Does Your Site Need Cookies?
This isn't really just about cookies - it is about cookies and the use of cookie banners. Have you ever wondered why some sites display a cookie consent notice and some don’t? Do you know whether or not your site should be displaying such a notice?
I am often asked by clients about cookies and consent notices. In this blog, I’ll help you figure out if your website needs to display a notice, explain what the notice should include, and how Drupal can help.
Why do some sites display a cookie consent notice?
A few years ago, a European Union (EU) Directive was adopted by all EU member countries to protect consumer privacy online. This had a direct relation to ‘cookies’ - the tiny text files that get downloaded onto a visitor’s device when they browse a website.
These files allow a website to recognize the user’s device and store details about their preferences. It helps make your next visit to the site even better by employing personalization tactics.
The EU directive (Cookie Law) means that users have a right to:
- Know if the site they are visiting is using cookies
- Know what data is gathered through the use of cookies and how that data is used
- Opt into or consent to, the use of cookies
Do you need to display a notice?
While you may be exempt if you don't have servers in the EU, a person in the European Union may file an objection under the Privacy Shield agreements.
So, maybe not, but probably yes.
It is an EU directive. Certainly, any person or organization that is physically located in the EU and has a website must adhere to the law, as does any website that targets EU consumers.
Canada and most of the United States, does not enforce the same cookies laws (at the time of writing) in the same way. However, it is increasingly becoming standard and considered best practice in data protection rights.
Does my site use cookies?
If you use any sort of analytics program, display advertisements or affiliate links, use a single sign-on authentication system or track visitors in any other way, then your site is using cookies.
If you have a Drupal site, cookies are certainly used for user authentication and for commenting; other Drupal modules use cookies in a wide variety of ways.
Does my site use cookies in a way that necessitates a cookie disclaimer?
Yes - if you use cookies for things like:
- Collecting visitor traffic so you, as a site owner, can tell where your visitors are coming from
- Keeping track of what sites users have visited and use that information to inform targeted advertising
- Recalling a user's choice for a specific landing page or website
What should a cookies notice include?
Let’s look at a few examples.
The most common way we see site present the cookies notice is with the display of a small banner at the top (header) or bottom (footer) of the landing page, with a link to the detailed privacy policy and a button to consent to the use of cookies and hide the banner.
Example of a cookies header banner:
See how this banner does the following:
- Lets visitors know the site is using cookies
- Provides a link for visitors to learn more about how the business uses the data it gathers
- Provides a way for visitors to consent to (accept) the use of cookies
A second example of a cookies banner:
See how this banner does the following:
- Lets visitors know the site is using cookies
- Provides a link for visitors to learn more about how the business uses the data it gathers and to refuse acceptance
- Clearly states that consent is implied if the visitor continues to use the site
The key difference between the two, is that one asks you to accept by clicking a button (active consent), the other tells you that your continued browsing or use of the site signals acceptance (passive consent).
Can Drupal Help Me?
There are some modules that help with the cookie acceptance process.
Some contributed modules available will provide you with a fully customizable banner that can be displayed at the top or bottom of the window and has full support for responsive and multilingual sites. Consent can be given actively by opt-in or out-out, or inferred automatically by clicking any link on the site.
We have also done some custom work for clients in this regard.
The rules for data privacy are in flux. My advice: The ethical way to operate online is in a way that enables people to take control of their personal data.
Still wondering if a cookie consent disclaimer is right for your website? Call me and let our Drupal experts help you.
--
Did you enjoy this article? Get more just like it by signing up to receive Digital Echidna’s free e-newsletter, delivered to your inbox every month. Subscribe today.