Cookie banners: how to quickly verify compliance with the GDPR
A review of the open source utility has recently been published , which helps to check the site's cookies for compliance with the GDPR.
Having read and once again puzzled by the need to install a cookie-banner for European visitors on my projects, I set out to examine the issue of cookies and GDPR in more detail.
/ Flickr / Marco Verch / CC BY / Photo changed
')
To begin with, let me remind you that GDPR is the European data protection regulation, which has been in effect everywhere since 2018. It is important to try to comply with it, if the business has at least some connections with Europe.
For many ordinary sites that do not store any personal data at all, compliance with the GDPR is limited to setting a cookie banner for visitors from Europe. For the most part, you need this in order not to allow giants like Google, Facebook or Yandex to track the behavior and preferences of Europeans.
You comply with the GDPR, if you do not install any cookies at all, or you set only cookies strictly necessary for the operation of the site. The European Commission gives examples of such cookies:
Installing strictly-needed cookies does not require consent. In all other cases, consent is necessary (clause 32 of the Preamble of the GDPR) and the cookie banner needs to be set.
You comply with the GDPR, if the established banner, before obtaining the consent of a visitor from the EU, blocks the loading of cookies that are not strictly necessary. These cookies include marketing (for example, Google Adsense cookies, Facebook, DoubleClick, Yandex.Direct), statistical (Google Analytics, Yandex.Metrica), and others that do not affect the functionality and operation of the site.
In other words, all advertising, statistical and similar cookies cannot be set without the consent of visitors from Europe. This, by the way, warns Google itself.
For a quick check of cookies there is 2GDPR . Check takes about a minute.
The analysis of the results itself takes more time. He spent several hours on his projects and client sites totaling more than 60. As a result, it turned out that only one out of five of them keeps the GDPR. Most of the problems were due to downloading without the consent of statistical cookies from Google Analytics. Some sites even had banners that did not block such cookies properly.
Having read and once again puzzled by the need to install a cookie-banner for European visitors on my projects, I set out to examine the issue of cookies and GDPR in more detail.
/ Flickr / Marco Verch / CC BY / Photo changed
')
To begin with, let me remind you that GDPR is the European data protection regulation, which has been in effect everywhere since 2018. It is important to try to comply with it, if the business has at least some connections with Europe.
For many ordinary sites that do not store any personal data at all, compliance with the GDPR is limited to setting a cookie banner for visitors from Europe. For the most part, you need this in order not to allow giants like Google, Facebook or Yandex to track the behavior and preferences of Europeans.
If there is no cookie banner on the site
You comply with the GDPR, if you do not install any cookies at all, or you set only cookies strictly necessary for the operation of the site. The European Commission gives examples of such cookies:
- session and created on the basis of user input. For example, retaining data about the goods in the shopping cart;
- sessional for authentication;
- sessional to play multimedia content. For example, media player cookies;
- sessional load balancing;
- used to detect unauthorized access and related to the functionality explicitly requested by the user for a limited period of time. For example, cookies that count the number of attempts to enter a password;
- user interface cookies: session or set up to several hours.
Installing strictly-needed cookies does not require consent. In all other cases, consent is necessary (clause 32 of the Preamble of the GDPR) and the cookie banner needs to be set.
If there is a cookie banner
You comply with the GDPR, if the established banner, before obtaining the consent of a visitor from the EU, blocks the loading of cookies that are not strictly necessary. These cookies include marketing (for example, Google Adsense cookies, Facebook, DoubleClick, Yandex.Direct), statistical (Google Analytics, Yandex.Metrica), and others that do not affect the functionality and operation of the site.
In other words, all advertising, statistical and similar cookies cannot be set without the consent of visitors from Europe. This, by the way, warns Google itself.
How to quickly check cookies
For a quick check of cookies there is 2GDPR . Check takes about a minute.
The analysis of the results itself takes more time. He spent several hours on his projects and client sites totaling more than 60. As a result, it turned out that only one out of five of them keeps the GDPR. Most of the problems were due to downloading without the consent of statistical cookies from Google Analytics. Some sites even had banners that did not block such cookies properly.
Source: https://habr.com/ru/post/457412/
All Articles