Data privacy laws such as Europe’s General Data Privacy Regulation (“GDPR”) have changed the way that companies collect, transfer and store data. Even though GDPR has been in effect for more than two years, a number of myths about cookie usage persist, which can expose companies to the risk of financial penalties for GDPR noncompliance. Companies need to implement compliant consent collection mechanisms (and no, that does not mean using a cookie wall) to ensure they are mitigating those risks. Below we outline some of the existing myths regarding cookie collection (note that the below relates to GDPR compliance, which differs from rules under different data privacy laws such as the California Consumer Privacy Act (“CCPA”), which is an “opt-out” regulation).
Fact: GPDR requires explicit, rather than implied, consent. In practice, your users must take a clear and positive action to consent to non-essential cookies, meaning that
Consent is not required for cookies that are defined as “strictly necessary”, meaning those that are essential to providing the service requested by the visitor or for maintaining website functionality. Those that are simply helpful or convenient, but not essential, or that are only essential for your own purposes, will still require explicit consent.
Fact: Analytics cookies can provide you with useful information, and many companies depend on the information they provide to make strategic business decisions. However, they are not part of the functionality that the visitor requests when they use your online service, because if you didn’t have analytics running, the visitor could still be able to access your service. They’re non-essential, and you have to gain explicit consent prior to turning on these cookies.
Fact: Not only is this a poor business practice that makes your customers feel badly, it is not a GDPR-compliant methodology. Visitors often see a banner that reads something along the lines of “by continuing to use this website you are agreeing to the use of cookies” or an “I agree” button with no ability to opt-out. Unfortunately, a number of cookie consent platforms use this methodology, and companies using these cookie walls are at risk.
Fact: You may have a legitimate interest in collecting data by setting these cookies, however consent is always required for non-essential cookies, such as those used for the purposes of marketing and advertising.
Fact: Regulators are attempting to balance the need for innovation with enforcing people’s legal rights. Cookies and similar technologies are powerful tools that make the online world more efficient, and businesses utilize them to provide their customers with a better experience. Companies aren’t going to stop using cookies any time soon, so they will need to ensure that their cookie usage is in compliance with GDPR (and other global data privacy laws).
Clym believes in striking a balance between digital compliance and your business needs, which is why we offer businesses the following:
You can convince yourself and see Clym in action by booking a demo or reaching out to us to discuss your specific needs today.