What Is A Cookie Notice And How To Get It For Gdpr, Ccpa & Lgpd?

  • specific,
  • informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Is Cookie Consent Notice Important?

In short, yes. As per new data protection laws already enforced or in the process of being enforced, the first thing a user will see when they visit any site is the cookie consent notice. They can then decide whether they agree to all the cookies being stored on their device or whether they’d like to manage which cookies are stored.

Requirements for GDPR, CCPA, & LGPD Compliance

The most cumbersome part about having a reliable cookie notice is the need to alter it depending on which country the website is being accessed from. This is all down to the fact that most data protection laws have varying requirements for websites’ cookie notices.

GDPR

As per GDPR, a compliant cookie consent notice must:

  • Collect consent before processing a user’s data.
  • Document all records of collected consents.
  • Specify all the types of cookies and tracking technology it uses.
  • No pre-ticked checkboxes.
  • Enable users to revoke consent on each category of cookies.
  • Annual consent renewal.

CCPA

Cookie consent notice requirements under the California Consumer Privacy Act (CCPA) differ in some major categories from the GDPR. The first is the opt-out model, where a website can continue to store cookies and collect user data until the user opts out of having such data collected. Some requirements a business is still expected to comply with include:

  • Document all records of collected consents.
  • Specify all the types of cookies and tracking technology it uses.
  • Enable users to revoke consent on each category of cookies.

LGPD

The General Personal Data Protection Law (LGPD) places the following obligations on websites when implementing cookie consent notices online:

  • Identification of the data handlers purpose of processing.
  • Duration of the cookie’s storage.
  • Links to resources on how to withdraw consent.
  • Links to complain, correct, and transfer data.
  • An option to decline.

Cookie Notice Examples

Here are some examples of Cookie Notices from a few major websites indicating that there are different ways to notify users about cookies:

Ways to Notify Your Users About Cookies

A website has to take appropriate steps to ensure its users know about the cookies that might be stored on their device. To get their consent to store cookies, they must be appropriately notified. Some commonly used tools to ensure this includes:

Fixed Footer Notification

Considering how traditionally the footer has been used on websites to relay crucial legal information, this is considered the most effective way of notifying the users about cookies. A website can present a user with all their options, and the proper links to other important resources they may feel might help the user make an informed decision.

Top Header Notification

The main benefit of using a header notification to inform the user about cookies is that it is impossible to miss or ignore. Unless the user accepts or manages cookies appropriately, the header notification remains on each web page they visit. Like the footer, a website can include links to any appropriate resources.

Inline Top Header Notification

This is a variation of the top header notification. Instead of a separate section for the cookie consent text, the cookie notice is presented as part of the content on the website. While a lot more aesthetically pleasing, it is also helpful if you want to regularly gain your users’ consent if you make changes to your privacy policy, since this notice will be noticeable on the main content that a user may interact with rather than just the homepage of the website.

Box Notification

By far the most radical variation of the cookie consent notice, the box notification shows up on the screen when a user types in the URL. It’s a bit extreme, but it ensures a website has proper user cookie consent from each user before they can begin navigating the website. What sets it apart from the other tools is that unless the user takes an appropriate action to accept or manage their cookie, they cannot access the site.

How to Add Your Cookie Consent Solution Using Securiti

User consent has taken on an unprecedented level of importance in 2022. With all major countries in the world having operationalized or are operationalizing data protection laws, there is a greater responsibility on businesses and websites to elicit informed consent from their users and educate them on their rights.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store