What is GDPR?
The General Data Protection Regulation (GDPR) was put into effect on May 25, 2018. It is the strictest privacy and security law in the world. It imposes obligations on companies anywhere in the world as long as they target or collect data from people in the European Union. Companies that violate the privacy and security standards will receive harsh fines from the GDPR.
The GDPR law is not so much about cookies, but the fact that there are cookies that collect personal data means that, besides complying with the GDPR, you also need to comply with the Cookie law.
This is what you need to know about the GDPR and Cookie law:
- The privacy legislation states that if companies process data for multiple purposes, they must ask permission from their website visitors for all these purposes. When it comes to collecting cookies, it means that companies must obtain permission for all cookies (necessary, analytics, and marketing cookies) separately.
- The law also applies a reverse burden of proof. As an organization, you must prove that the website visitor has permitted the cookies to be placed before you place them. In the case of non-sensitive cookies, you must also prove that the privacy of the website visitor has not been violated.
- A website visitor must be able to withdraw his or her permission at any time. It is important that organizations inform their visitors of how this works. They also have the right to inspect the collected data if he or she requests it.
Why the cookie law?
Placing cookies is, among other things, necessary for the functioning of a website, but they are also used to create a profile with detailed information about a website visitor. This profile is used by companies to advertise in a more targeted way.
The cookie law has come into force to protect website visitors and their privacy. This law not only aims to inform everyone about the placing of cookies but also gives them the possibility to refuse certain cookies.
What does the law contain?
The Telecommunications Act (Article 11.7a) lays down the rules for placing cookies on a website. It states that cookies may only be placed on a website if:
- The website visitor is clearly informed about the placement of cookies;
- The website visitor has given explicit permission for the placing of cookies; and
- Only after they have given permission may his or her information be read out and cookies be placed.
There are some exceptions to the cookie legislation, for example, necessary cookies, which are necessary for the functioning of a website. These cookies make little to no invasion of the privacy of a website visitor.
Types of cookies
The cookie legislation makes a distinction between privacy-sensitive and non-sensitive cookies. The following cookies are not privacy-sensitive cookies:
Analytical cookies are used on websites to, for example, keep track of visitor statistics. It gives a better insight into the functioning of a website. These cookies have hardly any impact on privacy.
For a website to function properly, functional cookies are required. These cookies keep track of, for example, what’s in a shopping cart.
However, an organization must ask permission for the following cookies:
Tracking cookies track individual surfing behavior and use this detailed information to create profiles for more targeted advertising.
Placing a cookie banner
Do you want to place a cookie banner because you place privacy-sensitive cookies? CookieLegit has a cookie banner that meets the requirements of the GDPR and the cookie law. Take a look at the different packages we offer or read more about the features of the CookieLegit cookie banner.