Published on .
What Does GDPR Say About Cookies?
To be honest, not much! In fact, the word “cookie” is only mentioned once in the 88-page Regulation.
GDPR states that one can identify a natural person using the data collected by online identifiers such as cookie identifiers, with or without any additional data.
Cookies collect information that may be considered as personal data. Under GDPR, collecting personal data is subject to certain restrictions.
This is precisely the reason GDPR affects how you use internet cookies, despite most of them being harmless.
The law mandates that data controllers (in this case, the website owner) must be transparent about their data collection and processing and require prior consent from data subjects (site visitors) for the same.
GDPR makes it clear that data subjects have all the right to know all about these identifiers that collect their personal data and that they can object to it if they want to.
The simpler the explanation, the better they will understand and trust you.
What are cookies?
Many people visiting your website may have only a little or no knowledge of internet cookies. This part will be useful to them.
You can start with a general description of cookies and then the type of cookies and their purpose.
Aim for this part is to give visitors some idea about what cookies do before you have to explain how and why your site uses them.
"what are cookies" - Spotify
Now, this is the part where you have to list all the cookies that your website uses.
You have to explain how you use the type of cookies listed in the “what are cookies” part.
You should mention the site’s purpose for using each type of these cookies. If they have any storage duration, that too needs to be mentioned.
You can also discuss if your site, or any third party on your behalf, stores third-party cookies on the visitor’s device, and why. This information can be added as a separate part as well.
You have to explicitly mention if these cookies store the visitor’s personal data. And, if they do, then be clear about what kind of personal data the cookies collect and why.
How to manage cookies?
Your visitors may want not to share their personal data with you or third parties. Or they may not want you to monitor their online behavior. You are liable to provide them with options to opt out of such cookies.
In this part, you should mention various settings to manage or delete these cookies. The methods include browser settings, site settings, or links to allaboutcookies that explains in detail how to control cookies.
For cookies by third parties, you can link them to their settings/website.
"How to manage cookies" - Facebook
The following are some good examples of GDPR complying cookie policies:
Disclaimer: This article does not represent legal advice. The purpose of this article is to provide general information only. Hence, for any legal advice, please contact a lawyer specialized in the area.