Blog | Clym

Cookie Consent And The GDPR - Demystifying Cookies - Clym

Written by Michael Williams | 18 October 2018

An introduction into cookie consent and the GDPR, explaining what cookies are, how they are affected by the GDPR and why everyone should take notice.

Cookie consent is facing big changes with this year’s General Data Protection Regulation (GDPR). Cookies are a vital part of web-browsing and, although you don’t often know they are there and functioning, it’s about time you did. There are various types of cookies but they usually have the function of remembering users’ information on a website or to record the users’ browsing activity–such as clicking particular buttons or logging in.

Demystifying cookies

Here is a breakdown on some of the different types of cookies that factor into your web browsing experience:

Strictly necessary cookies

These cookies ensure the website delivers you information and services securely and optimally. The use of these cookies can be based on legitimate interest, without requiring the user’s explicit consent.

Functionality cookies

These enable websites to remember certain choices the user makes, such as text size or user name. They help give a more personalised service and improve user experience on the site.

Performance cookies

Performance cookies are tools used to monitor visitor behaviour on websites, helping them improve their information and services.

Third party cookies

Web pages use third-party services or software – such as maps or social network features – which will set cookies on your device. Cookies are needed for these to work but one can disable these types of cookies, which will often prevent them from viewing the content.

Advertising cookies

Websites will sometimes use tracking pixels that set cookies to help with online advertising. These cookies track what pages a user looked at and will highlight specific offers or events they may be interested in.

‍Cookies are usually seen as something bad, although this is not the case. Cookies are merely IDs for your device. They don’t collect data about you, but rather identify the fact that you’ve visited a specific website. The scripts which set the cookies do collect data, but the way that happens is changing. With the new new rules on cookie consent and the GDPR, will now have greater control on how their personal data is treated.

Let’s look at how.

Cookie consent and the GDPR: what is the GDPR and how will it affect the way you visit websites?

The General Data Protection Regulation (GDPR) is a regulation on data protection and privacy that went into effect in May 2018 for all EU citizens – regardless of the processor’s location. Seen as the world’s strongest data protection standard, it essentially allows people to have greater control and access to the data that companies hold about them. Companies now need to obtain explicit consent from data subjects, or face big fines.

This clearly affects the way users browse the internet, as implied consent is no longer sufficient. Cookie consent must be given through a clear affirmative action, such as clicking an opt-in box or choosing settings or preferences on a settings menu. Simply visiting a site doesn’t count as consent, as it was before.

The GDPR law stresses that the data collected by a company collects must be revealed, in the sense that companies must reveal the purposes they intend to use it for or how it will be handled (e.g., Will it be shared with other parties or transferred internationally?). Ever since the GDPR went into effect, websites now have to make it clear to the user what cookies are being used and for what purpose. Companies also have to give the visitor a chance to explicitly opt-in to the use of cookies. Similarly, they must be able to opt-out the same way they opted-in.

As a user, if your privacy really is important, you can look at the various cookies used by a particular website and disable them. This is important if you don’t want your data shared with a third party which will use your information to bombard you with specific adverts.

But what can companies do to make sure their website is ethical, and, above all, comply with GDPR? Well, a number of things. Firstly, clearly classifying the cookies on your site in layman’s terms is important. The user needs to know what files are downloaded on to their devices when they access certain websites and how they will be used. “By using this website, you accept cookies” is not enough. The data subject needs to be given a real choice.

This means a cookie consent management tool is useful and maybe even essential for web page owners. Visitors need to be able to give consent and take it away just as easily, if necessary. If the user ticked a box to opt-in to loading a cookie, they need to be able to find the same form to revoke consent.

Now, all websites will need to take this on-board, making it a lot clearer for users to know how their data is being handled. Hopefully, big companies won’t just see this as something to abide by to avoid fines, but rather they’ll turn it into something that will ultimately benefit the users of their websites. It can also be seen as an opportunity: companies will start to foster more trust with their users. In turn, hopefully those of us browsing the web will start placing more value on how our data is handled.