Cookie Banners: How to Quickly Check Compliance with GDPR
Recently, an overview of the open source utility has been published , which helps to check site cookies for GDPR compliance.
After reading and once again perplexed by the need to set a cookie banner for European visitors on my projects, I undertook to study the issue of cookies and GDPR in more detail.
/ Flickr / Marco Verch / CC BY / Photo changed
To start, I remind you that GDPR is the European Data Protection Regulation, which has been in force everywhere since 2018. It is important to try to comply with it if the business has at least some ties with Europe.
For many regular sites that do not store any personal data at all, GDPR compliance is limited to setting a cookie banner for visitors from Europe. For the most part, you need this to prevent giants like Google, Facebook or Yandex from tracking the behavior and preferences of Europeans through them.
You comply with the GDPR if you do not set any cookies at all or set only cookies strictly necessary for the operation of the site. The European Commission gives examples of such cookies:
Setting strictly necessary cookies does not require consent. In all other cases, consent is necessary (clause 32 of the GDPR Preamble) and a cookie banner must be set.
You comply with the GDPR if the installed banner blocks the downloading of cookies that are not strictly necessary before obtaining the consent of the visitor from the EU. These cookies include marketing cookies (for example, cookies from Google Adsense, Facebook, DoubleClick, Yandex.Direct), statistical cookies (Google Analytics, Yandex.Metrica) and others that do not affect the functionality and operation of the site.
In other words, all advertising, statistical and similar cookies cannot be set without the consent of visitors from Europe. By the way, Google itself warns about this .
For a quick check of cookies there is 2GDPR . Checking takes about a minute.
The analysis of the results itself requires more time. He spent several hours on his projects and client sites with a total of more than 60 hours. As a result, it turned out that only one out of five complies with GDPR of them. Mostly problems were observed due to the download without the consent of statistical cookies from Google Analytics. Some sites even had banners that did not block such cookies properly.
After reading and once again perplexed by the need to set a cookie banner for European visitors on my projects, I undertook to study the issue of cookies and GDPR in more detail.
/ Flickr / Marco Verch / CC BY / Photo changed
To start, I remind you that GDPR is the European Data Protection Regulation, which has been in force everywhere since 2018. It is important to try to comply with it if the business has at least some ties with Europe.
For many regular sites that do not store any personal data at all, GDPR compliance is limited to setting a cookie banner for visitors from Europe. For the most part, you need this to prevent giants like Google, Facebook or Yandex from tracking the behavior and preferences of Europeans through them.
If there is no cookie banner on the site
You comply with the GDPR if you do not set any cookies at all or set only cookies strictly necessary for the operation of the site. The European Commission gives examples of such cookies:
- session and created based on user input. For example, storing data on goods in a shopping cart;
- session for authentication;
- Session for playing multimedia content. For example, media player cookies;
- Session for load balancing;
- used to detect unauthorized access and associated with functionality explicitly requested by the user for a limited period of time. For example, cookies counting the number of attempts to enter a password;
- user interface cookies: session or set up to several hours.
Setting strictly necessary cookies does not require consent. In all other cases, consent is necessary (clause 32 of the GDPR Preamble) and a cookie banner must be set.
If there is a cookie banner
You comply with the GDPR if the installed banner blocks the downloading of cookies that are not strictly necessary before obtaining the consent of the visitor from the EU. These cookies include marketing cookies (for example, cookies from Google Adsense, Facebook, DoubleClick, Yandex.Direct), statistical cookies (Google Analytics, Yandex.Metrica) and others that do not affect the functionality and operation of the site.
In other words, all advertising, statistical and similar cookies cannot be set without the consent of visitors from Europe. By the way, Google itself warns about this .
How to quickly check cookies
For a quick check of cookies there is 2GDPR . Checking takes about a minute.
The analysis of the results itself requires more time. He spent several hours on his projects and client sites with a total of more than 60 hours. As a result, it turned out that only one out of five complies with GDPR of them. Mostly problems were observed due to the download without the consent of statistical cookies from Google Analytics. Some sites even had banners that did not block such cookies properly.