We all know that there is GDPR that we need to meet (well, we should!) and now there’s a new one we need to be aware of that runs alongside called the ePrivacy Regulation.
Why do we need another data protection regulation? GDPR is in essence about ‘general’ personal data storage and processing. However, it was felt that there needed to be something more specific that managed the internet, data acquisition and spamming etc. Cue the update of the ePrivacy Directive.
One of the major aspects of ePrivacy updates is the clarification of cookie use that GDPR still left quite hazy.
Under the new regulations, you have to gain consent to use non-essential cookies on your website.
Non-Essential Cookies are cookies that are not necessary to ‘run’ you site. For example, if you have an online shop, cookies are necessary to make the shopping basket work. These are called essential cookies and you do not need consent for essential cookies.
Examples of non-essential cookies include:
- Google Analytics, Hotjar etc
- Facebook Pixels, LinkedIn
- Live chats or embedding videos
If you use anything like this you need to gain consent.
The other BIG change under the ePrivacy directive is that implied cookie consent is no longer acceptable. ‘If you continue to browse our website we assume you are happy with our cookie use’ should not be something that we see for much longer. We know what you’re thinking though. Everyone still has this kind of message, even big companies.
The thing is, it’s a new piece of legalisation and it’s early days. Vueling Air has recently been fined £30,000 for unlawful management of cookies on its website (due to the ‘implied consent’) and the Information Commissioners Office (ICO) is running a campaign to report your cookie concerns. The last thing you need is to be reported by a consumer over your cookies!