First a little background. Not interested? Skip this and scroll down to the cookie consent compliance checklist.
The EU Cookie Act, or ePrivacy Directive, is an older legal act, passed in 2002 and updated in 2009, mainly dealing with cookies, data retention and unsolicited emailing. It is a directive, not a regulation.
Now we have the ePrivacy Regulation, which deals with the privacy of data that companies collect from EU residents, just like the GDPR. It should have been in effect in 2018, but at the time of writing there is only a draft for 20210 . If passed, it is believed not to be in effect before the end of 2023.
The ePrivacy Regulation aims to protect the privacy of the electronic communication content and metadata of EU residents. This means that the scope of the ePrivacy Regulation goes beyond personal data and can include non-personal data, such as business-to-business (B2B) communications.
The scope of the GDPR, on the other hand, is limited to personal data. But make no mistake, the two data privacy laws are not supposed to work against each other. Instead, the ePrivacy Regulation is intended to complement the GDPR. For convenience, when we talk about compliance, we use ePrivacy compliant and/or GDPR compliant interchangeably.
Let’s move on to the cookie consent compliance checklist for cookie consent compliance and best practices. The list below may seem exhaustive, but keep in mind that the ePrivacy and GDPR are multi-interpretable in practice.
We recommend that you follow them, but more importantly, do so in a way that best suits your internet users. Being clear and unambiguous in setting your cookie consent and communication certainly has a positive effect on your image.
In addition, imagine that an internet user finds out that he is still being tracked even though he has rejected all cookies. You don’t want that. And you certainly don’t want to be fined. More and more initiatives are being taken to keep a finger on the pulse. A Basel initiative called None of Your Business has the sole purpose of reporting non-compliant websites to authorities. They have already made 422 reports of websites not using the correct cookie consent banner.
Therefore, try not to think of cookie consent as a set-and-forget-type initiative. Continue to ensure that you are compliant by regularly checking and documenting that your cookie consent is working. If you do get assessed, you can prove that you are doing everything necessary to comply with the rules.
Checklist for cookie consent compliance and best practices:
[Tip] Devise a strategy to convince users to become more involved with your organization or service by letting them sign up or providing you with their personal information. Make sure you have a clear and unambiguous opt-in. State explicitly what you are contacting them for. In return, give them something valuable for their trust (and opt-in).
Disclaimer : We are not a legal party and our advice in this cookie consent compliance checklist and best practices is not legally binding. We are only offering you some help in solving this problem with cookie consent. It’s a constantly evolving business, so things are also subject to change.
Download this cookie consent compliance checklist of best practices in PDF format for easy sharing with anyone who needs to see it.