Ticked a cookie law box ages ago and forgot about it since?
The ePrivacy Directive which implemented cookie law is currently undergoing a change, but the real issue is the EU GDPR.
It may not be until May 2018 before it is enforced, but the law is already in place and has already tightened up the rules, as well as increased the penalties for not obeying.
It is important to start the changes you will need to make now, especially if your company has a lot of websites.
Here are some of the most important points that the GDPR raises for cookie consent.
- Cookies can be personal data.
- Implied consent is no longer going to be compliant.
- Advice to adjust browser settings won’t be enough.
- ‘By using this site, you accept cookies’ statements will not be compliant.
- Sites will need an always available opt-out.
- Soft opt-in is likely the best consent model.
- Consent will need to be specific to different cookie purposes.
Most sites right now would fail on many of these criteria. But you will only need to fail on one of them to risk getting a fine under the GDPR.