Is your website compliant?
Whilst a lot of bigger companies have adapted their websites to conform, with the use of pop-up consent boxes, unfortunately, a lot of the SME market remains unaware of the updates and smaller businesses are being left vulnerable to non-compliance consequences. Despite the SME market lagging, this level of protection, whilst annoying, is necessary to comply with the updated privacy laws. So is your website compliant? Here’s what you need to know:
“This website uses cookies” – So, what?
Firstly, let’s explain what cookies are, how they work and why people want control over the data websites store.
Cookies are text files that store information from your browser when you visit a website, it could include details such as how you spend your time online, what you’ve been looking for and how many times you’ve visited a certain site and more.
The information is all anonymous, however, the data mentioned above is what allows advertising companies to create ‘buyer behavioural profiles’. Therefore, cookies can sometimes catch you out. If you’ve been browsing on your partner’s laptop for a birthday present and they then visit a different site, they could get a display advert for that surprise item you were searching for!
What’s changed around cookies in 2021 (post-Brexit)?
In the agreement signed by the UK and EU at the end of December 2020, a provision allowing for the continued, unrestricted flow of data between the two trading blocs for an interim period of six months (until June 2021). After Brexit on January 1, 2021, The Data Protection Act (2018) is still in force with the UK GDPR and EU GDPR being essentially the same apart from a few changes related to national intelligence and security, but instead of the EU’s ePrivacy Directive, the UK now adheres to the (updated) Privacy and Electronic Communications Regulations – PECR.
PECR is the UK’s national implementation of the European ePrivacy Directive. It deals with the protection of personal data concerning electronic communications, specifically cookies and online marketing communications. The ICO updated its guidelines regarding the use of cookies, and hence the processing of user data, according to the PECR. With the ICO ruling that the only form of valid consent on websites are consents given prior to the initial tracking, obtained through cookie banners and without any pre-ticked checkboxes.
How to ensure your website is compliant
Most importantly, businesses need to be aware of the tracking cookies they have on their site. By understanding this, you will then need to provide any web visitors with a small outline of what cookies are used, what they are doing and why. Then, give an option for the user to allow for cookies to be stored on their device or not.
Due to this, all cookies cannot be activated when a user first visits your website. By doing this, you are implying consent before the pop-up is received. Therefore, it is crucial that only functional cookies are enabled before consent.
If you are unaware of which cookies are functional, this is where it will be necessary to involve a website expert to identify and test the cookies on your site and find out which will directly affect the functionality and content. When your website has cookies that will directly affect the usability of your site, you will still need to outline this in a banner. However, consent will not be required. In circumstances where you have cookies that don’t affect the functionality, consent is 100% required.
Consent will need to be clear and outline exactly what the user is agreeing to. It is vital that the user then has access to update their cookie preferences if they choose to change their mind later.
Once, a site visitor does consent to your cookies, it doesn’t end there. You will need to renew this consent regularly and manage it by setting a time period in which the user will then be re-prompted to consent again. This is usually every 12 months, although this can also depend on the user’s location.
Are there more changes expected?
Unfortunately, yes! Avid online users have probably already got frustrated with cookie pop-ups and there are already reports of widespread concerns about usability issues these pop-ups can cause. With articles from the BBC and The Times already predicting that this coupled with a new ICO leader, means that it won’t be the last ‘shake up’ of the data rules.
With this in mind, it’s even more important for businesses to ensure they have allocation in their marketing budget for website updates each year.
Please get in touch if you would like any more information on updating your website to ensure compliance and customer satisfaction.