Home Awesome What’s Happening With GDPR And ePR? Where Does CookiePro Fit In?

What’s Happening With GDPR And ePR? Where Does CookiePro Fit In?


What’s Happening With GDPR And ePR? Where Does CookiePro Fit In?

What’s Happening With GDPR And ePR? Where Does CookiePro Fit In?

Suzanne Scacca

2019 -0 5-23T10: 00:59+02: 00

2019 -0 5-23T10: 10:09+00: 00

( This is a sponsored article .) Is privacy an issue on the web? According to this ConsumerMan piece from NBC News a few years back, it is 😛 TAGEND

The Internet has become a serious threat to our privacy .– Jeff Chester of the Center for Digital Democracy

Your online profile is being sold on the web. It’s kind of crazy and it’s not harmless .– Sharon Goott Nissim of the Electronic Privacy Information Center

There are no limits to what types of information can be collected, how long it can be retained, with whom it can be shared or how it can be used .– Susan Grant of the Consumer Federation of America

While there’s been talk of introducing a “Do Not Track” program into U.S. legislation, the EU is the first one to actually take steps to make the Internet a safer place for consumers.

On May 25, 2018, the General Data Protection Regulation( GDPR) was enacted. Soon to follow will be the ePrivacy Regulation( ePR ).

With these initiatives consider industries accountable for the information they track and use online, web developers have to add another thing to their list of requirements when building a website 😛 TAGEND

The protection of user privacy.

In this post, we’re going to look at 😛 TAGEND

Where we currently stand with GDPR,

What alterations we’ve seen on the web as a result,

What’s coming down the line with ePR,

And take a look CookiePro Cookie Consent tool that helps web developers make their websites compliant now.

GDPR: Where Are We Now?

With the one-year anniversary of GDPR upon us , now is a great time to talk about what the updated legislation has done for online privacy.

GDPR Recap

It’s not like the EU didn’t have privacy directives in place before. As Heather Burns explained in a Smashing Magazine article last year 😛 TAGEND

All of the existing principles from the original Directive stay with us under GDPR. What GDPR adds is new definitions and requirements to reflect changes in technology which simply did not exist in the dialup era. It also stiffens up requirements for transparency, revealing and, process: the lessons from 23 years of experience.

One other key change that comes with moving from the previous privacy directive to this privacy regulation is that it’s now consistently implemented across all EU countries. This constructs it easier for businesses to implement digital privacy policies and for governing bodies to enforce them since there’s no longer any question of what one country has done with the implementation of the law. It’s the same for all.

What’s more, there are clearer guidelines for web developers that are responsible for implementing a privacy solution and notification on their clients’ websites.

Has GDPR Led to Any Changes in How Websites Handle Data?

It seems as though many companies are struggling to get compliant with GDPR, based on a test done by Talend in the summer of 2018. They sent data requests to over a hundred companies to see which ones would provide the requested information, per the new GDPR guidelines.

Here is what they found 😛 TAGEND

Only 35% of EU-based companies complied with the requests while 50% outside of the EU did.

Merely 24% of retail companies reacted( which is alarming considering the kind of data they collect from consumers ).

Finance companies seemed to be the most compliant; still, only 50% responded.

65% of companies took over 10 days to respond, with the average response time being 21 days.

What Talend indicates, then, is that digital services( e.g. SaaS, mobile apps, e-commerce) are more likely to fall in line with GDPR conformity. It’s the other companies — those that didn’t start as digital companies or who have older legacy systems — that are struggling to get onboard.

Regardless of what actions have been taken by industries, they know they must do it.

A 2018 report published by McDermott Will& Emery and Ponemon Institute showed that, despite businesses’ inability to be compliant, they were scared of what would happen if they were found not to be 😛 TAGEND

GDPR report - failure to comply costs

Data on what businesses believed to be the greatest costs of failing to comply with GDPR.( Source: McDermott Will& Emery and Ponemon Institute)( Large preview)

Those that said they feared fiscal repercussions were right to do so. The GDPR assess fines based on how severe the infringement is 😛 TAGEND

Lower level offenses result in fines of up to EUR1 0 million or 2% of the the revenue constructed in the prior fiscal year.

Upper level offenses result in fines of up to EUR2 0 million or 4 %.

Some high-profile cases of fines have already popped up in the news, too.

Google received a EUR5 0 million penalty for committing a number of violations.

Mainly, the issue taken with Google is that it buries its privacy policies and consent so deep that most consumers never find it. What’s more, a lot of their privacy policies are ambiguous or unclear, which leads users to “Accept” without truly understanding what they’re accepting.

Facebook is another company we shouldn’t be too surprised to see in GDPR’s crosshairs.

Their penalty was only for PS500, 000. That’s because the fine was assessed for grievances issued between 2007 and 2014 — before GDPR went into place. It’ll be interesting to see if Facebook changes its privacy policies in light of the much larger sum of money they’ll owe when another inevitable breach occurs.

It’s not just the monetary penalty businesses should be nervous about when failing to comply with GDPR.

Stephen Eckersley of the UK Information Commissioner’s Office said that, after the GDPR went into effect, the amount of data breach reports increased exponentially.

In June of 2018, there were 1,700 reports of companies in violation of GDPR. Now, the average is roughly 400 a month. Even so, Eckersley estimates that there will be double the amount of reports in 2019 than there were in previous years( 36,000 vs. 18,000 ).

So , not only are the governing bodies willing to penalize industries for failure to comply. It seems that consumers are fed up enough( and empowered !) to report more of these violations now.

Let’s Talk About ePR For A Second

The ePrivacy Regulation has not yet become law, but it’s expected to soon enough. That’s because both GDPR and ePR were drafted to work together to update the old Data Protection Directive.

ePR is an update to Article 7 in the EU Charter of Human Rights. GDPR is an update to Article 8.

EU Charter of Human Rights

The Freedoms laid out by the EU Charter of Human Rights.( Source: EU Charter of Human Rights)( Large preview)

Although they’re separately defined, it’s best to think of ePR as an enhancement of GDPR. So , not only do businesses have to take care with data collected from people, the ePR says that they have to be careful with protecting the identity of individuals, too.

As such, when the ePR rolls out, all digital communications between business and consumer will be protected. That includes 😛 TAGEND

Skype chats

Facebook messages

VoiP calls

Email marketing

Push notifications

And more.

If a consumer has not expressly given permission for a business to contact them, the ePR will proscribe them from doing so. In fact, the ePR will take it a step further and dedicate more control to consumers when it comes to cookies management.

Rather than showing a pop-up consent notice that asks “Is it okay if we use cookies to store your data? ”, consumers will decide what happens through their browser settings.

However, we’re not at that point yet, which entails it’s your job to get that notice up on your website and to make sure you’re being responsible with how their data is collected, stored and used.

What Web Developers Need To Do To Protect Visitor Privacy

Do a search for “How to Avoid Being Tracked Online” 😛 TAGEND

A sample Google search

Search for “How to Avoid Being Tracked Online” on Google.( Source: Google)( Large preview)

There are over 57 million pages that appear in Google’s search results. Do similar keyword searches and you’ll also find endless pages and forum submissions where customers express serious concerns over the information gathered about them online, wanting to know how to “stop cookies”.

Clearly, this is a matter that holds customers up at night.

The GDPR should be your motivation to go above and beyond in put their minds at ease.

While you probably won’t have a hand in the actual data management or utilization of data within the business, you can at least help your clients get their websites in order. And, if you already did this when GDPR initially was legislated , now would be a good time to revisit what you did and make sure their websites are still in compliance.

Just make sure that your client is safely handling visitor data and protecting their privacy before providing any sort of privacy consent statement. Those statements and their adoption of them are worthless if the business isn’t actually fulfilling its promise.

Once that part of the compliance piece is in place, here’s what you need to do about cookies 😛 TAGEND

1. Understand better how Cookies Work

Websites allow businesses to gather lots of data from guests. Contact forms collect info on leads. eCommerce gateways accept methods of payment. And then there are cookies 😛 TAGEND

Cookies are pieces of data , normally stored in text files, that websites place on visitors’ computers to store a range of information, usually specific to that visitor — or rather the device “theyre using” to view the site — like the browser or mobile phone.

There are some that collect bare-bones details that are necessary to provide guests with the best experience. Like preserving a logged-in session as visitors move from page to page. Or not displaying a pop-up after a visitor rejected it on a recent visit.

There are other cookies, usually from third-party tracking services, that pry deeper. These are the ones that track and later target visitors for the purposes of marketing and advertising.

Regardless of where the cookies come from or what intent they serve, the fact of the matter is, consumers are being tracked. And, until recently, websites didn’t have to inform them when that took place or how much of their data was stored.

2. Don’t Use Cookies That Are Irrelevant

There’s no get around the usage of cookies. Without them, you wouldn’t have access to analytics that tell you who’s visiting your website, where they are from and what they’re doing while they’re there. You also wouldn’t be able to serve up personalized content or notifications to keep their experience with the site impression fresh.

That said, do you even know what kinds of cookies your website utilizes right now?

Before you go implementing your own cookie consent notice for visitors, make sure you understand what exactly it is you’re collecting from them.

Go to the CookiePro website and operate a free scan on your client’s site 😛 TAGEND

CookiePro website privacy scan

CookiePro offers a free website privacy scan.( Source: CookiePro)( Large preview)

After you enter your URL and start the scan, you’ll be asked to provide just a few details about yourself and the company. The scan will start and you’ll receive a notice that says you’ll receive your free report within 24 hours.

Just to give you an idea of what you might see, here are the report outcomes I received 😛 TAGEND

CookiePro scan

CookiePro runs a scan on all data collection components and trackers.( Source: Cookie Consent)( Large preview)

As you can see, CookiePro does more than just tell me how many or which cookies my website has. It also includes kinds that are gathering data from guests as well as tags.

Be sure to review your report carefully. If you’re tracking data that’s completely unnecessary and unjustified for a website of this nature to get ahold of, that needs to change ASAP. Why put your clients’ business at risk and compromise guest trust if you’re gathering data that has no reason to be in their hands?

CookiePro scan results

CookiePro’s cookies report tells you what purpose they serve and where they are from.( Source: Cookie Consent)( Large preview)

Note: if you sign up for an account with CookiePro, you can run your own cookie audit from within the tool( which is part of the next step ).

3. Provide Transparency About Cookie Usage

GDPR isn’t trying to discourage business from use cookies on their websites or other marketing channels. What it’s doing, instead, is encouraging them to be transparent about what’s happening with data and then be responsible with it once they have it.

So, once you know what sort of cookies you’re utilizing and data you’re handling, it’s time to inform your visitors about this cookie usage.

Keep in mind that this shouldn’t merely be served to EU-based guests. While those are the only ones protected under the regulation, what could it hurt to let everyone know that their data and identity are protected when they’re on your website? The remainder of the world will( hopefully) follow, so why not been very active and get permission from everyone now?

To provide transparency, a simple entry notice is all you need to display to visitors.

For example, here is one from Debenhams 😛 TAGEND

Debenhams cookies notice

This is an example of a cookies notice found on the Debenhams website.( Source: Debenhams)( Large preview)

As you can see, it’s not as simple as asking visitors to “Accept” or “Reject” cookies. They’re also given the option to manage them.

To add your own cookies entry banner and advanced alternatives, use CookiePro’s Cookie Consent tool.

Signup is easy — if you start with the free plan, it takes only a few seconds to sign up. Within an hour, you’ll receive your login credentials to get started.

Cookie Consent dashboard

A peek inside the CookiePro Cookie Consent Dashboard.( Source: Cookie Consent)( Large preview)

Before you can create your cookie consent banner, though, you must add your website to the tool and operate a scan on it.( You may have already completed that in the prior step ).

When the scan is complete, you can start creating your cookie flag 😛 TAGEND

Create banner with Cookie Consent

Creating a cookie banner within the Cookie Consent tool.( Source: Cookie Consent)( Large preview)

By publishing a cookie consent banner to your website, you’re taking the first big step to ensuring that guests know that their data and identity is being protected.

4. Make Your Cookie Consent Form Stand Out

Don’t stop at simply adding a cookie flag to your website. As Vitaly Friedman explained 😛 TAGEND

In our research, the vast majority of users willingly offer consent without read the cookie notification at all. The reason is obvious and understandable: many customers expect that a website’ probably wouldn’t work or the content wouldn’t be accessible otherwise.’ Of course, that’s not inevitably true, but users can’t know for sure unless “theyre trying” it out. In reality, though , nobody wants to play ping-pong with the cookie permission inspire and so they click the permission away by choosing the most obvious alternative:’ OK.’

While ePR will eventually rid of us of the above issues, you can do something about it now — and that’s to design your cookie consent sort to stand out.

A word of caution: be careful with using pop-ups on a mobile website. Although consent sorts are one of the exceptions to Google’s penalty against entry pop-ups, you still don’t want to compromise the visitor experience all for the sake of being GDPR compliant.

As such, you might be better off using a cookie flag at the top or bottom of the site and then designing it really stand out.

What’s nice about CookiePro is that you can customize everything, so it really is yours to do with as you like. For example, here is one I designed 😛 TAGEND

Cookie Consent preview

A preview of a cookie permission banner built with Cookie Consent.( Source: Cookie Consent)( Large preview)

You can change 😛 TAGEND

Text colouring

Button color

Background color.

You can write your own copy for each element 😛 TAGEND



Cookie policy note

Cookie policy settings

Accept button.

And you get to decide how the banner will function if or when visitors engage with it.

5. Educate Visitors on Cookies

In addition to giving your cookie consent banner a unique appear, use it as a tool to educate guests on what cookies are and why you’re even using them. That’s what the Cookie Settings area is for.

With Cookie Consent, you can inform guests about the different types of cookies that are used on the website. They then have the choice to toggle different ones on or off based on their convenience level.

That’s what’s so nice about CookiePro taking care of the cookie scan for you. That style, you know what kinds of cookies you actually have in place. All “youve got to” do, then, is going to see your Cookie List and select which descriptions you want to display to visitors 😛 TAGEND

Cookie List feature in CookiePro

CookiePro lets you educate guests about cookies used on the site.( Source: Cookie Consent)( Large preview)

Just make sure you explain the importance of the most basic of cookies( “strictly necessary” and “performance) and why you recommend they leave them on. The rest you can provide explanations for in the hopes that their response will be, “Okay, yeah, I’d definitely like a personalized experience on this site.” If not, the choice is theirs to toggle off/ on which kinds of cookies they want to be shown. And the Cookie Consent tool can help.

In other terms, a cookie permission bar is not some superficial attempt to get consent. You’re trying to help them understand what cookies do and give them the power to influence their on-site experience.

Wrapping Up

There’s a lot we have to be thankful for with the Internet. It shuts geographic gaps. It presents new opportunities for doing business. It enables consumers to buy pretty much anything they want with merely a few clicks.

But as the Internet ripens, the ways in which we build and use websites become more complex. And not just complex, but risky too.

GDPR and ePR have been a long time coming. As websites gather more data on customers that can then be used by third parties or to follow them to other websites, web developers need to take a more active role in abiding by the new regulations while also set visitors’ intellects at ease. Starting with a cookie permission banner.

Smashing Editorial

( ms, yk, il)

Read more: smashingmagazine.com


Please enter your comment!
Please enter your name here