What I have been trying to do
I have been working with a designer and developer to revise our public facing website and migrate it to WordPress. As part of that exercise, I knew we were going to have to sort out our cookie notice. To be honest, I’d been putting it off because I didn’t know how to do it.
Cookie notices are often annoying. They pop up every time you visit the same website and that makes me want to scream. But the law says that you’ve got to have them and implement them properly. In practical terms I’ve been trying to get to the bottom of how we use cookies, explain that to users of our website, and give them the option to reject cookies if that’s what they want to do.
What are cookies?
Cookies are usually small text files with digital tags that are created and left on your device when you visit a website. There are two types of cookies – session cookies that last as long as you remain on the site and persistent cookies which exist for as long as is set within the cookie file itself.
Cookies are used for things like recognising your device so that you can remain logged into a particular website; remembering your preferences (such as language); and for marketing or analytics purposes. Cookies can be first-party cookies (set by and controlled by a website you visited) or third-party cookies (set by a company that is associated with a website you visited). Most cookies contain a unique ID, the details of the company responsible for dropping the cookie in your browser and details of how long the cookie should last.
Finding out what cookies our platform is using
The first thing I wanted to find out was which cookies are dropped when a user visits our website. I was told that the easiest way to find this out was to install the Web Developer extension on my Chrome browser and then, with our website open, click on ‘View cookie information’.
I was expecting to see some Google Analytics cookies; one controlling the cookie notice and another controlling session information for clients logging onto their Privacy Compliance Hub. What I wasn’t expecting were some odd looking cookies dropped by the social sharing buttons on our blog posts. We got rid of them in favour of privacy friendly alternatives.
Drafting a cookie policy
Based on my findings, I drafted a short cookie policy to explain what cookies we use and why. I decided to keep it separate from our privacy policy because I wanted to be as transparent as possible.
To get the cookie notice to show on our website, I then went looking for an application developed by a third party. Lots were packaged with other services I didn’t want. Some didn’t even seem to enable me to comply with the law. Others weren’t as straightforward, clear and transparent as I liked, or just looked awful.
What I found out about cookie notices
A scan finds even more cookies!
The cookie notice provider I chose scans our website to tell us what cookies we are using. I thought that I had found them all but there were more being dropped by LinkedIn, which were connected to an advertising test campaign we had done over a year ago! I got rid of those.
Getting the cookie notice to pop up is just the start
If you use Google Analytics and/or Google Tag Manager, you need to make sure that they are not dropping cookies before the cookie notice has even popped up. Otherwise users may choose not to accept Analytics cookies, but Google is dropping them anyway.
Cookie notices can mess up other things on your site
Once the cookie notice is implemented you need to test the functionality of your site. In our case, implementation of the cookie notice messed up our videos. That wasn’t a problem I’d anticipated.
Where did my cookie policy go?
The software I chose updates our cookie notice monthly. This effectively replaces my own carefully drafted cookie policy every month. This is great to keep things up to date, but it required a bit of tweaking so I was happy with how it looked and what it said.
Cookie notices don’t have to be annoying and incomprehensible
If you take the opportunity to understand cookies, your cookie notice and your cookie policy can be plain and simple, rather than confusing or annoying, as dramatised by Seán Burke and Stevie Martin.
It all works out for the best in the end
I learnt a lot about cookies. I learnt more about the law. And I learnt that what The Privacy Compliance Hub believes is true. If you take the time to understand privacy, you will care about privacy. And if you care about privacy, you will do what you can to protect personal information. You will also have the peace of mind of knowing that you are doing the right thing by your users.