Almost every website in existence is running on cookies. Cookies are small text files containing bits of information about a website visitor and the majority of them are used for tracking website visitors for marketing purposes. Some cookies are mandatory for enabling the most basic functionalities of a website, while other cookies are designed for tracking end-users’ preferences and online behavior.
With the enforcement of the GDPR and the CCPA, website owners are required to tighten up their data managing procedures and provide transparency, i.e., through a cookie policy.
What is a cookie policy and what should it contain?
A cookie policy is a declaration of which cookies are running on your website, what kind of data the cookies track, why the cookies are tracking data, and where the collected information is sent to. Furthermore, the cookie policy should contain information on how to opt out or how to change cookie settings on your website.
A cookie policy can often be found together with a website’s privacy policy, though some website owners place the cookie policy on its own separate landing page. The easiest way to generate a comprehensive cookie policy for your website is to use an automated cookie scanner tool. These kinds of tools will crawl your website and detect all active cookies with the result being a thorough list of all your cookies and what they do and why etc.
What is the GDPR and how does it affect me?
The General Data Protection Regulation, or shortened as the GDPR, is a data privacy law that sets strict requirements for website owners on how to handle data collection. The gist of the GDPR is to give website users control over how their data is used with ‘transparency’ and ‘user consent’ being important keywords of the regulation.
The GDPR was enforced on May 25th, 2018, and failure to achieve compliance can potentially result in heavy fines of up to €20 million or 4% of an organization’s global yearly turnover. Hefty fines have already been issued.
Though the GDPR is a law for the European Union, the law not only applies for websites and users from within the borders of the European Union but also for websites that caters to and/or have visitors from the European Union.
What is the CCPA and how does it affect me?
The California Consumer Privacy Act, or shortened as the CCPA, is a state-wide data privacy law that sets requirements for business owners on how to handle personal information of California residents.
The CCPA shares many similarities with the GDPR, but the CCPA only applies for for-profit businesses that either:
- Sell personal information of more than 50,000 California residents annually
- Have an annual gross revenue higher than $25 million
- Or derive more than 50% of its annual revenue through the selling of personal information of California residents
In comparison, the GDPR applies to any type of organization, as long as they cater to or have users from the EU, and the GDPR also does not provide a revenue threshold.
The CCPA was enforced on January 1st, 2020, and it is the first and only data regulation law in the United States. Should a business fail to comply with the CCPA, then consequences can result in $7,500 per violation in addition to $750 per affected user in civil damages.
