Is Your Website Compliant with Cookie Laws?

It’s easy to put your website at the farthest corner of your to-do list, but smart business owners know that doing so could put them at a disadvantage and even get them in hot water. Let’s take a quick look at one key consideration you should make to keep yourself on the up-and-up: cookies and the laws surrounding them.

DISCLAIMER: We are not lawyers, and this is not legal advice. Seek out representation if that is what you are looking for.

What are Cookie Laws, and Do Businesses in the US Need to Comply with Them?

You’ve definitely come across websites with a little popup that says, “This website uses cookies!” and makes you confirm that you are okay with that.

This popup comes from the EU Cookie Law, or the ePrivacy Directive. The first EU cookie law came into effect in 2002 and was amended in 2009. With the release of the GDPR (General Data Protection Regulation) in 2016, the importance of data privacy, including cookies, has come into play a lot more.

Everyone is welcome to their own opinion on this, but when it comes to protecting a user's personal information, the GDPR is fair but powerful legislation that gives users control over their personal information. It covers any organization and any business that potentially does business with citizens and entities within the EU.

That being said, the GDPR has been influential, and state-level regulations, such as the California Consumer Privacy Act (CCPA) and the Virginia Consumer Data Protection Act (CDPA), have adopted many of its parts and made them their own. 

The short answer is this: No federal laws in the US regulate the use of cookies, but some states consider cookies personal information and have guidelines regarding them.

Aren’t Cookies a Required Part of the Internet?

They sure are. 

These days, just about every single website uses cookies. If your website has any login functionality (even a backend) or does any sort of metric tracking for analytics, it likely uses cookies. 

Sure, there are some fancy ways around this, but most businesses aren’t building and coding their websites by hand just to avoid using standard web practices (nor should they).

These days, cookies are a fact of life, and unfortunately, the average American user doesn’t really understand what cookies are or what they do, so they don’t know if, when, or why they should agree to them or not. It will likely get better, as more prominent entities have to comply with the GDPR and therefore, cookie policies are showing up more frequently.

It also puts your business at a disadvantage. After all, you are now asking each visitor if they want to be tracked or not—of course, you want to track them. That’s how you gain insight into how your website and marketing are performing, and how dare anyone tell you that you can’t collect that data and use it to make informed decisions on your marketing budget!

It’s a double-edged sword.

What Does My Website Need to Meet the GDPR and Cookie Laws?

Establishing your privacy policy will be the hardest part. 

We’d love to give you one to use, but we don’t know how you handle your data once you have it. However, we have a template you can start with, so don’t hesitate to ask us about it.

Once you have your privacy policy, we can set up a GDPR-compliant cookie plugin on your website that displays the cookies your website is using and allows users to opt-in or out. There are simple free plugins that let your users simply opt-in or leave—but we recommend a GDPR-compliant plugin that can have them accept all cookies or only the necessary cookies your website requires (the session cookies, but not the tracking, functional, targeting, or performance cookies). 

We have a few options for these plugins, depending on your website. There’s a small yearly fee for them, but it’s extremely nominal in the grand scheme of things.