CMS, UI Development

Cookies policy popup

When a user visits website, we see a popup notification which informs us that the website is using cookies for tracking and asks us to agree for it to happen. It allows us to read its “cookie policy” which no one reads and often indicates that allowing this will enhance your website experience. 

Cookies are small data packets that websites send to our devices which keeps the track of our website’s visits and activities.

What do browser cookies do?

Cookies are used to remember information and monitor that information about you. It stores information like our shopping cart, login information, most visited sites etc. This isn’t always bad. For example, e-commerce sites use cookies to keep track of the saved or shopping cart items as we navigate through the site. Without cookies, cart would empty itself every time. This would make the user experience bad. They remember your preferences, save your passwords and username so you can login directly when you land on the same website making the user experience good. There is no need to remember these details when you visit different sites. Cookies and similar technologies can make interactions with the website faster, more secure and more personalized. It can be used while filling forms. For example, cookies can tell which language user prefers and speed up site functionality. They also keep track of the most visited site or most recent site and login information. User can store their passwords for their frequently visited sites, so they don’t have to login again and again.

There are first party cookies and third-party cookies. First party cookies are placed by the website visited and third-party cookies placed by advertisers which shows particular content for particular target. They show us ads even when we leave the original site.

What do cookies used for? 

Authentication: Cookies help in recognizing you when you sign in. For example, amazon uses the cookie information to provide product recommendations, showing personalized content, enable single click to purchase and provide other customized features and services.

Cookies makes it easier to access services of a site and show appropriate experience and features. For example, Facebook use cookies to keep us logged in as we navigate Facebook pages.

Security: cookies and similar technologies are used to make user interactions with websites Services faster and more secure. For example, linkedin use cookies support and use security features and keeping our account safe and helps detect hostile activities that can violate user agreement. It can help identify and add more security measures when someone may attempt to access our account without authorisation. Cookies are also used to store information in case we forget our password and additional authentication.Cookies also help fight spam and phishing attacks. For example, Facebook uses cookies to identify computers that creates fake facebook accounts in large numbers and prevent underage users to register to their site

Customized content: Cookies helps the website in delivering content relevant to our interests. It is used to customize user’s experience on a website. When user re visits the websites, it becomes it becomes easier to navigate. It ensures users find what they are looking for.

Advertising: Cookies helps user to show relevant advertisement more effectively. Third party cookies are used for all add targeting and advertising. For example, google uses cookies to help ads on google search. It remembers most recent searches and shows customized ads on google. When a user visits a business website, cookie help to deliver ads to those people recommending products and services.

What is a cookie policy? 

Cookie policy is thorough instruction that tells user how cookies are used, and different types of cookies website is using and how user can stop or control cookies. User can refuse to accept cookies from a site at any time from settings in the browser which allows to refuse cookies. Most of the websites use cookies and it is mandatory to inform the user as soon as they visit a website that their information is being stored. User has the right to control what data to share with the companies and other third parties. EU’s ePrivacy Directive gives us right over sharing personal data through cookies. Cookies not only track data but some are important for certain website functionality. If a website doesn’t work without allowing cookies, owner must make this clear in the cookie policy.

E.g.: Amazon website explains that their shopping cart won’t work until certain cookies are accepted.

The things website should inform us before installing cookies in our system are:

  1. They must tell about the cookies they use – brief explanation of how the cookies are used and purpose of installation and link to a cookie policy which contains detailed information about the purpose, usage and third-party activity.
  2. Clearly indicate which action will signify consent. Guidelines states that scrolling and continued browsing on a website is not a valid content and a website must show a cookie banner without any pre-selected checkbox.
  3. Get consent to use that information from cookies. Consent of the user is important because cookies can collect personal data which can be used to identify you. This can include name, email, login details, IP address.

Global privacy laws allows the user to

  1. Controlling who has access to this information
  2. Cancel consent to save this information any time
  3. Refuse to accept unnecessary cookies that collect data that is personal identification information.

If a website wants to use cookies, user has the right to know

  1. Why the cookies are being used
  2. What specific information they are collecting
  3. How that data is being shared and being used
  4. How to cancel the consent to save this information
  5. How to delete cookies

Companies should set up all these information and rights in COOKIE POLICY. It can be in Privacy Policy or separately linked document.

So, if websites need consent to use cookies, they need to show cookie notices or popups. The notice should inform you that it uses cookies and give you option to view different cookies before proceeding.

Cookie banner examples: non-compliant and compliant 

This is an example of non-compliant cookie banner. It consists of a simple declaration that website uses cookies with a link to the companies’ privacy policy and an ok button. This type of cookie banner is used widely but it is not compliant. It doesn’t provide enough information on how and what cookies are being used neither the option to the user to reject the use of cookies.

Below is example of a compliant banner:

he user can easily opt in and out from the website to save cookies. It allows the user to see more detailed information about what cookies are being used by the website.

 Why is a cookie policy required? 

Cookie law came into effect in 2002 to protect and ensure user privacy. All companies and services are obliged to follow the cookie law. This means that you are compiled to publish a cookie policy popup on your website as well as a consent form in the popup warning and informing the users before you can track their digital data. Additional information like what types of cookies are being used needs to be provided and the ability to decline or delete the cookies.

Cookie law states out the guidelines for tracking. It was designed to inform the user how their data is being collected and used online. It gives the user advantage to decline the use of cookie that they feel will impede their privacy. This law safeguard online privacy. It was made law in 2011by EU. It gets consent from visitors to store or get any information on device. A website should make certain that it follows the cookie policy instructions. Failure to obey could risk legal action from the regulators.  Facebook and google have already been hit with lawsuits accused of pressuring users to share their personal data. GDPR requires clear consent and justification of any data acquired from user and how it is being used.

Regardless, website owner is legally required to show a cookie banner to the user. Many websites add the cookie policy in privacy policy section. It can also be a standalone section. Cookies are privacy risk, because with them websites cab track, store user behaviour. Most of the privacy policy are static, cookies being used are dynamic and might change often.

Therefore, a cookie policy should be regularly updated to make sure information is accurate.

Conclusion 

According to law, before collecting any personal information from a user it is mandatory to get an explicit consent. A cookie popup consent banner should be shown to the user before using their personal information or setting them in cookies.The design and the wording of the cookie popup should be easy to understand and written in plain language. For first time user’s cookie notice should be easy to see. If a user doesn’t land on the homepage it is a good idea to display cookie banner on all pages of a website. There should also be a link to detailed cookie policy and a way to opt out as well.

About The Author