The three things website owners need to know about internet cookies

GDPR has helped push the use of cookie files into in the public consciousness, Compliance Compendium chief business development officer Gareth Gadd explains how to navigate the topic as website owners.

Research published by PWC in February 2011 found that 41 per cent of those surveyed did not know that there were different types of cookies and 37 per cent said they did not know how to manage cookies.

When actually testing respondents’ knowledge of cookies only one out of sixteen statements was answered correctly by most respondents. “If those results were unchanged for 2018 then I would not be surprised,” Gadd said.

“GDPR has raised peoples awareness that cookies contain personal data but you only have to land on a high-traffic website to see that many organisations either still don’t understand cookies or they are hoping that they can continue harvesting customer data until the ICO catch up with them. Good luck with that!”

Website owners must now understand that:

  1. Consent must be “positive” given by opting in – simply visiting a site doesn’t count as consent. That is consent by stealth and is no longer acceptable.
  2. Consent must be freely given and you can’t say “by using this site…” (see 1 above). Importantly – if consent is not freely given then the law assumes that there is no consent.
  3. You must be able to withdraw consent as easily as it was given.

This cuts both ways, Gadd added, because people are rejecting cookies wholesale and this negatively impacts things such as paid search and email marketing.

The latest research conducted by RegTech Analyst has shown investors have poured over $200m into companies addressing GDPR since June 2017.

GDPR alongside, MiFID II were reported as the most challenging regulations to comply with for compliance professionals from financial institutions, shown in figures from this year’s RegTech Review.

Of the 819 RegTech companies currently in the market, 178 vendors offer products to combat GDPR rules.

Compliance Compendium provides a DPO as a Service solution and offers advice on policies and policy documentation.

Enjoyed the story? 

Subscribe to our weekly RegTech newsletter and get the latest industry news & research

Copyright © 2018 RegTech Analyst

Investors

The following investor(s) were tagged in this article.