New Year, new resolution… check your website cookie activity
If you’re a website owner, checking cookies compliancy may have moved to the top of your to-do list after the European Parliament was reprimanded this week and Google and Facebook were fined by France’s data regulator last week.
If ever we needed a reminder of how important it is to get the protection of data right, we need only look at the latest developments in Europe.
Just last week two of the world’s biggest tech giants, Google and Facebook, were handed down fines to the tune of more than €2 million collectively for their practice of not making it easier to reject cookies.
And this week the European Parliament was found guilty of breaching data protection laws and cookie compliancy on one of its internal websites. Although it wasn’t fined, the parliament was reprimanded by the European Data Protection Supervisor and had to implement remedial measures, including updating an inaccurate data protection notice and cookie banner.
Members of the parliament had brought the case over an internal Covid-19 testing website that included code from the Stripe payment platform and cookies from Google Analytics, which effectively transferred users’ data to the US.
By now, cookies have become a way of life online. As an internet user you’ll know them for all the clicking you have to do before using a website, and as a person who owns a website you’ll know them for the wonderful insight they give you about the people visiting your site.
And refusing cookies should be as easy as accepting them. The French regulator, known as the CNIL, has enforced the EU ePrivacy Directive, and made an example of Google (with a €150 million fine) and Facebook (€60 million).
When it comes to cookies on the sites of these two companies, “several clicks are required to refuse all cookies, against a single one to accept them,” the regulator said.
The CNIL considered that this process affects the freedom of consent: since the user expects to be able to quickly consult a website, the fact that they cannot refuse the cookies as easily as they can accept them influences their choice in favour of consent.
The French regulator has made it clear, via the fines, that organisations will no longer be able to hide the cookies “rejection” behind a second click into options.
For those worried about targeting existing and potential customers, there are alternatives. Annertech’s commercial director, Gary Cosgrave, recently wrote about how the move away from invasive campaigns to consent-driven personalisation can deliver more value for both customers and businesses.
But I’m not in France. How do these fines affect me?
In Ireland, it is the responsibility of the Data Protection Commission (DPC) to uphold the fundamental right of individuals in the EU to have their personal data protected.
The DPC is the national supervisory authority for the General Data Protection Regulation (GDPR), and also has functions and powers related to other important regulatory frameworks including the Irish ePrivacy regulations and the EU Directive known as the Law Enforcement Directive.
Annertech’s data protection officer, Maeve Dunne, says that the ruling by the French authorities reinforces the message across all European data protection regulators and all businesses worldwide that engage within the European market – if you interact online, all tracking technologies, including plugins and analytics, must have clear and unambiguous consent.
“We have been working closely with clients for over two years now, helping them to transition their website to a cookie-compliant and privacy-friendly space. There really is no excuse at this stage in 2022,” she says.
Dunne outlined cookie compliance and what you need to do to conform here.
She adds: “Our clients not only understand but also appreciate the basic rules surrounding ePrivacy, UK-PECR and of course GDPR. When designing a new site or revamping a current site, our question is always the same: Why wouldn’t you want privacy and consent by design and default?”
In April 2020, the DPC suggested that as many as 95% of Irish websites may not be privacy compliant.
Things may have changed since then but, in reality, visitors to many websites potentially cannot trust the organisation to treat their personal information with complete integrity and transparency.
What you can do when it comes to your website and cookies?
- When was the last time you checked what cookies are set by your website? Follow these five steps outlined by Dunne to ensure GDPR, ePrivacy and cookies compliance.
- Ask our client management team to start with a complimentary cookie audit of your website. We bet you will be surprised about the cookies that have been deployed without your knowledge.
- Annertech can also do a monthly scan of your website and all its cookies to make sure they are classified correctly and the users preference for the cookies are being respected in accordance with GDPR guidelines and the EU cookie directive.
Are you concerned about your cookie compliancy?
Get in touch for a cookie audit or to get help with the management of cookies.
Alison Visser Head of Content
After more than two decades in journalism, Alison now collaborates with Annertech's clients to ensure that their content is the best it possibly can be.