Cookies on your website are legal if they were created in accordance with the consent expressed by the user. Surprisingly often, cookies are loaded by default before the user has a chance to express their preferences. In the article below you will learn how to check whether the cookies on your website are correct.
However, we will focus more on the "tangible" part, and the information contained in the article should not be treated as legal advice. Each case is unique, so if you notice something is wrong, contact a GDPR expert.
What is all this for and where does it come from?
The law regulating the use of cookies in the European Union aims to protect the privacy of Internet users by regulating the way in which websites may use cookies and similar technologies to collect and store data. This is part of a wider set of online privacy regulations, including the General Data Protection Regulation (GDPR).
Legal basis
The legal basis for cookie regulations in the EU is the so-called The ePrivacy Directive, which, in conjunction with the GDPR, sets out the rules regarding the collection and use of users' personal data. This law requires websites to obtain users' informed consent before saving cookies on their device, except cookies that are necessary for the operation of the website.
User consent
The user's consent must be explicit and informed. This means that websites can no longer rely on users accepting cookies by default (e.g. by continuing to browse the website). Users must actively select to consent to cookies before cookies are stored. They must also be able to easily manage their preferences and withdraw consent at any time.
Websites are obliged to inform users about the cookies used, the purpose of their use and how users can manage their cookie preferences. This information should be easily accessible and understandable so that users can make an informed choice.
Exceptions
The law provides exceptions for cookies that are strictly necessary to provide a service explicitly requested by the user, for example session cookies used to track the contents of a shopping cart in an online store.
Cookies used by Google Analytics are probably not among them ;)
Implementation
Implementing aspects required by regulations requires website owners and developers to implement systems that allow obtaining and managing user consents, as well as adapting tracking and analysis mechanisms to new requirements. While this may be a challenge, it is an important step towards ensuring greater transparency and protecting user privacy online.
What are the consequences of incorrectly using cookies?
The responsibility for ensuring compliance with the law rests with website administrators, who must consciously approach the issue of cookies. The most direct consequence of failure to comply with the law is the risk of high fines being imposed by supervisory authorities, such as the Personal Data Protection Office (UODO) in Poland or other national supervisory authorities in the European Union. Under GDPR, fines can reach up to EUR 20 million or up to 4% of a company's annual global turnover.
Improper management of cookie consents may limit the ability to analyze website traffic and optimize content to meet user needs. Data collected illegally may turn out to be useless because no analyzes can be performed on them. In practice, we will not be able to use them to improve website performance or advertising targeting.
How to check cookies in browsers: Chrome, Firefox and Safari
Chrome
- Open the website where you want to check cookies.
- Right-click on the page and select "Inspect" or use the keyboard shortcut Ctrl+Shift+I.
- Go to the "Applications" tab.
- In the left panel you will find the "Cookies" section under "Memory". Click on the website address to see the list of cookies.
Firefox
- Open the page you want to check.
- Right-click on the page and select "Inspect Element" or use the shortcut Ctrl+Shift+I.
- Open the "Storage" tab.
- Find "Cookies" in the left menu, where you will see a list of cookies used by the website.
Safari
- In Safari, you must first enable the developer menu. Go to "Preferences" > "Advanced" and check the "Show dev menu in menu bar" option.
- Open the page you want to check.
- In the menu bar at the top of the screen, select "Development" > "Show Inspector".
- Go to the "Storage" tab and select "Cookies" to see what cookies are currently used on the website.
Please note that access to cookie information may vary depending on the browser version. Always use the latest software version to have access to up-to-date security tools and features.
The most common mistakes
- Cookies loaded before consent is given: If cookies, especially tracking or analytical cookies, are loaded before the user consents, this indicates an incorrect implementation of the cookie consent mechanism.
- No change of cookies after consent: Regardless of whether the user accepts all cookies or only some, the same cookies are loaded without taking into account individual consent.
- Enforcing acceptance of all cookies: The website does not allow you to continue browsing without accepting all cookies.
- Inability to easily change or withdraw consent: You do not have an easy option to change your cookie preferences or completely withdraw your consent to their use.
- Unclear information about cookies: The website's cookie policy is unclear or hidden, and information about the purpose and types of cookies used is insufficient or difficult to access.
- Automatic acceptance of cookies after a period of time: Cookies are automatically accepted after a specified period of time, even if the user has not taken any action.
- Use of cookies for undeclared purposes: The website uses cookies for purposes that are not expressly stated in the privacy policy or cookie policy.
- Third party cookies loaded without consent: The website loads cookies from third parties (e.g. advertisers or analytics services) without your explicit consent.
- No information about the storage period of cookies: The website does not inform users how long cookies will be stored on their device.
Checking cookies is not everything
Checking the consent mechanism
The consent mechanism should be clear and understandable to the user. The user must be able to consent to different categories of cookies, e.g. analytical cookies, marketing cookies. It's worth checking whether the consent system on your website allows users to make informed choices.
A common problem in this area is presenting information that the website uses cookies and that continuing to use it means consenting to tracking scripts.
Privacy policy and information about cookies
Make sure your website has an up-to-date privacy policy that explains in detail what cookies are used, what they are used for, how long they are stored and how users can manage their preferences. This information should be easily accessible to users.
For example, you can place a link to the policy in the footer of the website, right next to the link to change your marketing consents.
Summary and next steps
Important points to remember
- User consent: It is necessary to obtain the user's informed consent to the use of cookies, except for those necessary for the functioning of the website.
- Informing users: Websites must clearly inform users about the use of cookies, their purpose and how to manage preferences.
- Compliance Check: Regularly checking your browser cookies helps you maintain compliance with the law and adapt to changing requirements.
- Privacy Policy: An up-to-date privacy policy, containing detailed information about cookies, is not only good practice, but also a legal requirement.
Further steps
- Cookie audit: Regularly check and analyze the cookies on your website to ensure they comply with applicable regulations.
- Update your privacy policy: Make sure your privacy policy is up to date and includes all required cookie information.
Remember that complying with cookie regulations not only protects you from potential legal consequences, but also strengthens users' trust in your website.
Adam Naworski
