You have likely noticed a large number of websites hitting you with a “Cookie Policy” over the past few years when you visit their site. It probably mentions something about the site using cookies and data collection, and asks you to either accept this or informs you that continuing to use the site constitutes your acceptance. But what is this cookie business all about, and how do you know if your website needs a cookie policy? Let’s review what cookies are and explore why or when you might need to disclose this on your website.
What is a Website Cookie?
No, you won’t find any chocolate chips or macadamia nuts here. Website or computer cookies are like tiny data files that are stored in your web browser which help improve the overall website browsing experience. They can help keep track of things like whether or not you’ve previously visited a website, and certain things that happened during your visit. For example, without using a cookie, you would get hit with that same “cookie notice” policy every time you visited a site because it wouldn’t know that you’ve previously been to the site and accepted. Ever shopped on a website without being logged in and added items to a cart? Cookies are sometimes used to “remember” the items in your cart so that you can keep browsing and shopping the site until you’re ready to check out (or come back later and continue shopping with your cart still in-tact.) Some cookies are session based, and are only used during your current visit, essentially resetting when you leave that site. Or if you’ve ever cleared your cookies, you may have been irritated to find that you’re now logged out of websites you previously stayed logged in to. As you can see, a number of the features we use on websites all over the internet rely on cookies!
Can I get rid of Cookies?
From a user perspective, most major internet browsers allow you to delete existing cookies or manage what happens with cookies. Google, for example, has clear instructions of how to manage cookies in Chrome. Each is a little different, but you should find access to this in the settings of your browser. However, it gets a little more complicated for many websites in terms of being able to not use cookies. As mentioned, cookies help a lot of website features work correctly, and without them, the user experience on many websites would deteriorate or at the very least be extremely frustrating for the user. These are often referred to as “first-party cookies”, as they are generated by the site you’re visiting and are critical to on-site functionality. There generally isn’t a whole lot you can do to avoid these.
Other cookies, called “third-party cookies”, are often more flexible. These cookies are generated by another website and can track data across domains. For example, a website may use a data analytics third-party cookies to allow the tool to gather aggregate data from the website on how many people visited a page, clicked on a link, were new vs. returning visitors to the site, etc. Though this may seem less important to a website visitor, the stats help website owners determine what’s working well and what needs to be improved for visitors on a site. Third party cookies could also come into play when a YouTube video is embedded on a website (meaning you can play the video without needing to leave the site and go to YouTube to watch it). And yes, third-party cookies are also used to help tailor ads that you’re shown wherever you go online so that we can be served with more relevant content.
Why Am I Noticing More Cookie Policies These Days?
In May of 2018 there was a piece of legislation that went into effect in the European Union (EU) regarding data privacy of anyone in the EU. Although passed in the EU, the legislation, known as GDPR (General Data Protection Regulation), applies to anyone who is collecting personally identifiable information of any EU resident. So even if you are a U.S. based business, if you collect information from EU visitors this legislation affects you. Personal information can include anything and everything from names, phone numbers, email addresses, and even IP addresses. The terms of the legislation require transparency of what is being collected and for what purpose, along with collecting consent. Thus, the boom in cookie notices and policies was born. What the EU has enforced certainly created a trend with other countries. California already has their own California Privacy Rights Act (CPRA), and other states are looking to enforce new policies similar in nature as well.
Does my Website Need a Cookie Policy?
Whether your site needs a cookie policy (and if so, what type) depends in large part on what cookies you’re currently using, and who you do business with/where your website visitors come from. Including a cookie policy can certainly help improve your overall transparency to your site visitors though and help promote trust. Many sites have chosen to go the route of precaution and implement one regardless of circumstances. When in doubt, it’s best to consult with a legal expert on this matter.