How many cookies does your website have? The General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) take effect on May 25, 2018, making it necessary to know how many cookies are on your website. Cookies are small pieces of text that websites place on your browser to recognize you when you return. They can track information such as your online activity, location, and the devices you use to visit the site.
In Which Countries do These Laws Apply?
What is the Difference between GDPR and CCPA?
The General Data Protection Regulation (GDPR) is a set of regulations that member states of the European Union must implement in order to protect the privacy of digital data. The California Consumer Privacy Act (CCPA) is a set of regulations that California businesses must implement in order to protect the privacy of digital data. Both GDPR and CCPA compliance are required for companies that do business in the EU or California, respectively.
So, what do these regulations actually require?
Categorization Based on the Size of an Organization (SME, Corporate, Service Providers)
Depending on the size of your organization, you may be required to have a cookie banner on your website. For SMEs, the General Data Protection Regulation (GDPR) applies. This regulation requires companies to notify users about the cookies they use and obtain consent before using them. For service providers, the California Consumer Privacy Act (CCPA) requires companies to provide a Do Not Sell My Personal Information link on their website.
Problem with User Consent Checkboxes
One common issue website owners face when it comes to cookies is user consent. In order to be in compliance with GDPR, you must have a user’s explicit consent before setting any cookies. This can be done through a variety of methods, but most commonly seen is the use of checkboxes. The problem with using checkboxes for consent is that it’s not always clear what the user is agreeing to. For example, if you need to set two different types of cookies on your site – one related to marketing and one related to tracking shopping cart items – then the user needs to know this before checking the box. If they are not aware of both uses, then they will likely agree without knowing why or how these cookies will impact their experience on your site.
The Final Word
If you have a website that collects personal data from users in the European Union or California, you must comply with the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). This means having a cookie banner on your website. Non-compliance can result in heavy fines. So if you’re not sure if your website is compliant, it’s better to err on the side of caution and put a banner up.