If there is one topic which seems to be rearing its head again and again lately, it is the topic of website cookie management and the display of compliant cookie banners.
The concern around getting cookie right has been a topic for concern since the implementation of the PECR (the Privacy and Electronic Communications Regulations) in 2003. However, in recent weeks, we have seen a flurry of interest due to a new ruling by the European Court of Justice.
In short, the PECR via regulation six, states that cookies can only be used on websites where subscribers or users of terminal equipment have:
Been told which types of cookies are in use.
Been told what those cookies in use do.
Consented to those cookies being deployed.
Since 2003, most sites have displayed a box at the bottom of their site complying with points one and two, accompanied by an "Okay" button confirming the acceptance of cookies that had already been deployed on access of the site.
This interpretation of point three has always been loose at best and so on the 1st of October, the ECJ ruled that cookie consent would no longer be lawful unless it was agreed to before cookie deployment. In other words, websites will need to seek consent through an explicit acceptance before it can deploy cookies.
The outcome of this ruling is that many a website administration team are now seeking to change their cookie banners to something compliant at rapid pace.
To ensure compliance with the PECR and the latest ruling from the ECJ, website administrators should consider the following options for cookie banners:
Explicit Accept Buttons on Cookie Banners
To comply with the new ruling from the ECJ, accept buttons post cookie deployment are no longer permitted. Instead you must seek explicit consent from website visitors, otherwise known as users of terminal equipment.
Above is an example of how this would need to be implemented.
There is no ruling on the need for an option to decline and it might be the case that some website administrators choose not to allow website visitors who do not accept at least the mandatory cookies used by the site.
It is however worth pointing out, that a click of the close button or anything other than accept, cannot be lawfully considered as explicit consent.
Cookie Banners with Preference Centers
To satisfy points one and two of PECR regulation six, usage of cookies requires that subscribers and users of terminal equipment are told both which cookies are in use and what they do.
A preference center connected to your cookie banner will list all cookies in use, categorise them and include explanatory text around each cookie category.
In the example above, cookie categories can be deemed mandatory or optional, meaning site visitors potentially have the option of determining which cookies they are happy to allow or disallow. This feature is in accordance with recommendation set out by the IAB (Interactive Advertising Bureau).
How Can OneTrust Help?
All the examples in this blog have been created using the OneTrust Cookie Management software - a cloud based application which can be used to create cookie management banners and preference centers using a simple wizard.
The solution is IAB compliant and can be used in collaboration with the popular Google Tag Manager tool.
For further information about OneTrust solutions, to book a demo or even request a trial account, please visit this page. Advanced Cyber Solutions has assisted a number of companies with their transition to a lawful cookie banner and are able to help you too.