Managing cookies on your website: what you need to know

• Monday, October 19, 2020
• By 3chillies

The way you manage cookies on your website is important from both a regulatory and a brand perspective. However, many website managers and digital teams regard cookie management as a necessary evil, something that they have to do to comply with laws and regulations and that the majority of users don’t actually care about that much. To be honest, we completely understand that  view – cookie management can get in the way of user experience with the messages that appear to new visitors and has the potential to drain time for busy web teams. But regarding cookie management as a “necessary evil” can lead to complacency and even missed opportunities.

In this article we’re going to explore why the way you manage cookies is important, some of the issues involved, and how an automated solution can support users and web teams.

Why you should take cookies seriously

While it might be tempting to cut corners with cookie messages and cookie management, actually this is a more important area than some digital teams realise. There are two main reasons why you should take cookies seriously.

Firstly, there are laws in place that you need to follow. In the UK, the Information Commissioner’s Office (ICO) are the people who look after matters relating to data protection and can dish out fines relating to cookies if regulations aren’t met. In line with wider developments relating to GDPR and data privacy, the ICO’s guidelines on cookies have shifted towards much firmer processes around user consent, and many corporate websites are now behind what the ICO recommends as best practice.

Secondly, data privacy is an increasing area of concern for users, particularly as more online transactions are occurring through the pandemic, and users realise just how much is known about them. Showing a strong commitment to data privacy is an opportunity to show that your organisation respects its customers and can differentiate you from other companies who take data privacy less seriously. As our lives become ever more connected and online, safeguarding data privacy will increasingly be recognised as an important brand asset. 

In a nutshell, you have to manage cookies, therefore you should do it properly, showing your customers and site visitors your commitment to the privacy of their data.

What you need to do

There is still some confusion about what companies need to provide to users when it comes to cookies. The EU Cookie Directive was introduced in 2011 and has been introduced by all member states; in the UK it is reflected in existing regulations relating to Privacy and Electronic Communications. Although the UK has now left the EU, the rules around cookies are not changing and will need to continue to be in operation. 

The basics of the requirements are that organisations need to seek the consent of site visitors to use cookies and offer site visitors the opportunity to refuse the use of cookies. The principle behind this is to protect the data privacy of individuals. In practice this means that a new visitor to your site should expect to see a cookie message that offers them the ability to:

1. give the general consent to cookies (or not) in a way that is “actively and clearly given”
2. view information about the cookies that apply to your website to make informed decisions about consent
3. be able to give consent to cookies on an individual basis so these are not deployed relating to their visit.

If you’re reading that and thinking “hmm that sounds a bit more stringent than I thought”, then this may be the case. Many UK websites still rely on implied consent, putting a cookie message on the home screen with a message that equates to “by clicking OK you consent to the use of all cookies” or “by continuing to use this website you content to use of all cookies”  with the potential to view more information if necessary. This is effectively an uneasy balancing act between user experience and safeguarding data privacy with an easy-to-dismiss message which appears as unobtrusively as possible. 

In the UK, the ICO updated their guidelines which suggests organisations need to be taking their cookies more seriously, making the consent process more explicit and putting more control in the hands of users. Remember all the faffing about that you probably have done around consent with GDPR? Basically, you should be applying that kind of detail and thought process to cookies.

Law firm and 3chillies client RPC issued this useful post on what the new ICO guidelines mean in practical terms. Among those listed include: 

1. you should no longer be relying on implied consent
2. need to take care about how the presentation of messages (you can’t emphasise “agree” above “reject” for example)
3. you must name third party cookies and what these third parties will do with the information.

It is worth noting that this is an area where there may well be further changes going forward.

Easing the pain on the team

Without some kind of solution to help automate or party automate cookie management, presenting an experience to users that ensures they can view information, give general consent or provide consent for some cookies and not others, is very challenging. A manual approach is not realistic because:

1. Cookies and the detail behind them change often, and non-technical teams will find it hard and time-consuming to keep up
2. The process for consent cannot be managed from within your CMS or using forms
3. Central digital teams with a portfolio of websites are likely to want to enforce the same standards around cookie management across all their sites
4. The regulations around what you need to provide for users may change in the future so you may need to then tweak your approach accordingly.

The good news is there are a number of cost-effective solutions on the market that ease the pain on digital teams, helping them manage cookies and save a lot of time in the process. The solution we work with here at 3Chillies and deploy to our clients is Cookiebot.

Introducing Cookiebot

Cookiebot is one of the most robust and mature solutions around and combines:

1. a good user experience across different web browsers and devices, including smartphones
2. the granularity and control for users that means you are supporting data privacy and carrying out best practices
3. capabilities that make life easier for busy web managers and digital marketing teams
4. very reasonable pricing and straightforward deployment.

The solution has three main components:

1. Cookie consent: Provides a consent process for site visitors so a website can be compliant with GDPR, CCPA and more.
2. Cookie monitoring: Automatic scanning and reporting for any cookies and online tracking on your website.
3. Cookie control: Automatic blocking of any cookie, including third-party cookies, until consent is provided by the site visitor.

You may have already experienced Cookiebot as a visitor to this website; if you want to have another look you can load the 3chillies website in an incognito browser session.

This complexity of maintaining these capabilities is largely automated for web teams. Features such as the automatic scanning and reporting of any cookies on your site is particularly useful for site admins, and positively a life saver for any central team with oversight of a portfolio of sites and needs to have a uniform and standardised approach to cookies across their entire digital footprint.

Taking cookie management seriously

Whether you use Cookiebot or another solution, we’d urge you to take a fresh look at how you manage cookies on your website. When you manage cookies on your website, you really need to be doing it properly. If you’d like to discuss Cookiebot or cookies, then get in touch.

As a Cookiebot partner we can sign you up for a completely free 1 month trial today and take you through the results of your website scan and the range of configuration options available.

Get in touch