Transparency is quickly becoming a vital asset for websites online. It is a tool that helps them gain a competitive advantage over their competitors. At the same time, a lack of transparency can signal an irrecoverable loss of trust by the users. A key contributor to achieving transparency is by gaining proper consent from users online before using any tool that may infringe on their right to digital privacy.
What is a Cookie Notice?
The cookie consent agreement, better known as a cookie notice, is a website's way of communicating what cookies they use, how they use them, and how it helps them help their users. Depending on which website a user visits, the cookie notice could be a pop-up, a header, or a footer.
However, the important thing is that all cookie notices serve a single purpose; to inform users how cookies on the site work and how they can accept them or manage them otherwise. There are certain rules a cookie notice has to fulfill, namely the European Data Protection Board's guidelines on valid consent:
Article 4(11) of the GDPR stipulates that consent of the data subject means any:
- freely given,
- specific,
- informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
For more information about why these cookie notices are important, examples, and requirements under various laws around the world, read on below:
Is Cookie Consent Notice Important?
In short, yes. As per new data protection laws already enforced or in the process of being enforced, the first thing a user will see when they visit any site is the cookie consent notice. They can then decide whether they agree to all the cookies being stored on their device or whether they'd like to manage which cookies are stored.
The user must have the ability to make a free choice without feeling pressured into a particular option. Hence, the cookie consent notice will play an important role in getting the user to agree to have the cookies stored with complete and proper consent.
A cookie consent notice is a legal requirement in most countries. Users now expect to have a more extensive degree of control over their data. Similarly, websites cannot restrict users' access to a site or its features due to their refusal to accept cookies.
In such a scenario, a consent notice is the website's way of presenting its case for how cookies help make the user's browsing experience better in real-time.
Requirements for GDPR, CCPA, & LGPD Compliance
The most cumbersome part about having a reliable cookie notice is the need to alter it depending on which country the website is being accessed from. This is all down to the fact that most data protection laws have varying requirements for websites' cookie notices.
However, considering how the GDPR, the CCPA, and the LGPD represent the laws that are considered the benchmark for most other data protection regulations globally, complying with them should set you on the right trajectory towards achieving compliance under all other laws. Here's what's required from a website's cookie notice under these three laws:
GDPR
As per GDPR, a compliant cookie consent notice must:
- Acquire clear and unambiguous consent.
- Collect consent before processing a user's data.
- Document all records of collected consents.
- Specify all the types of cookies and tracking technology it uses.
- No pre-ticked checkboxes.
- Enable users to revoke consent on each category of cookies.
- Annual consent renewal.
CCPA
Cookie consent notice requirements under the California Consumer Privacy Act (CCPA) differ in some major categories from the GDPR. The first is the opt-out model, where a website can continue to store cookies and collect user data until the user opts out of having such data collected. Some requirements a business is still expected to comply with include:
- Acquire clear and unambiguous consent.
- Document all records of collected consents.
- Specify all the types of cookies and tracking technology it uses.
- Enable users to revoke consent on each category of cookies.
LGPD
The General Personal Data Protection Law (LGPD) places the following obligations on websites when implementing cookie consent notices online:
- Consent must be affirmative, specific, and unambiguous.
- Identification of the data handlers purpose of processing.
- Duration of the cookie's storage.
- Links to resources on how to withdraw consent.
- Links to complain, correct, and transfer data.
- An option to decline.
Cookie Notice Examples
Here are some examples of Cookie Notices from a few major websites indicating that there are different ways to notify users about cookies:
