The advent of cookies since the inception of the internet has particularly helped marketers and advertisers to cash in on much profit through online users' personal data. But this is the competitive edge that only a handful of companies can enjoy anymore.
With so much on the plate for your business, be mindful of how you want to start attending to your company's data governance system and building a relationship with your customers. And this could be achieved only through one thing: Cookie consent.
Browsers can prompt users to accept or reject cookies when they visit your website for the first time.
Some websites can redirect to a different page where the user can choose specific types of cookies they want to allow.
Types of data that cookies can collect:
Online activity and habits
Hobbies and interests
Sharing Data without consent
Exposing sensitive personal data
Online platform addiction through in-depth behavior profiling.
Cookies provide valuable insights that help businesses build tailored content and products and services that people would love to buy.
This enhances their user experience, thus, their trust in the brand.
'Session' and 'Persistent' cookies
When cookies expire as soon as the user exits their browser (at the end of the browser session), they are called 'session cookies.'
When cookies are stored for more extended periods, they are 'persistent cookies.'
'First-party' and 'Third-party' cookies
First-party cookies are deployed on the users' devices directly by the website, i.e., the URL displayed in the browser's address bar.
Third-party cookies are deployed by domains other than the website the user visits.
'Similar technology' means another way of collecting digital data with the same functionality as a cookie. This may include specific characteristics to identify devices so that visits to a website can be analyzed.
These similar technologies include:
HTML5 Local storage
Local shared objects
Some examples of device fingerprinting:
HTTP header information
Data exposed by specific network protocols
Data derived by device configuration
installed plugins within the browser
TCP stack variation
Use of any APIs
What type of cookie need consent
Not all cookies require consent. Like essential cookies, mandatory for smooth and effective website operation.
Nonessential Cookies require Consent. They are:
Social Media Cookies
Data from these nonessential cookies are later used for behavioral profiling and targeted advertising.
Display a cookie banner on a user's first visit
Inform users of the cookies and their purposes.
Collect users' active consent
Provide users with 'accept' or 'reject' cookies button.
Give users the option to opt-in to specific cookie categories.
Provide detailed information – the name of the cookie provider, description, and cookie duration
Give users a user-friendly option to withdraw consent.
Do not use cookie walls that prevent access to the website unless the user accepts cookies.
Do not use pre-ticked boxes
Block third-party cookies until the user’s consent
Record cookie consents for proof of compliance
Do not set cookies if the user is scrolling or continuing to use a website.
A cookie wall is a mechanism wherein a user has no option other than to accept the processing of cookies to get access to the website.
Advertisers monetize content for the user to access it by either a paid subscription or subscribing with email. This is paywall.
Austrian and French DPAs have already concurred that the paywall system is valid as long as the subscription to the site gives away the content at a modest and fair cost so that users' free choice doesn't constrain.
Cookie and data ethics
Data Ethics experts Pernille Tranberg and Gry Hasselbalch discuss how companies can look at the economic advantage of privacy driven by the competitive edge.
"Being eco-friendly has become an investor demand, a legal requirement, a thriving market, and a clear competitive advantage. Data ethics will develop similarly – just much faster.. "(Tranberg Data Ethics, 2016, p.9)
"Cookie banner" is a pop-up or a splash page that the website owner places on their website/mobile app to take the consent of cookie usage from the user visiting the website/mobile app.
Types of the cookie banner
Notice Only banner: This banner simply informs the user of the cookie usage by the website
Notice + Opt-out consent: This cookie banner informs the website visitor of the cookie being deployed and provides a disabling mechanism for cookie usage
Google and Amazon were slapped with a total penalty of $148 Million by French Regulator CNIL for placing advertising cookies without users' consent
The Spanish DPA fined Vueling Airlines and Twitter a $33,000 fine for not allowing users to reject the cookie or manage the preference.
GDPR: up to 20 million EUR or up to 4% of the annual turnover, whichever is greater
CCPA: up to $2,500 per violation and $7,500 per violation that is intentional or involves children (as per CPRA).
VCDPA: Fines for non-compliance with Virginia's VCDPA can go up to $7,500 per violation.
LGPD: Up to 50 million Real or 4% of the annual turnover, whichever is higher.
PIPEDA: up to CAD 100,000 per infringement.
Per the Deloitte survey, 87% of top executives report reputational damage as more detrimental than only other strategic risks that a company faces.
For example, according to Finbold's "Bank Fines 2020" reports, the Top three US banks, namely Goldman Sachs, Wells Fargo, and JP Morgan Chase, have paid a total of $7.5 Billion in fines in 2020. Keeping lawsuits separate, the settlement itself can cost you millions of dollars.
Audits are time-consuming and take lots of effort. Being non-compliant with Data Privacy Laws might demand extra audits to uncover the real reason for non-compliance.
Legal actions and imprisonment
In a rare scenario, compliance officers have personally faced regulatory and government enforcement actions. Especially after the financial crash of 2007-2008, regulators and government agencies have been tough and thoroughly scrutinized compliance officers' roles and responsibilities.
Company shut down
Being non-compliant with data privacy regulations is considered illegal, and governing authorities might take any relevant action on your business. Companies, by government order, might be shut down or completely dissolved in case of serious non-compliance issues.
Option to Accept or Reject nonessential cookies
Convey the user the purpose of using a cookie, the types of cookies used, and your data will be processed.
Informing users about third-party vendors/cookie providers
Specify the duration of the cookie (Cookie's expiry date)
Informing the user of sharing/selling of personal data
Placing your cookie banner at the corner of the screen or behind other page elements makes visibility harder.
Using ambiguous and legalese in your cookie banner.
Assuming and deploying nonessential cookies without the consent of the user.
Not being up to date with the latest changes in cookie regulations.
Having pre-ticked boxes in the cookie banner for nonessential cookies
There are various methods to implement cookie consent such as:
Another way of implementing cookie consent is through plugins.
But your best and the less hectic option would be to work with a Consent Management Platform (CMP) like Adzapiers.
Integrating Adzapier's CMP with your business would make you compliant in minutes, even with the strictest data privacy laws.
Integrating smoothly with your website/mobile app, Adzapier's CMP needs minimal manual intervention to set up, which doesn't mess up your website's core vitals.
There are particularly three important components of Adzapier's CMP that hardly a few other compliance platforms have in the market.
Session recording: It is how Adzapier records the consent of the user who had given their consent to use the cookie. This will help you prove your compliance with the regulatory authority in unforeseen legal issues.
Automated cookie blocking: With GDPR making it extremely clear that nonessential cookies can't be deployed without the user's explicit consent, Adzapier's Auto-cookie blocking feature helps block nonessential cookies at the user's end until they give their consent.
Global compliance: Adzapeir is updated with the latest changes and amendments to data privacy compliance so that you don't have to. We comply with the strictest laws like GDPR and CPRA to other major laws like VCDPA, LGPD, and much more.
Try Adzapier free for 14 days and see your business taking off.
Any information obtained from the Adzapier website, services, platform, tools, or comments, whether oral or written, does not constitute legal or regulatory advice. If legal assistance is required, users should seek legal advice from an attorney, a lawyer, or a law firm.