Browser Cookies: How to Make Sure Your Business Website is Cookie Compliant
Have you ever felt like Big Brother was following you around online?
You viewed a winter coat on a clothing website and found the same winter coat staring back at you as soon as you opened Facebook.
The creepier part is…it’s on sale. It’s as if someone read your mind and discovered that you were thinking twice about buying the coat because of the price.
You can relax. No one read your mind. It’s browser cookies in action.
What are cookies?
Cookies are bits of text stored in your computer’s browser. They allow websites to remember and gather information about you through giving you unique user or session IDs.
Tracking user information is supposed to be their main purpose. Used properly, they make the online user experience better. For example, you don’t have to enter your username and password every time you log into Facebook.
According to Google, it can also remember your preferences, like your preferred language and other settings.
From a business owner’s standpoint, they make increasing revenue easier. Even if a user didn’t complete a purchase on your e-commerce website, the items will remain in their shopping cart.
Lou Montulli first developed cookies in the 1990s while working for Netscape. He created cookies to track repeat visits to the company website.
As the Internet continued to evolve, people realised the huge impact cookies made on our privacy. It allowed websites to track activity from one website to another. They could then make informed conclusions about our interests, beliefs, and daily activities based on the data gathered.
Can you imagine what would happen if someone with nefarious intentions linked that data to our full names and contact information?
Types of Cookies
Not all cookies are created equal. Some have different purposes while others stick around your browser longer. Here are the three main types:
Remember what I said earlier about cookies that let you add items to your online shopping cart? They’re usually session cookies and expire as soon as you log out or close the browser.
Web pages can’t remember individual users or sessions. Without cookies, you would need to log in again every time you revisit a site that requires a login.
Online shopping would also be ten times harder. If an e-commerce website doesn’t use session cookies, you’d need to add all your items to your cart over and over whenever you navigate to another page.
Unlike session cookies that expire when you close your browser, persistent cookies are scheduled to expire at a later date.
This is where things get a bit more concerning. Persistent cookies can stay on your browser for years. Unless you remove them manually, they’re going to continue tracking your browsing habits until they expire.
Often used for advertising, third-party cookies are the most suspicious cookies of all.
Session and persistent cookies are from websites that you visit at one point or another. Third-party cookies, on the other hand, can come from websites or servers that you’ve never even heard of.
Let’s say that you visit two different websites using third-party cookies from the same advertising network. When you visited Website A, you clicked on a product page for Bluetooth headphones. You’re going to see ads for the same Bluetooth headphones when you visit Website B.
Third-party cookies are usually the reason why we feel like we’re being followed online. Because we are in a sense.
The European Cookie Law
EU countries adopted what is now known as The Cookie Law in May 2011. Due to the legislation, all websites owned by or geared toward EU citizens need to ask for permission before collecting information.
Even if you’re based in Australia, your website still needs to follow The Cookie Law if you’re aiming to reach clients in the EU.
Complying depends on which EU country your customers live. All EU countries did adopt The Cookie Law, but they’re enforcing it in different ways. Each government created different directives and corresponding penalties. For example, Germany’s cookie laws are much stricter compared to the UK.
As an Australian business owner, you might be wondering how to proceed. Since you’re not in the EU, could you get away with not complying?
Technically, the answer is yes.
But–and this is a major but–your EU customers will soon or are already expecting to see compliance notices whenever they access a website. Failing to see yours could be a major red flag for them. You don’t want to lose potential customers by avoiding something you could easily implement.
Besides, if or when privacy laws become stricter in the future, you’ll be more prepared than your competitors.
Before we proceed, we would like to note that we are not legal professionals. If you’d like a more nuanced discussion about The Cookie Law, you should contact a legal professional.
How to Comply with the Cookie Law
Perform a cookie audit on your website.
Before adding the necessary notifications, you need to know what cookies your website is using.
Conduct a full audit and make sure you answer the following questions:
- How many cookies are you using?
- What kind of information do they collect?
- What purpose do they serve?
- When do these cookies expire?
- What types of cookies are they? A session, persistent or third-party?
By this point, you might be wondering how to get answers to all these questions.
There are plenty of companies online that offer cookie audit services. Whether they’ll help you more with compliance after finishing is a different story.
You can also try using cookie auditing tools that can be found online. Some are paid while others are free.
Cookiebot is one example. They offer both free and paid services depending on the number of pages your website has. It scans the cookies on your website and adds a handy consent banner that allows visitors to opt-in.
Cookiebot can perform a quick scan of your website so you can determine if it’s cookie compliant or not. All you have to do is enter your email address on their homepage and click on Check My Website.
It will then send you a quick report summarising your results. Here are the three main things you need to comply with:
- Prior consent on other than strictly necessary cookies (ePrivacy Directive)
- Prior consent on personal data (GDPR)
- Personal data is transmitted to ‘adequate countries’ only (GDPR)
If you feel out of your depth with all this technical stuff, it might be helpful to speak to a professional.
Add a cookie consent notice.
After you figure out which cookies your website is using, it’s time to notify visitors of their use.
To comply with EU cookie laws, your website has to do two things:
Unless your cookies are strictly necessary (your website can’t function without them), you’ll need to ask for permission.
Tell visitors what these cookies do and what information they’ll gather.
Transparency is key. You’re telling visitors what type of information you’re collecting and how you’ll use it. If you’re not doing anything suspicious with their personal data, you won’t have anything to hide.
Most websites prefer to add an opt-in box to their websites. The second a visitor lands on the site, the box pops up in one corner. The standard text used in these opt-in boxes often looks like this:
Create a Cookies page.
That doesn’t comply with EU standards.
When drafting the copy for your Cookies page, keep in mind that what you’re writing is for your visitors. Minimise the legal jargon as much as possible. Explain as clearly as you can what cookies you’re using and how you’re using them.
Once again, transparency is key.
If you find this too difficult, there are plenty of free cookies page templates online. You can find one and adapt it to your needs.
Your Cookie Compliance Toolbox
Cookie Notice for GDPR
This means that it’s not going to perform audits for you, but it can create a notification that visitors can agree to should they continue browsing the site. You can even customise the cookie message so it fits in with your website’s design.
Some additional features include the option to reload the page after cookies are accepted, select the position of the cookie message box, SEO friendliness and more.
As of this writing, Cookie Notice has received 305 five-star ratings out of 326. It’s safe to say that webmasters who use it are satisfied.
Attacat Cookie Audit Tool
It checks your website to see what cookies it’s using and what kind of information they collect from visitors. It can then generate copy for your Cookies page based on the audit it conducted.
Attacat Cookie Audit Tool is a fantastic tool that streamlines the whole compliance process. The only problem is, it’s a Google Chrome extension, which means that you need to use Google Chrome.
If you prefer using other browsers like Safari or Mozilla Firefox, you might prefer to go with another tool.
Cookies can collect information about you and your online activities.
Since businesses can use them to target users and make sales, it’s no surprise they’ve raised several privacy-related concerns.
Even if you’re in Australia, complying with The Cookie Law would still be in your best interest if you’re aiming to work with EU customers.
Complying isn’t as hard as it sounds. The Internet abounds with tools and services that will make the whole process easier for you.
Tell visitors what cookies you’re using and what kind of information they’re gathering. The key thing to keep in mind is transparency.
Cornerstone Digital is a web development company in Sydney. If you want to make sure your website is compliant with EU’s cookie law, we’d be glad to help you. Call us on (02) 8211 0668 or email us at [email protected]
A self-professed book and digital marketing nerd, Darlyn Herradura focuses on building trust between customers and businesses with the written word. She understands that creating valuable content is the best way to get found online and happily spends her time doing that.