Have you checked your website recently? Does it comply with the current ePrivacy and GDPR regulations?
So what has actually changed since GDPR was introduced in 2018?
The original law on cookies has not changed. What has changed is the definition of consent to process personal data. The new definition of consent is:
“it must be freely given, specific, informed and unambiguous, by a statement or by a clear affirmative action, which signifies agreement to the processing of personal data relating to him or her”.
As a result of the revised regulation (ePrivacy directive), the user must:
- be able to consent to or reject having cookies set
- be provided with clear and comprehensive information about each cookie before consenting/rejecting
- be provided with the option to choose which cookies they are consenting to/rejecting
- be able to change/withdraw their consent at any time with the same ease as consenting in the first place
- have the information about cookies and consenting to them prominently displayed and easily accessible
- understand how and why the cookie is using the information
I think my website does all that - so does it comply?
Reading the above revised regulations, you may think that your website complies - but are you sure?
- have you run a cookie audit to confirm what cookies are being set?
- you must be sure that no cookie is being set prior to a user consenting
- if a user rejects cookies, they must still be able to access your website.
- an ‘Accept All’/‘Reject All’ button to consent/reject cookies is no longer acceptable. The user must be presented with the option to be able to only consent to some cookies.
- within the options to consent/reject cookies, the options cannot be pre-checked (apart from necessary cookies, without which the website will not function - see note below).