The Cookie Consent Guide: Building A Customer-Centric Brand

The Cookie Consent Guide: Building A Customer-Centric Brand

Mar 16 2023 8:30 PM

The advent of cookies since the inception of the internet has particularly helped marketers and advertisers to cash in on much profit through online users' personal data. But this is the competitive edge that only a handful of companies can enjoy anymore.  

With so much on the plate for your business, be mindful of how you want to start attending to your company's data governance system and building a relationship with your customers. And this could be achieved only through one thing: Cookie consent.  

Everything about cookie consent  

Requesting your customers to either accept or reject the usage of cookies on their devices when they visit your website through a cookie banner or cookie policy is referred to as cookie consent. Different ways to obtain cookie consent:  

  • Browsers can prompt users to accept or reject cookies when they visit your website for the first time.¬†¬†

  • Website operators can notify customers of the use of cookies and also link to the privacy policy page for further information.¬†¬†

  • Some websites can redirect to a different page where the user can choose specific types of cookies they want to allow. ¬†¬†

Cookies: The good, the bad, the ugly  
 

The Good  

Types of data that cookies can collect:  

  • Online activity and habits¬†¬†

  • Hobbies and interests¬†¬†

The Bad  

  • Sharing Data without consent¬†

  • Irrelevant Adverts¬†

The Ugly  

  • Exposing sensitive personal data¬†

  • Online platform addiction through in-depth behavior profiling.¬†¬†¬†

Cookies: A Marketer’s Lifeline  

  • Cookies provide valuable insights that help businesses build tailored content and products and services that people would love to buy.¬†¬†

  • This enhances their user experience, thus, their trust in the brand.¬†¬†

'Session' and 'Persistent' cookies  

  • When cookies expire as soon as the user exits their browser (at the end of the browser session), they are called 'session cookies.'¬†

  • When cookies are stored for more extended periods, they are 'persistent cookies.'¬†¬†¬†

'First-party' and 'Third-party' cookies  

  • First-party cookies are deployed on the users' devices directly by the website, i.e., the URL displayed in the browser's address bar.¬†¬†

  • Third-party cookies are deployed by domains other than the website the user visits.¬†¬†

 
'Similar technologies’  

'Similar technology' means another way of collecting digital data with the same functionality as a cookie. This may include specific characteristics to identify devices so that visits to a website can be analyzed.  

These similar technologies include: 

  • Fingerprinting techniques¬†¬†

  • HTML5 Local storage¬†¬†

  • Local shared objects¬†¬†

  • scripts¬†¬†

  • tracking pixels¬†¬†

Some examples of device fingerprinting:  

  • CSS information¬†¬†

  • JavaScript information¬†¬†

  • HTTP header information¬†¬†

  • Data exposed by specific network protocols¬†¬†

  • Data derived by device configuration¬†¬†

  • installed plugins within the browser¬†¬†

  • installed fonts¬†¬†

  • Clock information¬†¬†

  • TCP stack variation¬†¬†

  • Use of any APIs¬†¬†¬†

What type of cookie need consent  

Not all cookies require consent. Like essential cookies, mandatory for smooth and effective website operation. 

Nonessential Cookies require Consent. They are: 

  • Performance Cookies¬†

  • Analytical Cookies¬†

  • Advertising Cookies¬†

  • Social Media Cookies¬†

  • Unclassified Cookies¬†

Data from these nonessential cookies are later used for behavioral profiling and targeted advertising.  

Top 10 Cookie consent must haves 

  1. Inform your users of cookies 

  1. Collect consent by cookie purpose 

  1. Allow users to reject cookies 

  1. Collect active consent (no scrolling/swiping for consent) 

  1. Respect your users’ privacy choices 

  1. Pre-ticked boxes must be set to opt-out 

  1. Nudging for consent is not allowed 

  1. Make it easy to withdraw or change consent 

  1. Collect consent before using cookies 

  1. Store all user consents for 5 years   

Checklist to comply with EU cookie law  

  • Display a cookie banner on a user's first visit¬†

  • Inform users of the cookies and their purposes.¬†¬†

  • Collect users' active consent¬†

  • Provide users with 'accept' or 'reject' cookies button.¬†¬†

  • Give users the option to opt-in to specific cookie categories.¬†¬†

  • Provide detailed information ‚Äď the name of the cookie provider, description, and cookie duration¬†

  • Give users a user-friendly option to withdraw consent.¬†¬†

  • Do not use cookie walls that prevent access to the website unless the user accepts cookies.¬†¬†

  • Do not use pre-ticked boxes¬†¬†

  • Block third-party cookies until the user‚Äôs consent¬†¬†

  • Record cookie consents for proof of compliance¬†

  • Do not set cookies if the user is scrolling or continuing to use a website.¬†¬†¬†

Cookie wall vs. paywall, what's the difference?  

A cookie wall is a mechanism wherein a user has no option other than to accept the processing of cookies to get access to the website.   

Advertisers monetize content for the user to access it by either a paid subscription or subscribing with email. This is paywall. 

Austrian and French DPAs have already concurred that the paywall system is valid as long as the subscription to the site gives away the content at a modest and fair cost so that users' free choice doesn't constrain.    

Cookie and data ethics  

Data Ethics experts Pernille Tranberg and Gry Hasselbalch discuss how companies can look at the economic advantage of privacy driven by the competitive edge.  

"Being eco-friendly has become an investor demand, a legal requirement, a thriving market, and a clear competitive advantage. Data ethics will develop similarly ‚Äď just much faster.. "(Tranberg Data Ethics, 2016, p.9)¬†¬†

 Cookies Banner  

"Cookie banner" is a pop-up or a splash page that the website owner places on their website/mobile app to take the consent of cookie usage from the user visiting the website/mobile app.   

Types of the cookie banner  

  • Notice Only banner: This banner simply informs the user of the cookie usage by the website¬†

  • Notice + Opt-out consent: This cookie banner informs the website visitor of the cookie being deployed and provides a disabling mechanism for cookie usage¬†

  • Notice + Opt-In Consent: This cookie banner informs the user of the usage of the cookies by the website and also requests them to either accept or reject the consent to use cookies before they are deployed¬† ¬†¬†

Non-compliance with Cookie Law? Good Luck!  

  • Google and Amazon were slapped with a total penalty of $148 Million by French Regulator CNIL for placing advertising cookies without users' consent¬†¬†

  • The Spanish DPA fined Vueling Airlines and Twitter a $33,000 fine for not allowing users to reject the cookie or manage the preference.¬†¬† ¬†

Fines  

GDPR: up to 20 million EUR or up to 4% of the annual turnover, whichever is greater  

CCPA: up to $2,500 per violation and $7,500 per violation that is intentional or involves children (as per CPRA).  

VCDPA: Fines for non-compliance with Virginia's VCDPA can go up to $7,500 per violation.  

LGPD: Up to 50 million Real or 4% of the annual turnover, whichever is higher.  

PIPEDA: up to CAD 100,000 per infringement.   

Reputational damage    

Per the Deloitte survey, 87% of top executives report reputational damage as more detrimental than only other strategic risks that a company faces.  

Penalties  

For example, according to Finbold's "Bank Fines 2020" reports, the Top three US banks, namely Goldman Sachs, Wells Fargo, and JP Morgan Chase, have paid a total of $7.5 Billion in fines in 2020. Keeping lawsuits separate, the settlement itself can cost you millions of dollars.  

Audits  

Audits are time-consuming and take lots of effort. Being non-compliant with Data Privacy Laws might demand extra audits to uncover the real reason for non-compliance.   

Legal actions and imprisonment    

In a rare scenario, compliance officers have personally faced regulatory and government enforcement actions. Especially after the financial crash of 2007-2008, regulators and government agencies have been tough and thoroughly scrutinized compliance officers' roles and responsibilities.   

Company shut down  

Being non-compliant with data privacy regulations is considered illegal, and governing authorities might take any relevant action on your business. Companies, by government order, might be shut down or completely dissolved in case of serious non-compliance issues.   

Dos and Donts of Cookie Consent    

Dos  

  • Option to Accept or Reject nonessential cookies¬†¬†

  • Convey the user the purpose of using a cookie, the types of cookies used, and your data will be processed.¬†¬†

  • Give people in-depth information about cookies by linking to your cookie policy page¬†¬†

  • Informing users about third-party vendors/cookie providers¬†¬†

  • Specify the duration of the cookie (Cookie's expiry date)¬†¬†

  • Informing the user of sharing/selling of personal data¬†¬†

Donts  

  • Placing your cookie banner at the corner of the screen or behind other page elements makes visibility harder.¬†¬†

  • Using ambiguous and legalese in your cookie banner.¬†¬†

  • Assuming and deploying nonessential cookies without the consent of the user.¬†¬†

  • Not being up to date with the latest changes in cookie regulations.¬†¬†

  • Having pre-ticked boxes in the cookie banner for nonessential cookies ¬†

Implementing Cookie consent on your website  

There are various methods to implement cookie consent such as: 

  • So one of the most popular methods is JavaScript libraries and HTML templates¬†

  • Another way of implementing cookie consent is through plugins.¬†¬†

  • But your best and the less hectic option would be to work with a Consent Management Platform (CMP) like Adzapiers.¬†¬†¬†¬†

Cookie compliance with Adzapier: Your best decision ever    

Integrating Adzapier's CMP with your business would make you compliant in minutes, even with the strictest data privacy laws.  

Integrating smoothly with your website/mobile app, Adzapier's CMP needs minimal manual intervention to set up, which doesn't mess up your website's core vitals.  

There are particularly three important components of Adzapier's CMP that hardly a few other compliance platforms have in the market.  

  • Session recording: It is how Adzapier records the consent of the user who had given their consent to use the cookie. This will help you prove your compliance with the regulatory authority in unforeseen legal issues.¬†¬†

  • Automated cookie blocking: With GDPR making it extremely clear that nonessential cookies can't be deployed without the user's explicit consent, Adzapier's Auto-cookie blocking feature helps block nonessential cookies at the user's end until they give their consent.¬†¬†

  • Global compliance: Adzapeir is updated with the latest changes and amendments to data privacy compliance so that you don't have to. We comply with the strictest laws like GDPR and CPRA to other major laws like VCDPA, LGPD, and much more.¬†¬†

Try Adzapier free for 14 days and see your business taking off.

 


Subscribe to our newsletter

By clicking ‚ÄúSUBSCRIBE‚ÄĚ you agree to Adzapier‚Äôs privacy policy and terms & conditions

Want to Keep Reading?

Any information obtained from the Adzapier website, services, platform, tools, or comments, whether oral or written, does not constitute legal or regulatory advice. If legal assistance is required, users should seek legal advice from an attorney, a lawyer, or a law firm.

sourceforge  5 star user review badge slashdot 5 star user review badge IAPP bronze member badge IAB Europe approval badge - transparency and consent framework - registered Consent management platform
© 2023 Adzapier. All rights reserved.