1. What is a cookie?
A cookie is the digital footprint of a visitor to your website. A cookie records the website URL visited and attaches a unique ID for each visitor. It enables the website to function more efficiently – by remembering a visitor to the website including such details such as preferences, log in details – and aids the monitoring of browsing habits.
2. Shouldn’t we let visitors to our website know we’re kind of stalking them?
Cookies can’t reveal identities or personal information about website visitors unless linked directly or indirectly to an individual when combined with other information, such as their name. They are mainly used to target specific advertisements to certain web users. However, you are 100% right - if you have UK or EU visitors to your website you must comply with data protection legislation or risk legal action from the Information Commissioners’ Office (ICO) by not having a clear cookie policy set out.
3. What is a cookie policy and what should it include?
The first time someone visits your website, a pop-up or banner should appear. This is a statement from your company setting out what kinds of cookies are active on your site, the duration of the cookies, what data they hold and how the data is used. You are legally required to give visitors to your site the ability to opt out of the cookies before progressing.
Crafting your consent banner or pop-up to be as user-friendly as possible can be tricky, we’re here to help. You’ll also want to make sure it’s updated regularly to save you from liability further down the road.
4. Is a cookie policy the same as a privacy policy?
Not the same no, sometimes a cookie policy forms part of a larger privacy policy explaining how and why someone’s data is collected and used. It can also simply take the form of a standalone policy.
5. Are there different flavours… I mean types of cookies out there?
There are indeed! There’s a veritable feast of them!
- Session or persistent cookies – which are classified according to their lifespan
- First-party or Third-party cookies – which are based on the domain (the URL) to which the cookie belongs
- Strictly necessary cookies – which are needed for the operation of a website
- Analytical cookies – which assist in improving how a website works
- Functionality cookies – which recognise a user when they return to a website
- Targeting cookies – which are commonly used to serve users with targeted online advertising
- Social media cookies – which allow the user to share what they have been doing on a website on social media.
6. Do we have to worry about third-party cookies on our website too?
Yes. If you include content from a third-party, that third-party may read and write their own cookies onto users’ devices. In these circumstances, both you and the third-party have a responsibility for ensuring users are clearly informed about these cookies and for obtaining consent.
7. How long should a cookie last?
Difficult to say as it depends on the purpose you use the cookie for. However, the ICO says that you need to ensure your use of the cookie is:
- Proportionate in relation to your intended outcome; and
- Limited to what is necessary to achieve your purpose.
8. What can happen if I don’t have a cookie policy?
If you don’t have one (or your present one is inadequate) and you continue to collect data from users, the ICO can levy substantial fines including:
- Up to £17.5m or 4% of total worldwide annual turnover, whichever is the higher for failing to comply with UK GDPR or the Data Protection Act 2018; or
- Up to £500,000 for failing to comply with PECR (the Privacy and Electronic Communications Regulations).
9. Can Law 365 help us?
Yes, of course we can! We’re able to review current wording you may have, or we can prepare bespoke wording for both cookie and privacy policies which will afford you the legal protection and the peace of mind you need.
Further reading
