Cookies are small text files that are stored on a user's device when they visit a website. They are used to track the user's personal information, such as login credentials, browsing history, preferences, or shopping cart contents. There are several ways to manage cookies on a website.
Read this blog to find out what is cookie control, how to manage it, and how to stay compliant with the GDPR, the CCPA, and other major privacy laws. At the end of this article, you will also find an automatic cookie control solution, offered by CookieScript.
What is Cookie Control?
Scan your website for free to see all your website cookies in use.
Cookie Control in the EU
Here are the main points you must follow while adding a Cookie Banner on a website:
- Describe what kind of cookies you intend to set and why.
- Explain why you need to set cookies.
- The banner should have opt-in and opt-out options for accepting and rejecting cookies, accordingly.
- Do not drop cookies BEFORE the user gave explicit consent (opt-in option).
- Do not use pre-ticked check boxes for Cookie Consent.
- Give a possibility to enable Cookie Consent based on cookie category.
- Give a possibility to withdraw or change the Cookie Consent status on every page of your website.
- Document and store all user consents.
- Non-interaction with the banner or scrolling over the web page does not mean the user gave Cookie Consent.
Under the GDPR, explicit Cookie Consent mode is required, meaning that the user must take clear affirmative action to accept cookies.
Websites must disclose what kind of cookies are used, for what purposes, and other details in the cookie notice with the possibility to opt-in and opt-out of cookies.
CookieScript Cookie Banner that allows cookie control by providing different categories of cookies and the possibility to accept or reject each category.
Cookie Control in the US
In the US, cookie control and the processing of personal information are not regulated on a federal level like it is in the EU by the GDPR. Different states have their own privacy laws regarding personal information management, which are in various legislative processes.
California was the first US state to enforce the digital privacy protection. The California Consumer Privacy Act (CCPA) took effect in January 2020. Virginia (VCDPA), Colorado (CPA), and Utah also have privacy laws passed. The CCPA and the VCDPA are already in force, while Colorado and Utah privacy laws will enter into effect on 1 July 2023 and on 31 December 2023, accordingly. Some other states have no real protection for website users at all.
Under the CCPA, the users have the right to request disclosure of personal information that a business has collected on them, and the right to request deletion of the information.
In addition, under the CCPA, users have the right to opt out of cookies that sell their personal information to third parties.
To comply with the US privacy laws for cookies, users must have the following rights:
- Right to notice. Users have the right to be informed about what personal data is being collected about them and the purposes for which the information is being used.
- Right to know. Users have the right to know the third parties with whom the business shares the information and whether their personal data is sold or disclosed.
- Right to disclosure. Users have the right to access their personal data upon request.
- Right to opt-out. Users have the right to agree or disagree to collect, manage, or sell their personal data.
- Right to deletion. Users have the right to ask for the deletion of their personal data.
- Right to equal services and prices. Users must not be discriminated against for exercising their privacy rights.
Like under the GDPR, the US privacy laws require websites to disclose the cookie information in the cookie notice with the possibility to opt-out of cookies.
Cookie Control in the UK after Brexit
After Brexit, the EU GDPR does not apply in the UK. Now the Data Protection Act 2018 (DPA 2018) and the UK GDPR regulate data protection in the UK with the Information Commissioner’s Office (ICO) as the leading data protection authority in the UK. Read the compliance requirements for the UK Data Protection Act 2018.
Cookie Control in Web Browsers
Cookies could also be controlled by browsers or plugins from the user side. Some privacy-friendly browsers like Apple’s Safari, Brave, or Firefox automatically block Third-Party Cookies. Google initially announced in early 2020 that it will also automatically block Third-Party Cookies in Chrome by default. However, the decision was delayed several times. Lately blocking Third-Party Cookies in the Chrome browser was delayed until 2024. In August 2019 Google launched Privacy Sandbox to replace the use of Third-Party Cookies. The Privacy Sandbox initially proposed using an algorithm in the browser, called Federated Learning of Cohorts (FLoC). However, FLoC technology does not seem to be an alternative to Third-Party Cookies. The latest Google initiative to replace Third-Party Cookies in Chrome is the so-called trust token API, which is in a trial process now.
Alternatively, users can manually set up to disable third-party or even first-party cookies. Read an article about the pros and cons of disabling cookies, and how to disable them.
Please bear in mind that disabling strictly necessary cookies could break websites since the most basic functions of a domain could stop working.
If you want to control cookies by yourself, read these step-by-step guides on how to control or disable cookies for different devices, operating systems, and browsers:
- The guide on how to disable cookies on Android.
- The guide on how to disable cookies on iPhone.
- The guide on how to disable cookies on iPad.
- The guide on how to disable cookies on Macbook.
- The guide on how to disable cookies in Chrome.
- The guide on how to disable cookies in Firefox.
- The guide on how to disable cookies in Safari.
- The guide on how to disable cookies in Edge.
You could also delete already existing cookies on your device. Different browsers may require a bit different procedures, but as the basic way, go to Settings, then Privacy, and then Cookies, where you will find the Delete Cookies or Clear data tab. By clicking these tabs you could delete all cookies or just selected cookies.
Automatic Cookie Control Solution by CookieScript
If cookie control seems complicated, it is another way to stay compliant with privacy laws. Cookie control could be easily achieved through a cookie manager like the CookieScript Consent Management Platform.
CookieScript CMP is the best cookie control solution control solution for your business with the following functions:
- Displays a Cookie Consent banner using geo-targeting. Different cookie banners will be delivered to website users based on their geographic locations.
- Provides fully customizable and configurable Cookie Banner. You can personalize colors, fonts, text, and style, and adjust the banner to your website's design.
- Categorizes cookies and provides a cookie declaration that includes a cookie provider and third-parties information.
- Maintains a full history of user consent for proof of compliance.
- Allows users to withdraw consent at any time.
All these features come with affordable pricing that is much cheaper than alternatives in the market! Pricing plans are adjusted per the number of domains, you pay for as much as you really use.
With the PLUS pricing plan, which is just €9 per month/domain, you can scan 3000 pages per domain and have all necessary features included. You could also have a free Cookie Banner for a staging website.
Frequently Asked Questions
What is cookie control?
What is cookie control in the EU?
What is cookie control in the US?
Is cookie consent required in the US?
Should I accept or decline cookies?
There are options regarding cookie control: accept all cookies, reject all cookies, or accept just first-party cookies and reject Third-Party Cookies. Enabling all cookies is recommended for users who want to get the best internet browsing experience and who do not mind sharing their data with third parties. Disabling cookies entirely is not recommended since many websites will not function normally. CookieScript recommends enabling just first-party cookies and disabling Third-Party Cookies. See the guides on how to enable or disable cookies for various browsers.
GA4 uses first-party cookies to separate unique users and unique sessions from a single user. GA4 does not require you to set cookies on your website to receive data and transmit it to Google Analytics. However, it requires user consent.
Does Google Analytics 4 require cookie consent?