Beware of Cookies on Your Website!
Regardless of whether you created a website for your business or personal blog on WordPress, online shop on the WIX platform, Shopify or using another website builder, or you ordered it from professional web designer – its content and the legality of settings – are solely yours responsibility.
Did you know that cookie settings and the appearance and functionality of your banner informing about cookies on the website must be appropriate, otherwise you may be punished?
The UK’s most visited websites have already received a letter from the Information Commissioner’s Officer (ICO) giving them – in November 2023 – 30 days to ensure their websites comply with the law.
If they do not make changes to ensure compliance with data protection law in cookie banners, the ICO will begin an investigation.
Therefore, regardless of what your web designer says, check which cookies you use and enter information for website users in accordance with the ICO guidelines in the UK.
Cookies are small blocks of data created by a web server while a user is browsing a website and placed on the user’s computer or other device through the user’s web browser.
Cookies are placed on the device you use to access the website, and more than one cookie may be placed on the user’s device during a session.
Cookies perform useful and sometimes necessary functions on the web.
Some of them only use information about the user to improve the functionality of the website being viewed (e.g. they allow the website to be displayed in an appropriate way depending on whether we are viewing the website on a computer or phone, they enable viewing a favorite website without the need to authenticate each time, etc.).
However, others collect data about user preferences in order to then adjust them to them: e.g. displayed advertisements (you have certainly noticed this! You have just bought a plane ticket on one website, and when you go to another you see an advertisement for a hotel from the exact city to which you will soon fly ).
There are also those that are used for website statistics, and others that transmit information to third parties (e.g. Facebook).
In a word, cookies perform a very necessary function on your business websites, but the website user must be able to choose which cookies he or she agrees to and which ones he does not.
The cookie control function is also available to each of us through the settings on our phone, tablet or computer, however, the website administrator is also absolutely obliged to adapt his or her settings to legal requirements.
The ICO will assess cookie banners in the UK and take action if their content is found to be unlawful and harmful to consumers!
Both UK and European law require all websites to obtain users’ “informed consent” before storing cookies on their device – other than those that are “necessary” (i.e. enabling the use of services available on the website).
Unfortunately, many websites do not give users a clear choice as to whether they want to be tracked for personalized advertising.
The ICO has previously issued clear guidance that organizations must make it easier for users to ‘reject all’ advertising cookies and ‘accept all’.
Websites can still display ads when users decline all tracking, but they cannot tailor them to the viewer.
In January 2024, the ICO will provide an update on major UK websites being asked to make changes, but the action is part of wider efforts to ensure human rights are respected in the online advertising industry.
The ICO is now calling on all UK organizations with websites and website designers and developers to stop using harmful design practices that could undermine people’s control over their personal data and lead to worse outcomes for consumers and competitors.
A clear example of an often malicious design is cookie consent banners.
A cookie banner on a website should make it as easy for you to reject non-essential cookies as it is to accept them.
Users should be able to make an informed choice as to whether they wish to consent to the use of their personal data, for example for profiling for the purposes of targeted advertising.
What to do to be compliant?
It is MANDATORY to obtain voluntary consent to marketing content, i.e. subscription to the newsletter. These consents must be:
and secondly, you must be able to prove them in the future, and therefore keep a “Register of Consents”.
Any other solution will be a breach of UK GDPR law and you may be subject to a financial penalty.
Even if you do not collect any personal data through your website, even if your website is purely informational, even if its content is aimed solely at a business user – these principles apply to you to the same extent.