-ticked checkboxes for cookie opt-in
- Block such cookies until the user gives consent
- Allow users to opt out of cookies
- Let users have granular consent control, i.e. selective consent to some cookies
- Allow users to withdraw consent and it should be as easy as giving consent
- Do not register consent via implicit methods such as scrolling or browsing through the web page or closing the cookie consent banner.
- Avoid using cookie walls that make full access to the website conditional on consent.
Cookie control in the US
The US data protection laws may not be as stringent as the EU laws. However, they do regulate how websites must handle the personal data of users, including cookie identifiers. The most important and popular among them is the California Consumer Privacy Act (CCPA). It is the first robust data protection law in the country. The state-wide law applies to all businesses that deal with the personal data of California residents. After CCPA, Virginia’s CDPA and Colorado Privacy Act followed suit and strengthened the US data protection regime.
The CCPA does not require websites to obtain consent for using cookies. However, the users must be able to opt out of cookies that sell their personal information of users. The same holds for the other two laws.
To comply with US privacy laws for cookies, you must follow these rules:
- Inform users about the cookies via a notice before or at the time of collecting user information.
- Disclose the type of cookies used, what data they collect and their purposes, and who set them.
- Let users opt out of cookies that sell or share personal data with third parties.
- The opt-out link/button can be placed on the notice and on the homepage of the website titled “Do Not Sell My Personal Information”.
Like GDPR, you must disclose the cookie information and other details in the privacy or cookie notice with the link to opt-out. The link to the cookie notice can be placed on the consent notice.
Cookie control in the UK
Following the UK’s exit from the EU (Brexit), the EU GDPR ceased to apply in the UK, unless the businesses in the country offer goods and services to EU customers. The Information Commissioner’s Office (ICO) became the primary data protection authority. Currently, the Data Protection Act 2018 and the UK-GDPR govern data protection in the UK.
Cookie control in UK laws resembles EU laws. The ICO’s guidelines on cookies and similar technologies propose almost the same rules for cookies.
Cookie control in Google Chrome and other web browsers
In January 2020, Google made a landmark decision to phase out support for third-party cookies in its web browser, Chrome by 2023. This makes Chrome the third major browser to part with third-party cookies after Apple’s Safari and Mozilla Firefox. This decision is a result of its need to meet the increasing demand for “greater privacy–including transparency, choice and control over how (the users’) data is used”.
Google’s third-party cookie control was followed by their introduction to an alternative – Federated Learning of Cohorts (FLoC). FLoC is an interest-based advertising feature for browsers without disclosing the user’s identity.
Many web browsers have included cookie blocking features to control their use. This has its fair share of disadvantages as it will adversely affect the basic functionality of a website controlled by first-party cookies. There are options to block only third-party cookies as well.
Read how to control and remove cookies from your web browser here.
Cookie control support by noyb
NOYB, an Austrian-based non-profit organization advocating for digital rights across Europe, was in news recently. On May 31, 2021, noyb sent over 500 draft complaints to organizations for using unlawful cookie banners, the largest since the implementation of the GDPR.
According to noyb, what started as a genuine intention of giving people more control over their data and keeping a check on data privacy, the websites now trick people into agreeing with their terms. This resulted in people seeing GDPR as a nuisance. The GDPR intends to make data privacy as simple as possible. However, the misuse of laws has made it all the more complicated. The complicated banner settings make people see GDPR cookie consent more as an inconvenience than an actual privacy solution. Some may interpret noyb’s effort as an end of cookie banners. However, it only elevates their significance and how to legally use them.
As per the latest developments, noyb filed 422 complaints with ten data protection authorities to organizations (82%) that have not fully stopped violating the GDPR, even after the warning. Only 42% of all violations “were remedied within 30 days”.
For the next phase, noyb will aim at 10,000 websites within one year.
“We expect the first decisions by the end of the year. By then we should see most other websites switch to simple ‘yes’ or ‘no’ options.” Max Schrems, Chairperson, noyb.
Automatic cookie control solution by CookieYes
CookieYes is a cloud-based tool to obtain consent for cookies and control scripts that set third-party cookies. You can add a cookie banner to ask consent from your website visitors and comply with laws like GDPR, CCPA, LGPD, ePrivacy Directive, and CNIL. The banner templates are designed to comply with the requirements of major privacy regulations and you can fully customize the banner to suit your website’s design. There are opt-in and opt-out for consent and the visitors can selectively enable or disable consent for cookie categories (necessary, advertisements, functional, analytics, etc.) that CookieYes identifies from its scanning. You can display the list of cookies in the audit table too.
CookieYes automatically blocks third-party cookies before receiving consent but you can also manually add scripts that set such cookies. Not only that, if the users want to withdraw their consent at any time, there is an option for that too. And, to demonstrate proof of consent, you can enable CookieYes to log the consents received (without storing any personal information of the users!). The users have control to view their consent status without worrying about the website storing their personal data.
Wait… that’s not all. There is more!
CookieYes cookie banners are geo-targeting, i.e. you can display them to visitors depending on their location (EU, UK, and US/California).
You can implement cookie control on any content management system, such as WordPress, Wix, Shopify, and Squarespace.
All these features (and more) plus a simple and intuitive UI with affordable pricing — that’s CookieYes for you!
Get your website the best cookie consent and control solution with CookieYes.
Frequently asked questions
Why are there cookie warnings?
Is cookie consent required in the US?
Cookie consent is not required in the US. However, the website must let users opt out of using cookies that sell or share their personal data.
Should I accept cookies?
Accepting cookies is a choice. It depends on what you feel about them.
The underlying point here is that no matter what your choice is, the website should work just fine.
We’d recommend avoiding accepting cookies on unencrypted websites or third-party cookies that collect your personal data (this may break some parts of the website); especially where you have to share your private information such as banking details or medical data.
Does Google Analytics require cookie consent?