What You should know about Cookies, Privacy Policies and the GDPR
Often when we are browsing on the internet, we click on websites that inform us that the company is using cookies. Cookies are small text files which are downloaded from a website to the website’s users’ computers. They are used to collect information about that user. Cookies collect data ranging from web browsing history, in-website browsing history, and the user’s location to personal information such as name, address, phone number, email address, and the names of friends, associates and family members. And the ability of software to scan your photo is currently under development!
There are several types of cookies including session cookies, persistent cookies and first and third-party cookies. Session and persistent cookies refer to the length of time the cookie collects data whereas first and third-party cookies refer to the organization placing the cookie.
Session cookies collect data only during the browser session. They are the least privacy-invasive, usually used only for remembering logins and user selections. Persistent cookies are stored on the website user’s browser. Data is collected from each session and sometimes across websites. The data collected is used to track user preferences and target marketing directly to those preferences.
First-party cookies are placed by the organization whose website the user is visiting. Third-party cookies are placed by separate organizations, usually those organizations have links embedded in the website that the user is visiting. Examples of third parties from whom cookies can be placed include Google Analytics, Share This and Google AdWords and Remarketing. First and third-party cookies usually are the most privacy-invasive as they are used to collect our personal data.
Usually, the company will give us benign reasons for using cookies including providing a better customer experience, offering targeted advertising, enabling easier navigation and prepopulating forms. Cookies usually save login information and can save personal information that you enter, for example, the address and credit card data that you use when making an online purchase. Although this improves your user experience by increasing the convenience of your user journey, your private data may be at risk. Whether or not you enter personal information, cookies collect your IP address and from that, the organization can identify you!
Moreover, cookies usually benefit the company far more than the user. Organizations use the data collected through cookies for a variety of purposes such as regional and marketing analytics. Some may even sell your data to other organizations that use it for marketing purposes.
Do we have to accept cookies?
What are Privacy Policies?
- Business Name and Contact Information
- Types of personal data collected
- Why this data is collected
- How the data is used
- How the data is shared with third parties
- How to opt out of data collection
Privacy policies are required by law in many nations. Some nations that have legal requirements for data privacy include the United States, the countries included in the European Union, Australia, Canada, India, Singapore, and South Korea. In the US, the Federal Trade Commission regulates data privacy. In the EU, data privacy is regulated by the GDPR.
Cookies, Privacy Policies and the GDPR
For those of you who are citizens of countries in the European Union, the GDPR requires organizations to provide specific protections for the private data that they collect. The General Data Protection Regulation or GDPR has been in place since the end of May 2018. It protects the rights of EU individuals’ personal data from misuse, data handling errors and data sharing where there is no consent or legal basis. The GDPR designates six legal basis that must be applied to the collection of an individual’s personal data. These are:
- Legal Obligation
- Vital interests
- Public Task
- Legitimate Interests
The GDPR also provides individuals with certain rights regarding their personal data. Those rights are:
- The right to be informed
- The right of access
- The right of rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision-making and profiling
One of the most important protections that the GDPR provides is the right of EU citizens to opt out of receiving marketing materials from the organizations whose websites they visit. Often, organizations would require website visitors to check or the organization would precheck boxes “requesting” marketing materials. Sometimes, the user would be unable to continue their intention, for example registering for a webinar, without agreeing to accept marketing. According to the GDPR, organizations are not allowed to use any personal information to send marketing materials unless they can meet the legal basis of legitimate interest. For example, organizations have legal basis to send marketing materials to current clients. Legal basis is not a requirement for sending marketing materials to citizens of countries other than those of the EU.
Data privacy is a major concern for everyone, especially those who use the internet. Almost every day, we hear of yet another instance where organizations have had data breaches that affected millions of customers’ private data. For citizens of the EU, the GDPR regulates data protection; however, ultimately, we are all responsible for managing and protecting our personal information, especially when we provide it to organizations through their websites.