The pre-GDPR era saw website owners giving little to no attention to using tracking cookies. They were not worried about the consequences of tracking user behavior on the website. The privacy laws did not suggest any standard for using cookies. However, the arrival of privacy regulations like the GDPR was a turning point. With its strict regulations and detailed standards for best privacy practices, it changed the game. Now one of the biggest or goals of a website is to become GDPR compliant. And in that, cookie consent has become the highlight of a website’s GDPR compliance.
The need for cookie consent paved the way for many cookie consent solutions that sometimes went above and beyond to meet customer expectations and, at the same time, ensure compliance with privacy laws. One such product is CookieYes. I will tell you all about it in this article. Before that, you must understand what the GDPR is all about and how cookie consent is a crucial part of it.
What is GDPR?
The General Data Protection Regulation (GDPR) is a regulation for protecting the personal data and privacy of people within the EU and EEA. With its rules and standards for privacy practices, it gives people more control over their data.
The GDPR applies to any organization that collects and processes the personal data of individuals in the EU. It does not matter whether the organization is established in the EU or EEA.
The regulation came into effect on May 25, 2018, two years after it was adopted in April 2016. Ever since then, many EU and EEA member states have adopted and incorporated the regulation into their privacy laws.
The main highlights and requirements of the GDPR are:
- Disclose any data collection, its purpose, legal basis, how long it is being stored, and where it is being shared (cross-border transfer and third parties).
- Do not collect personal data more than necessary for the purpose of processing, and only store them as long as it is necessary. Ensure accuracy and safety and security of the personal data you collect and store.
- Keep proper documentation to demonstrate proof of compliance.
- The data processing must satisfy at least one lawful basis to be legal.
- Consent, one of the lawful bases, must be freely given , informed , specific , and unambiguous . It must be easy to withdraw consent .
- Make provisions for the people to request and exercise their GDPR rights .
- Appoint a Data Protection Officer (DPO), where there is large-scale processing that might put the rights and freedom of people at risk. DPOs are responsible for training for and supervising compliance in an organization.
- In the case mentioned above, conduct Data Protection Impact Assessment (DPIA).
- Data breach must be reported to the relevant authority and the affected individual within 72 hours of knowing it. The report must explain the data affected, its consequences, actions taken or will be taken, and actions the individuals can take.
- Non-compliance with the GDPR could result (depending on the severity of the violation) in fines up to €20 million or 4% of the annual global turnover, whichever is higher.
Cookie consent under GDPR
Cookies must not be a new term for anyone who owns a website or has worked in its development. And, then the last few years have seen a lot of discussion around its use in websites and the rise in privacy concerns.
Tracking cookies have been causing some raised eyebrows among privacy regulators. These are the ones that monitor the users’ movement on the website and then, accordingly place targeted advertisements. Some tracking cookies are used for analytics purposes, such as tracking conversions. Such cookies, which are not essential for a website’s basic functioning, have come under the scrutiny of various privacy laws.
Interestingly, the GDPR mentions cookies only once. Yes, once!
Recital 30 of the GDPR mentions cookies as one of the identifiers that will leave traces online. These traces can identify a person when combined with other information.
Hence, why the GDPR will apply to internet cookies.
Cookie consent must follow all the requirements for using consent as a legal basis under the GDPR. That is, for a cookie consent to be valid, it must be:
- Freely given: the visitors must not feel compelled to give consent or there should not be any non-negotiable terms where they have to accept cookies to access the website.
- Specific: Be clear about why you want to use the cookies. Each category of cookies must have specific purposes and the users must be able to selectively opt-in for them.
- Informed: You must provide adequate information about cookies such as the type of cookies the website will store, the purpose for using cookies, what they are consenting to, and how they can withdraw their consent before giving their consent.
- Unambiguous: If the user scrolls through the web page or closes the cookie consent banner without interacting with it, it does not constitute valid consent. Such a system of registering positive consent even if the users have not explicitly expressed their consent is unlawful. The website can only store non-essential cookies upon receiving the user consent that was expressed via an affirmative action (e.g. clicking on the ‘accept’ or ‘agree’ button).
- Revocable: The user must be able to withdraw their cookie consent once regard at any time. The concept is simple – make withdrawing consent as easy as it was to give it. And, once they revoke the consent, the website must immediately stop processing via the tracking cookies.
- Provable: A website must be able to prove that it has received consent from its users to use the non-essential cookies. There must be a system to record the cookie consents.
It is time to see how you can achieve all of this.
Why CookieYes cookie consent solution?
CookieYes is a cloud-based cookie consent solution for a website to comply with the GDPR cookie requirements. It is developed by the same team behind the GDPR cookie consent WordPress plugin, which recently hit 1 million active installations.
If you are a website owner or administrator looking for a simple yet powerful and cost-effective cookie consent solution for your website, then CookieYes is the product for you.
Often, we have seen internet users complain of messy cookie banners on every page that blocks the content. People love their privacy, but not at the cost of a bad user experience (UX). Privacy and UX can go hand-in-hand.
The website owners also have to ensure that the website must not load any third-party cookies before obtaining user consent. However, it is a complicated process to identify these cookies and block them. Therefore, it is the need of the hour to have a cookie consent solution that can offer features that align with the GDPR requirements.
With a 4.7 (of 5) stars rating on Capterra , CookieYes has been impressing customers since its launch. Its users have nothing but appreciation for its feature-packed service for GDPR cookie compliance and top-notch customer support.
We have put together this review to help you understand this product and make your search for the best cookie consent solution easier.
Features offered by CookieYes
Let’s look at some of the major features offered by the cookie consent solution:
Full customization of the cookie banner
CookieYes’ completely customizable cookie banners give customers more control over how the banner should look. They can decide the layout, color, and even the content of the consent banner and all the buttons and links on it. What is even more impressive is auto-recommendation for the banner color scheme as per your website’s.
In the premium plans (Basic, Pro, or Ultimate), you can also add custom CSS scripts for unique styles or elements to let users change consent at any time.
Choose from 16 languages for the banner and the preferred language you want the banner translation.
You can decide the behavior of the banner upon user action and make the banner visible to only the EU visitors (premium plan feature).
There is also an option to hide the CookieYes logo and add your custom logo.
Granular cookie preferences for visitors
You can give your users granular control over the cookies. The cookie preferences settings will allow you to let the users have selectively opt-in or opt-out of cookies based on their category.
Automatic blocking of third-party cookies
CookieYes automatically blocks cookies from third parties, such as Google Analytics, Facebook Pixel, Hotjar, and YouTube, until you get user consent.
You can manually add cookies and scripts under different cookie categories and disable pre-loading. Then, you can give the control to the visitors to enable or disable them.
Automatic cookie scanning of the website
It automatically scans your website for cookies after the setup and adds them with their details to your cookies list. It will help you identify the non-necessary (non-essential) cookies your website uses and control its default consent status.
User consent logging
To be in line with GDPR’s principle of accountability and keeping proof of consent, CookieYes will let you enable consent logging. You can record the user consent registered via the cookie banner.
It will display the IP address, consent status, country, and time and date. You can export the details as a CSV file for record-keeping purposes (IP addresses are not stored in the CSV file) for demonstrating proof of consent, in case of an audit.
Cookie audit table on the website
CookieYes lets you add a cookie list or audit tables (CSS customization) inside your cookie consent banner as well as on your website. The cookie list helps to give the visitors information, such as type, duration, and purpose, about the cookies the website uses.
You can either copy the text or the HTML and add it to your website.
Multilingual website support
We have already mentioned this, however, this is a great feature. CookieYes supports multilingual websites as you can set the cookie consent banner in 16 languages spoken worldwide. You can even edit the content in your preferred language (from the list).
The premium version (Basic, Pro, and Ultimate) supports the auto-translation of the banner.
How to set up the cookie consent banner on your website?
Setting up CookieYes is simple. You can install a cookie banner on your website by following these steps.
- Go to CookieYes sign up page and fill in the signup form to get started.
- Choose the preferred banner template from the four options available: Classic, Banner, Box, or Recommended.
- Customize the cookie banner or skip to the next step.
- Copy the installation code and paste it between <head> and </head> tags of your website
Help documentation for various content management platforms is available for guiding you through the installation process.
…. And you are done!
Check your website to see the cookie consent banner on the web page.
You can also customize the cookie banner later after you have added the installation code. Any changes you save will be reflected in the banner on your website.
CookieYes is free to use for all users. The premium plans give you advanced features, such as:
- multiple domains,
- CSS customization,
- custom branding,
- Geo-targeted display of the cookie banner,
- Auto-translation of the cookie banner,
- cookie scan for more number of web pages,
- more number of consent logging, and
- premium support.
CookieYes might be just one of the products that offer cookie solutions for GDPR compliance. However, it can give others a run for their money. Its low price (compared with other products) and excellent customer support (evident from the reviews) are just the icings on the cake.
CookieYes now offers a 14-day free trial with all premium (basic plan) features. Sign up today and let us know if you like it.