March 25, 2021
As much as we all love a fresh-baked cookie; most of us do a good job of bypassing a website’s cookie policy without a second glance. We click accept and get on with buying our latest lockdown must-have.
But if your business has a website, you will need to make use of cookies. A personalised and comprehensive cookie policy is the best approach to keep you and your business safe and avoid unnecessary fines.
In December 2020, Google LLC and Google Ireland Limited were fined approximately €100 million for using cookies without consent. Ouch!
To help you avoid these pitfalls, we’ve listed 4 things you need to know to help you become “Star baker” of your website’s cookie policy.
1. What is a cookie policy?
Yes, we all know we’re not talking about chocolate chip cookies, we’re talking about website or HTTP cookies. Cookies are a fantastic way to record a visitor’s use of your website, tracking movement to see what products or services are getting the most interest and, also importantly, when customers leave. Like a chef who realises his customers are ordering lots of burgers, this gives him the information to order more mince and buns. The Cookie Policy is a way of letting visitors to your website know what data of theirs is being collected and stored and how it is being used. To be completely transparent about your use of cookies, you’ll want to install a pop-up to alert users of your cookie policy, with a “tick box” to give them the option to allow the use of cookies, if they choose.
2. Do I need a cookie policy?
Yes indeed, if you have a website you need to provide a cookie policy. Website visitor information is protected by UK legislation (Data Protection Act 2018), and the last thing you want is a call from the ICO. Remember, it’s the visitor’s right to choose whether or not they share their information with you. Having your cookie policy pop up and the customer clicking “allow” is enough to cover your back, but simply stating “if you continue to use our website you will be accepting our cookies” is not.
3. What information can I collect, and how can I use it?
It’s all about personal data. Knowing the data you are using is key to getting a grip on your cookie policy. You must know what data you are collecting, who has access to it, where it is stored, and when and how you are allowed to use it. For instance, let’s imagine Deborah has an online shop. She collects information on what customers are buying to help her see what’s popular. She also stores login details (so customers don’t have to take time typing and remembering passwords) and this fact is written in her cookie policy for customers to see. Easy! But… then she installs a link for customers to ‘like’ her products on Facebook. Suddenly Facebook becomes the third-party, able to use the information Deborah has gathered and use it for their marketing purposes. In turn, Deborah gets more traffic flow from Facebook. Win-win, right? Well, only if Deborah has updated the use of third-party cookies in her policy. Without that, she could risk action being taken by the regulators (ICO) and that can lead to a fine. There could be other repercussions too -- people are less inclined to explore your website if they feel their privacy could be at risk. No, sir. Deborah does not like that!
4. How to write a Cookie Policy
Your policy needs to be transparent, thorough and compliant with Data Protection Law. To create your policy you have three different options.
- Write it yourself
- Buy a template and fill in the blanks
- Have a lawyer draw one up for you.
Not many people have the time, dedication, and legal know-how to write a cookie policy. Mistakes can lead to, you guessed it, more fines.
Templates are a good solution for saving time and perhaps saving money. At Law 365 we have a cookie policy template available to purchase. The problem with templates is that not all websites, companies and cookie policies are the same. There can be no perfect one-size-fits-all template.
The last option is a specialist lawyer specifically tailoring a cookie policy to fit your unique needs.
Here at Law 365, we can offer bespoke Cookie Policy templates, designed by our dedicated specialist IT lawyers, specifically for you. Give us a call.