Website tracking in the age of GDPR
In an increasingly digital world, cookies have become a stable part of our everyday online life. While most people simply accept cookies upon the first visit on a website, many would probably rethink their online behavior if they were presented with knowledge about what cookies actually are and what they can do. Keep reading for an introduction to cookies and how the GDPR affects website tracking.
What is a cookie?
A cookie is a small text file that contains data about a website visitor. The technology behind cookies was invented in the early 90’s and their name was inspired by the real life fortune cookies, as both types of cookies can be seen as structures containing a message.
Almost every website is running on cookies and while some are necessary for a website to function properly, others are set to collect data for marketing purposes.
Cookies can be grouped into four categories: Necessary cookies, preference cookies, statistics cookies, and marketing cookies. Statistics cookies and marketing cookies make up the majority of active cookies on the world wide web.
Cookies are not a bad nor evil technology, as all they do is collect information. It is, however, what one can potentially do with the information that is troubling.
What is a tracking cookie?
A tracking cookie is, most often, a marketing cookie or an analytics cookie. Tracking cookies are characterized by being able to record data about end-users browsing activity, IP address, purchases etc.
This information is useful to businesses seeking to improve their marketing effort through targeted marketing. By using cookies and collecting data, business owners can get interesting insights about their end-users – insights that can be utilized to convert visitors to customers.
Third party cookies are especially useful for business owners as they are able to track users across different websites – in other words, cross site cookie tracking. You have probably seen the social media buttons on websites that lead to the company’s Facebook page, Twitter accounts etc. These seemingly inconspicuous buttons actually enable said organizations to track users across the web.
What is the GDPR?
The General Data Protection Regulation, often abbreviated to GDPR, is an EU data privacy law that sets strict regulations for how website owners manage data about their end-users. In other words, website owners are now obligated to follow strict data handling requirements and provide transparency, while end-users are given control of how their data is used.
The GDPR was enforced on May 25th, 2018, and non-compliance can result in hefty fines of up to €20 million or 4 percent of the annual global turnover, whichever is higher.
According to the GDPR, you are not allowed to track end-users without their consent. Thus, website owners that use tracking cookies on their websites and have visitors from the EU must have a appropriate solution for managing cookie consents.
It is crucial that the consent is given before the cookies are placed on the end-user’s device. Furthermore, the consent must be recorded and stored because it functions as documentation for that consent has been given. The consents must also be revocable.
Finally, the website owner must provide clear and concrete information about the cookies on the website and why they are there, so that consent is given on an informed basis.