If your website uses cookies and falls under the EU Cookies Directive, you need to:
-Inform your users that you're using cookies,
-Get consent before placing any cookies, and
-Give users options for opting out and adjusting cookies settings
Learn more about doing each of these steps and making sure you're compliant with the law by doing a cookies audit: https://termsfeed.com/blog/cookies-audit/
2. If your business is:
EU-based or aimed towards consumers in the EU, and
You use cookies…
...you must follow the ePrivacy Directive Article 5(3) (1) that
deals with cookies.
(1) Link to https://termsfeed.com/blog/eu-cookies-directive/
3. Article 5(3) requires you to:
Inform users that your website uses cookies,
Obtain consent before using cookies, and
Give users options when it comes to cookies
4. The ePrivacy Directive began in 2011, and the requirement
for cookies notifications and consent has been enforceable
since 2012.
5. However, in 2015, the Article 29 Working Party (an
independent advisory board formed to address
issues related to data protection and privacy in
Europe) conducted a “Cookie Sweep” (2) and
found some disturbing trends.
(2) Link to http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2015/wp229_en.pdf
6. The “Cookie Sweep” examined 250 of the most
frequently visited websites in EU member states.
It found the following 4 main issues:
7. Excessive cookies usage
On average, media websites placed about 50 cookies
on a user’s browser during his first visit to the website.
Excessively long expiration dates on cookies
Some websites had cookies set to expire 8,000 years
into the future.
Average time should be about 1 year.
8. Missing notifications and consent
A quarter of websites didn’t inform users that cookies
were in use.
Half of the websites that did inform users didn’t seek to
obtain consent.
Limited control options
Only about 16% of websites gave users the ability to control
or opt out of cookies placement.
9. Websites that need to improve their privacy practices
and stay compliant with the ePrivacy Directive should
conduct a cookies audit.
I Accept
10. Here are the 3 things you need to check
during your cookies audit.
11. Are you Informing?
As soon as a user visits your website for the first time,
you must inform him that your website uses cookies.
This notification needs to go on every page of your
website for first time visitors since not everyone will
go to your homepage first.
There are a number of ways you can present this
notification (3).
(3) Link to https://termsfeed.com/blog/4-ways-notify-users-cookies/
12. You can use a fixed header or footer notification.
13. You can also use a pop-up box that stays in place even
when a user scrolls.
14. Add a link to your Privacy Policy or separate Cookies Policy
somewhere in your notification.
15. Are you obtaining consent?
You must obtain consent to place cookies before you can
place any cookies.
Obtain consent by a passive browsewrap method, or with
a more direct clickwrap method (4) .
The clickwrap method is recommended because it makes
consent more certain, but both methods are widely used.
(4) Link to https://termsfeed.com/blog/browsewrap-clickwrap/
16. With browsewrap, you can let users know that by continuing
to browse your website, they’re consenting to your use of
cookies.
17. With clickwrap, a user will
have to click something
to signal actual consent.
18. Are you giving users control?
Provide your users with choices when it comes to cookies.
Include a way to adjust cookie settings, decline specific
cookies and learn more about what cookies you use.
19. You can use a separate
Cookie Control feature or
similar type of settings
adjuster.
20. You can also include ways to change cookie settings and
learn more directly in your notification.
21. To summarize:
Inform your users that you use cookies
Obtain consent before using them
Provide options for the user to
change/decline cookies
COOKIES
I Accept