The General Data Protection Regulation (GDPR) and the data protection guidelines for electronic communication (ePR) regulate cookies more. Therefore, the use of cookie banners and instructions on your website must be GDPR-compliant.
Complete transparency creates trust between a website and its users, between people and the Internet – in our digital infrastructure.
The interface of trust on the Internet is the cookie notice, the cookie banner or the cookie consent – it is a flashlight on the dark corners, X-ray glasses that depict the otherwise hidden anatomy of online tracking.
If it is approved. The GDPR and ePrivacy are legislative enforcements of the right to privacy, but the cookie notices are the real lock on your virtual front door.
The cookie notice explained
The name is somewhat misleading. It is actually more of an agreement than a notice. The name cookie notice implies that a website only has to inform its users about its cookies, whereas in reality – in the European legal reality of GDPR and ePrivacy – a website has to do a lot more.
A cookie consent form would be a much better nickname than a cookie notice. Why? Because a cookie notice is not just a casual way out of online tracking. (for example by using tracking cookies)
It is a mutual agreement between a website and its users, protection against persecution by third parties and – yes, right – a reform of the Internet towards a more transparent and user-friendly infrastructure.
What does a cookie notice look like?
They can be presented in a variety of forms and styles, but they are all intended to protect your right to privacy; withhold all tracking technologies used to collect your data until you – the user – give your consent.
Example of a very good cookie notification that is clear and detailed and allows real visitor consent.
Two types of cookie consent
In most cases, consent is given as so-called active consent (or “tacit consent” or “soft opt-in”). This means that if the user ignores the cookie notification and clicks through the website, consent is given by the user being active on the website after the cookie notification; that the user is actively surfing despite a clear cookie message. However, sometimes explicit consent is required.
The express consent is the type of cookie information that normally appears in the center of the screen when you arrive on a website and significantly block access to users. It is the type of cookie notice that only disappears when the user clicks “accept”.
This type of cookie notice is only required if sensitive personal data is processed. Regardless of whether the sensitive data is processed by the website itself or by third parties, the explicit consent of the user is required here.
Types of cookies
As you can see, there are many different types of cookies. Some are “necessary cookies” without which a website would not work.
Others are “marketing or advertising cookies,” probably third-party trackers that collect, use, or sell your personal information, often to create incredibly detailed profiles for targeted advertising.
A cookie notice is required to inform users about the variety of online tracking, which is required by law through the GDPR and ePrivacy.
If you would like to know more about cookies, read our article: What are cookies ?
Requirements for a GDPR and ePrivacy-compliant cookie notice
In short, a legitimate, compliant cookie notification must:
- Obtain clear and unequivocal user consent,
- before processing personal data,
- after specifying all types of cookies and other tracking technologies that are available and operated on their pages,
- in an easily understandable way that enables users to grant and withdraw consent for each individual category of cookies,
- in order to be able to document every consent of the user securely and confidentially,
- and ask for renewed consent every twelve months.
The bad, the good and the very good: a tour of the cookie information
A bad – and non-compliant – cookie notice is a notice that does not specify the various tracking cookies and their functions that they serve, and does not allow the user to make a real choice of consent, but forces them to simply click “OK” or click “accept”. Such a cookie notice is not GDPR-compliant.
This is a bad, non-compliant cookie notice that does not allow real user consent.
This is not an actual and genuine cookie consent, since the user has no way of knowing who or what he agrees with, nor is it able to withdraw this consent if he changes his mind.
A good cookie notice is a notice that includes the user option to disable the different types of trackers and cookies with which you do not want to share your information.
A very good cookie notice is one that, through extensive details, in clear and understandable language, passes on as much information to the end user as the website operator has about third-party tracking devices and cookies that are operated on his website.
Through transparency, a cookie notice enables us to understand which decisions we want to make online and gives us the opportunity to protect our right to privacy online.
How to use a cookie notice
As a website owner, responsibility for complying with users’ right to privacy is on your shoulders.
If your website processes sensitive personal data, you must obtain the express consent of the user – this also applies if your website enables third parties to process sensitive data, e.g. if you use an analysis or advertising service, a video or social media plugin.
Be careful and watch what is going on your website so that the user data is not collected under your supervision.
As one of its core functions, CookieFirst provides you with a cookie notice. It is software that you implement on your website directly from the cloud.
It scans your website, displays all tracking cookies and provides various templates for cookie notifications for compliant use on your website. It’s free if you have fewer than 100 subpages.
You can then get in touch with your users in a transparent and trustworthy manner without having to see through the technical depth of your own website.
Text of the cookie notice
Cookie notice on WordPress
If you use WordPress as a management system for your website, you are not alone. With more than 60 million domains, it is the most popular website management system in the world.
However, it’s still your responsibility to implement a compliant cookie consent policy on your WordPress website or blog – not WordPress’s responsibility.
Cookie notice plugins
The best you can do is to choose a cookie notice plugin that does most of the job for you. A cookie notification plugin has been specially developed for a hosting system such as WordPress and can provide you with a template for managing cookies and user consent to the cookie.
In this way, you ensure transparency between your website and its visitors and thus offer them a genuine and well-founded choice of consent.
Read more about WordPress our cookie notice plugin here: WordPress cookie consent.
How to see a cookie notice – and why it’s more interesting than boring
In recent years we have seen a number of major public scandals about the misuse of personal data:
The Facebook / Cambridge Analytica Plot 2018, which pushed the huge harvest of private information and its subsequent resale for political purposes.
The digital interference of the Russian government in democratic elections in 2016 and the ongoing digital interference that has shaken western democracies and continues to tarnish US politics today.
The trust and data protection front on the Internet
Times of public opinion have changed quite dramatically as a result of these events.
There is no doubt: the erosion of public trust in our digital infrastructures is as clear and dangerous for the functioning of our increasingly digital societies as the increasing misuse of personal data by Google, Facebook and countless ad tech companies.
Only 15% of people believe that they have full control over the information they provide online.
The European Union is making serious efforts to regulate this plight of democratic rights, while technology giants are lobbying against regulation.
All efforts to prevent user data misuse and regulate the trillion-dollar industry of monetizing personal data are good efforts to restore and build that essential trust.
But this fight for privacy isn’t just in Brussels or Silicon Valley – it’s every day by website owners who protect their users from abuse, are transparent about their website’s otherwise invisible tracking structures, and control their users give about privacy.
At first glance, the cookie notice may seem like a boring, bureaucratic must, but it is indeed the front line of the fight for privacy – and therefore an enormous responsibility rests on the shoulders of website owners.
A responsibility not only to offer consent to cookies, but to do so in a clear and transparent manner. It’s not just about your last and next user: it’s about the Internet as a whole and the culture we promote here.
That is the real reason why a cookie notice needs to be clear, honest and to the point, and not just to avoid heavy fines. It informs us all about the ambiguity of the Internet.
It informs the user and the public about the shadows of the visible Internet. It makes it clear what you can expect when you are online, what you should pay attention to and how you can take control and responsibility for your own personal data.
After all, it’s not just a notice …