In this article, we'll take a look at what the EU Cookies Directive is, what it requires, and who it applies to. We'll also walk you through a number of different steps you can follow to comply with the EU Cookies Directive. Finally, we'll wrap up by sharing some examples of websites that are in compliance with the EU Cookies Directive.
- 1. Understanding the EU Cookies Directive
- 2. How to Comply with the EU Cookies Directive
- 2.2. 2. Have a Cookies Policy
- 2.3. 3. Have a Banner or Pop-Up Notification
- 2.4. 4. You Must Get Consent for Using Cookies
- 2.5. 5. Provide an Easy Opt-out Method
- 3. Compliant Cookies Notices
- 3.1. Examples
- 4. Remember
Understanding the EU Cookies Directive
The EU Cookies Directive was adopted as an amendment to the ePrivacy Directive and covers all kinds of online tracking technologies including cookies, device fingerprinting, local shared objects, web beacons, HTML5 local storage and other technologies that track online activities.
- Give visitors detailed information about how the data collected with cookies will be used.
So, for example, if you own or operate a blog and are using Google Analytics or other third party tools, you are required to comply with the EU Cookies Directive.
Now that you have a clear understanding of what the EU Cookies Directive is and what it requires, let's take a look at how you can make sure your website complies with it.
How to Comply with the EU Cookies Directive
In the following sections, we'll walk you through five different things you need to do in order to make sure your website is compliant.
Privacy Policies are required by laws intended to protect consumer privacy rights. Because you're collecting information from your site's visitors that could be used to identify them, you are required to comply with those laws.
Protected information is called personally identifiable information and it includes names, email addresses, street addresses, phone numbers, credit card information, blood type, marital status and more.
If you're not knowingly collecting personal information from your site's visitors, it's possible and even likely that you may be doing it unknowingly.
2. Have a Cookies Policy
At minimum, your Cookies Policy should inform your site's visitors that you're using cookies, explain how you use them and have some information on how users can manage cookie settings on their devices.
In order to be compliant with the EU Cookies Directive, you'll need to cover the following points in your Cookies Policy:
- Explain what cookies are.
- Mention the types of cookies you use, including those used by your third parties.
- Explain how you're using the cookies.
- Include instructions for how users can manage their cookie settings on their device(s).
Having a Cookies Policy posted on your website that covers all of these bases is perhaps the best way for EU-based businesses to stay compliant with the EU Cookies Directive. Here's how the Information Commissioner's Office website explains which types of cookies they use and why they need them:
The website uses a table with three columns - Cookie, Name, Purpose - to explain the types of cookies they're using, the specific name of each cookie, and why they use it. This user-friendly approach is recommended in order to help educate and empower website users.
In addition to this, they also have a section on How do I change my cookie settings that links to helpful resources on how users can see which cookies have been set on their devices, and how they can manage and delete them. The section also links to a page that explains how users can opt out of being tracked by Google Analytics.
3. Have a Banner or Pop-Up Notification
One way to do this is by adding a banner or pop-up notification to your website so that first-time visitors are notified of your cookie usage and are given a link to your complete Cookies Policy.
4. You Must Get Consent for Using Cookies
Under the EU Cookies Directive, consent must be actively provided by the user through some type of affirmative action before a website can place cookies on a user's device.
Here's an example from GoDaddy's UK website:
5. Provide an Easy Opt-out Method
In fact, most website owners simply add a clause to the end of their Cookies Policy that either (1) explains how to opt out, or (2) links to resources that explain how to opt out of cookies.
Most resources will explain how to see which cookies have been set on a device and the steps to manage cookie preferences or delete (or disable) cookies from a device.
Compliant Cookies Notices
Remember, your Cookies Notice needs to satisfy four requirements to comply with the EU Cookies Directive:
- It must be prominently displayed to website visitors immediately when they reach your website. It needs to be on every page so first time visitors are presented with it no matter how they enter your website.
- It must give users a clear and simple way to access your Cookies Policy, where they'll be given information about adjusting their settings.
Let's take a look at some examples and their components that make them successful and compliant.
Here's a Cookies Notice pop-up from The Original Tea Towel Co.:
In this example, users must click to accept cookies before the site will place cookies on their device. The notice is very informative and briefly explains cookies, mentions third parties, and includes links for learning more and deleting cookies.
This approach complies with the EU Cookies Directive.
Additionally, the same site provides a link in the website footer that navigates to the dedicated Cookie Notice page. The Cookie Notice link is particularly easy to find because it is underlined.
This is another good example of a compliant pop-up Cookies Notice from The Atlantic:
In order to comply with the EU Cookies Directive you must:
- Have a Cookies Policy in place and clearly posted.
- Present a link to your policies in a conspicuously placed banner or pop-up as well as in the website footer/app About/Legal menu.
- Acquire informed consent from each user before using cookies.
- Provide an opt-out method.
By following these guidelines, you can position yourself to meet the requirements of the EU Cookies Directive and limit your legal liabilities with regulators and consumers.