While working on my clients’ websites I am frequently asked about what information should be included on the privacy and cookie policy. I wrote this guide to help understand how they work, and what we should know to make the website GDPR (General Data Protection Regulation) compliant. Please note that this is just an informative article and should not be taken as legal advice.
What are web cookies?
Cookies are text or pieces of code that are used to store information. These cookies are placed on your browser, so the information collected is based on your device browser.
A common example of cookies is Google Analytics (GA). Cookies are harmless but they can collect exhaustive information. This information can be also used for advertising, displaying ads to a very accurate target.
What are the types and purpose of cookies?
There are 4 main types of cookies with different functionalities.
- Strictly necessary cookies, these are the cookies that store some basic and essential information while someone is navigating a website. One of the most common examples is when you are browsing on an e-commerce store and you add a product to the cart. The website will use cookies to keep that product on the basket during that session.
- Preference cookies: These cookies allow you to save some preferences related to that website on a browser. For example, if you create an account and you want the website to remember some information, these cookies will store information like your user name and password. Also, these cookies can be used to save some basic preferences such as language or country of a website.
- Statistic cookies: These collect information related to the performance of your website, for example how many visitors, how long they expend on a website. Google Analytics are cookies of this type.
- Marketing cookies: This is the type of cookies that tracks information and then is used to deliver advertising. One of the most common examples is Facebook Ads, using the Facebook Pixel. This will track some information related to the visitors of your website that later can be used to display advertising.
What thing should I consider to make my website “cookies” compliant
- The first thing you should do is display a pop up banner that allows your visitors to accept the use of cookies or refuse the use of cookies on your website.
I usually use Cookie notice for WordPress https://wordpress.org/plugins/cookie-notice/
The free version is very simple to set up and cover the basic requirements
If you want something with some advanced options, you can use Cookiebot https://www.cookiebot.com/en/. This allow users to accept different types of cookies, and it can be used with any platform or content management system.
- Except for the essential cookies, you should ask for consent before triggering the other cookies. For example, your website can’t start tracking any data from GA until you have the consent of your visitor.
- To make sure about this use a plugin or add-on that blocks all the tracking codes or cookies on your website previous consent. Cookie Notice plugin for WordPress has the option to add the those tracking code that you need to block on the settings.
- Create a cookie policy where you inform the visitor about the purpose of your cookies.
Where can I see the cookies that a website is using?
If you click on the lock on the left side of your browser you will see a folder with the cookies, and if you expand this you will find more details about the cookies and who they belong too, for example Facebook, doubleclick, etc…
How can I create a Policy
You can use a Privacy and cookies Policy website generator like https://www.websitepolicies.com/. I think that if you are doing this through a website it is well worth it to spend a few pounds and use a premium policy.
Also, you may want to have them checked by a lawyer to make sure that you are covering everything. If there is something that you would like to discuss about your website you can send me a message here. I would love to know about your business and your website.