A cookie is a small HTML code, stored locally on the website user's browser, which tracks users. Cookies may collect personal data such as a user’s name and geo-location, email, IP address, login details, online shopping details, website preferences, etc. privacy laws appeared recently, which regulate the website users' personal data acquisition, the use of cookies, and the Cookie Consent compliance. Read the article below to learn what cookie compliance is, the laws regulating it, cookie compliance solutions, and the consequences of non-compliance.
What is Cookie Compliance?
Cookie compliance is the process of ensuring the use of cookies on a website only in ways allowed by privacy laws. Cookie compliance is also called Cookie Consent compliance since it requires website owners to get a website user's consent to use cookies. There are also other requirements for cookie compliance, which vary from law to law but in a wide sense, most laws regulate users' privacy, personal data processing, and cookie usage.
The first regulations regarding cookie compliance were the ePrivacy Directive, commonly called the EU Cookie Law, and the EU General Data Protection Regulation (GDPR), which regulates the use of cookies in the European Union. These laws are also one of the strictest laws of such a kind. The ePrivacy Directive was passed in 2002 and was amended in 2009, while the DGPR was put into effect on May 25, 2018. The GDPR is the most comprehensive data protection legislation passed to this point.
In the USA, different states have different regulations for cookie compliance. The California Consumer Privacy Act (CCPA) was the first data privacy law in the US, which took effect on January 1, 2020. Virginia is the second US state to regulate cookie compliance. The Virginia Consumer Data Protection Act (VCDPA) was signed on March 2, 2021, and will go into effect on January 1, 2023. US state privacy legislation tracker shows that as of 2022, besides California’s CCPA and Virginia's CDPA, there is Colorado Privacy Act, which will take effect on July 1, 2023, and Utah Consumer Privacy Act, which will go into effect on December 31, 2023. Other states' data privacy laws are in different legislative processes and are supposed to take effect in a near future.
There are also other privacy laws regulating Cookie Consent compliance such as the Brazilian General Data Protection Law (LGPD), Thailand’s Personal Data Protection Act (PDPA), South Africa’s Protection of Personal Information Act (POPIA), and others.
GDPR Cookie Compliance
The General Data Protection Regulation (GDPR) is a European Union privacy law that took effect on May 25, 2018. It is a centralized and uniform EU standard of personal data protection, use of cookies and other tracking technologies on websites, and cookie compliance.
GDPR cookie compliance protects the following website users' rights:
- The right to be informed.
- The right to data access.
- The right to data rectification.
- The right to data deletion.
- The right to restrict the processing of data.
- The right to data portability.
- The right to object.
- The rights regarding automated decision-making and profiling.
GDPR cookie compliance ensures respecting user privacy and anonymity by regulating users' personal data collection and processing.
How to achieve GDPR cookie compliance?
The businesses have the following obligations under the GDPR:
- Get Cookie Consent before the use of cookies.
- Inform users about the types of cookies used and what are their purposes.
- Provide easy Cookie Consent withdrawal at any time.
- Record all user Cookie Consentss.
- Permit access to content regardless of Cookie Consent.
Along with this information, to ensure the EU cookie law compliance it is also recommended to include a link to legal documents such as the Privacy Policy or the Cookie Policy of a company where the website users can find details about the cookie usage and personal data management in depth.
Who has to comply with GDPR?
It is important to note that GDPR protects personal data seriously. This is not a recommendation, it's an obligation. The GDPR and ePrivacy Directive apply to all businesses inside the EU, UK, Norway, Island, Lichtenstein, and Switzerland. The GDPR applies to all businesses in the EU that collects users' personal data. It also applies to businesses outside the EU that either:
- Offer goods or services to customers in the EU.
- Collect the personal data of anyone in the EU.
If your company meets any of those criteria, you need to follow the guidelines for EU cookie compliance regardless of where the company is located. Companies that do not follow cookie compliance are punished with fines. The biggest fine so far was charged to Amazon. €746 million fine was related to non-compliance with Cookie Consent. The website was tempting to force users to “agree” to cookies by default, and to make opting out of cookies was difficult.
Try a Cookie Scanner to see what cookies, including Third-Party Cookies, your website uses:
CCPA Cookie Compliance
The California Consumer Privacy Act (CCPA) is a privacy regulation that took effect on January 1, 2020. CCPA gives California consumers the right to know what information is being collected on them and how their data is being used.
CCPA cookie compliance protects the following California consumers' rights:
- Right to know. California consumers must be informed about the use of website cookies.
- Right to delete. California consumers must have the right to request for deletion of their personal data.
- Right to opt-out. Businesses should include a link to their Cookie Banner that allows website users to accept or reject cookies. The consent should be specific, freely given, informed, and unambiguous.
- Right to withdraw. California consumers could be able to withdraw their consent for specific cookies at any time.
- Do not sell personal information. If your business sells consumers' personal information, you must disclose this fact, state to whom you are selling it, and get consent from a user to sell it.
- Be mindful of consumers' age. The CCPA ensures extended protection for consumers under the age of 16.
The CCPA will be significantly expanded by the California Privacy Rights Act (CPRA), which will go into effect on January 1, 2023. The CPRA cookie compliance expands these rights for California Consumers:
- Right to correction. California consumers can request correction of their personal data held by a business if that data is inaccurate.
- Right to opt-out of automated decision-making technology. California consumers could request to opt-out of the use of automated decision-making technology in connection with decisions related to the economic situation, health, personal preferences, interests, behavior, geo-location, racial or ethnic origin, religious or philosophical beliefs, etc.
- Right to access information about automated decision-making. California consumers could requests access to information about how the automated decision-making processes are performed and access to a description of the likely outcome based on that process.
- Right to opt-out of sharing sensitive personal information. California consumers may restrict the use and disclosure of sensitive personal information for certain secondary purposes to third-parties for cross-context behavioral advertising, which essentially refers to interest-based advertising.
- Right to opt-out of certain uses and disclosures of sensitive personal information. Sensitive personal information could refer to the following information: consumer’s account log-in details; financial account, debit card, or credit card number in combination with a security or access code, password, or credentials; social security number, driver’s license, state ID card, or passport number; precise geo-location; racial or ethnic origin, religious or philosophical beliefs, or union membership; the contents of a consumer’s email and text messages unless the business is the intended recipient of the communications; genetic data and biometric data; health, sex life or sexual orientation.
- Rights for children. A company must obtain implied opt-in consent before selling or sharing the personal information of a consumer under 16.
- Right to data portability. California consumers can request businesses to transmit their personal information or a part of it to another company.
Cookie Compliance Solutions
The cookie compliance requirements under different privacy laws aren’t identical, so businesses need to adjust their cookie practices to comply with them. Websites should use different cookie banners with different settings depending on location.
CookieScript Consent Management Platform provides a reliable and easy-to-use cookie compliance solution, which ensures your business' cookie compliance with Europe's GDPR/ePR, California's CCPA/CPRA, Brasil's LGPD, and other major privacy laws.
CookieScript offers the cookie compliance solution for your business with the following functions:
- Provides geo-targeting. Different Cookie Banners and privacy notices will be delivered to website users based on their geographic locations. Cookie banners will not conflict with each other and the proper script will be taken for each location.
- Provides fully customizable GDPR and CCPA Cookie Banner. You can personalize colors, fonts, text and style.
- Provides one of the most configurable Cookie Banner on the market, which allows to adjust to your website's design.
- Scans your website for cookies and tracking pixels.
- Categorizes and adds descriptions to your cookies.
- Maintains a full history of user consent (as required by privacy laws).
- Allows users to withdraw consent at any time.
- Blocks cookies until users agree to the Cookie Consent and the Privacy Policy.
- Provides a cookie declaration that includes a Cookie Provider and third-parties information.
Cookie Compliance Checker
To achieve cookie compliance you must know what cookies your website sets on users’ devices. There are several ways to identify cookies on your website:
- First, you can check for cookies manually using your web browser settings.
- Second, you can use a Cookie Scanner to see cookies, present on your website uses.
Please note that there are many cookie compliance checkers on the market to scan websites for cookies. However, a simple cookie compliance checker would usually fail to collect all cookies from more complex websites since that requires some advanced technologies, like executing existing JavaScript scripts and browsing a website with an actual web browser.
CookieScript Cookie Scanner is a professional cookie compliance checker, which scans your website and provides a detailed cookie declaration report with automatically categorized cookies, including Third-Party Cookies. Our CookieScanner has a pre-build database of cookies, which on average covers 80% of your website cookies.
CookieScript cookie compliance checker is free and has the following characteristics:
- No email is required.
- Pre-build database of cookies.
- Automatic detection of special cookies.
- Monthly updates.
- Scans individual pages.
- Free and fast scanning.
Cookie Compliance Plugin
Any business must ensure cookie compliance to avoid fines for violating privacy laws and to achieve customers' trust regarding personal data management. Since GDPR cookie compliance and CCPA cookie compliance have some differences, businesses could use cookie compliance plugins to comply with the privacy laws of the countries where they provide services.
The CookieScript Consent Management Platform is one of the best plugins available to get your website both GDPR and CCPA compliant. The primary feature of this Cookie Consent plugin is to enable a Cookie Banner that is both GDPR and CCPA compliant on your website. With the help of geo-targeting, different Cookie Banners will be delivered to website users based on their geographic locations.
CookieScript cookie consent tool was tested and approved by 200.000+ websites.
The CookieScript cookie compliance plugin could be used for integration with many systems. See the step-by-step guides on the following cookie compliance plugin integrations:
- Cookie compliance integration for Wordpress and WooCommerce.
- Cookie compliance integration for Shopify.
- Cookie compliance integration for wix.com
- Cookie compliance integration for PrestaShop 1.7
- Cookie compliance integration for Joomla
- Cookie compliance integration for Drupal 8
- Cookie compliance integration for Magento
- Cookie compliance integration for OpenCart
- Cookie compliance integration for SquareSpace
- Cookie compliance integration for Weebly
- Cookie compliance integration for Shopware
Frequently Asked Questions
What is cookie compliance?
Cookie compliance, also called cookie consent compliance, is the process of ensuring the use of cookies on a website only in ways allowed by privacy laws. There are Europe's GDPR, California's CCPA, Brazil's LGPD, Thailand’s PDPA, South Africa’s POPIA and other privacy laws, which require cookie compliance. CookieScript provides GDPR, CCPA, and other laws' cookie compliance solutions.
What is GDPR cookie compliance?
The General Data Protection Regulation (GDPR) cookie compliance is the process of regulating the use of cookies and other tracking technologies on websites, and the processing of users' personal data in the European Union in a centralized and uniform manner. Use CookieScript Consent Management Platform to be GDPR compliant.
What is CCPA cookie compliance?
The California Consumer Privacy Act (CCPA) cookie compliance is the process of regulating the use of cookies and other tracking technologies on websites, and the collection and processing of personal data for California consumers. Use CookieScript Consent Management Platform to be CCPA compliant.
Is my website cookie compliant?
You can find out if your website is cookie compliant with the help of a professional and free CookieScript cookie compliance checker. CookieScript Cookie Scanner has a pre-build database of cookies, which on average covers 80% of your website cookies, which is substantially more than a simple cookie compliance checker would usually do.
Do I need cookie compliance in the US?
In the US, different states have different regulations for cookie compliance. The California CCPA took effect on January 1, 2020. The Virginia VCDPA will go into effect on January 1, 2023. Other states' data privacy laws are in different legislative processes and are supposed to take effect in a near future.
Who is responsible for cookie compliance?
The EU Cookie Law states that a website owner is responsible for first-party cookies. It does not require that you list cookies one by one, only that you state the type, usage, and purpose of cookies. If you use Third-Party Cookies, both you and the third-party are responsible for the cookie compliance.
What are cookie compliance solutions?
There are many cookie consent management platforms, which provide cookie compliance solutions. CookieScript Consent Management Platform provides a reliable and easy-to-use cookie compliance solution, which ensures your business' cookie compliance with Europe's GDPR/ePR, California's CCPA/CPRA, Brasil's LGPD, and other major privacy laws by using geo-targeting.