Cookies are used throughout our internet browsing experience. They enable the personalisation of our internet browsing experience. Cookies are the feature that allows shopping carts to remember what we are thinking of buying as we move from one web page to another and automatic log-ins to remember our passwords. Advertisers also make use of cookies. They use the information collected about us to show us more targeted advertisements.
If you own a website, you will likely already be aware of how useful cookies can be. But you have to watch out. The law limits your use of cookies.
So the question is, are you using cookies lawfully?
Internet cookies and the GDPR
On 1 October 2019, the European Court of Justice (the apex court of the European Union) ruled on various issues including that of cookies in the Planet49 Judgment. In summary, it ruled that a data subject’s consent for the use of cookies by a website cannot be given through a pre-ticked box. The court held that pre-ticked boxes do not meet the standards of freely and informed consent which both the GDPR and the old Data Protection Directive requires. The court also held that the website must disclose how long a cookie will remain on a data subjects device.
So what does this mean for you?
A compliant cookie notice and cookie policy
While this ruling hasn’t changed the law on cookies dramatically, it is important that you revisit your cookie notice and policy to make sure you are using them lawfully. You need to make sure that your cookie notice requires actual (not deemed) consent. Your cookie policy must specify the duration for which you use cookies.
Many websites have terms of use, privacy policies, and cookie notices and policies that are poor and in many cases simply false. We suggest that organisations who are, however, intent on doing the right thing and protecting the data of their customers, employees and business associates address this issue and align themselves with this ruling.
How we can help you?
- Find out more about internet cookies and implement a cookie notice and cookie policy yourself by joining the Michalsons data protection programme.
- Have a compliant cookie notice and cookie policy by asking Michalsons to draft and implement them for you.
- Update your existing cookie notice and cookie policy by asking Michalsons to review and update them for you.