What are Cookies?
What exactly are cookies and when we’re accepting them, what are we signing up for? There are a few different types of Cookie, but they primarily fall under the umbrella of being key-value data that is stored by your browser which is then sent back to the web server.
They carry your information from one web session to another and saves a server from having to deal with huge amounts of data storage whilst building a profile on your browsing habits. This might sound very Orwellian but if you’ve ever logged into a website such as Facebook or Asos, cookies are what keeps you from having to log in every time you travel to a new page on that website.
There’s no denying however, that they are also being used to target you with advertising. For instance, ever found when you’re shopping for the latest satin kimono from Amazon, that adverts for related products follow you everywhere you go? That’s because Amazon issued a cookie onto your machine that has identified that you want to buy a satin Kimono. They sell a product that you have shown an interest in, thereby flag posting an intent to purchase. You’re looking for a product, they sell that product, and they’re fighting to get their shop in front of you before any of their competitors do.
As mentioned above, there are many different types of cookies that you could encounter online:
- Session Cookies – temporary cookies stored until your browser is closed – usually used for shopping carts and other short term interactions
- Persistent Cookies – The website tags you with this type of cookie with an expiration date. They last even after the browser is closed, typically used for interactions such as clicking on the ‘remember me’ button when logging in.
Why do I need a cookie notification message?
With GDPR and online privacy becoming more prominent in the public mindset, you must tell anyone visiting your website that you are collecting data on them and storing cookies on their machines and give them the option to say no. With the potential for hefty fines if you don’t, you’d better get a notification message up there quick!
What does my cookie policy need to say?
This is a question we get asked frequently by clients, the quick but not so helpful answer is it all depends, it is subject to the cookies you are using and what they are used for. Termly.io is an online platform that will draft together a templated policy for you.
If you use a lot of cookies on your website (not just Google Analytics) it is always advisable to seek legal advice just to be safe. Your cookie policy can have it’s own page or can sit within your privacy policy notice but it must be easily accessible by users, we suggest placing a small text link in your website footer.
How can I make a cookie notification that isn’t annoying?
The best kind of notification is one that your user can easily acknowledge and stands apart from the rest of the site without being obtrusive whilst being very easy to click and dismiss. There are many websites around today that load up on mobile with the majority of the page being covered in one big cookie disclaimer. Not only this, but you then have to navigate through ten different steps to get rid of it. This is an incredibly easy way to get your visitors to turn around and leave before you’ve even shown them anything! As website designers and developers it is our responsibility to make sure that the cookie notification does its job, but doesn’t become annoying or distracting.
One of the most effective cookie notification formats is a simple pop up notification in the bottom right hand corner. You might read pop up cringe, but the banners you often see at the tops of pages either go unnoticed or cover huge amounts of your website, and often don’t get clicked on which means they’re covering up potential important information whilst damaging your user’s experience in the progress.
It’s always a good idea to double-check you have the right information on your cookie notification as well. Generally speaking best practice is to include:
- The option to accept or decline cookies
- A link to your cookie policy
- The option to click through to ‘cookie preferences’ where the user can change their settings
- A link to your privacy policy and terms of use.
What you need changes depending on what type of cookies your website is using. If in doubt always seek professional help from a lawyer.
Do we actually need to be using them?
If you have cookies on your site, GDPR stipulates that you absolutely must notify your visitors, it’s as simple as that.
However with the awareness on internet privacy only rising, many people are uncomfortable with the idea of cookies being stored on their computer, and you might just hate having to notify them at all! There are in fact some alternatives to cookies but they all have different strengths and weaknesses.
Web SQL, IndexedDB and Webstorage are different options that can be used to store information on a users computer. They allow a website to quickly read information it might need, particularly for keeping visitors logged into their accounts instead of them having to log in to your website with every new visit.
Otherwise there are services that use your IP address and user agents on your browser to identify you rather than cookies. Advertising ID from Google tracks using its Chrome browser installation and Android devices. IDFA is the same such service from Apple that works for iOS and Mac users on Safari. These options2 suffer from being very good at tracking but not capturing the whole picture.
Still not sure if you need a cookie pop up or not? Use termy.io to check if you are compliant and that also shows you the cookies that are being used on your site in seconds.
