Cookies are not the sweet, baked treats we all love, but rather small pieces of data stored on users’ devices when they visit your website. With the enactment of various data privacy laws, the use of cookies has become a hot topic, and it’s crucial to understand which cookies require user consent and which do not. In this blog post, we’ll delve into the exemptions for ‘strictly necessary’ cookies, as outlined in the Working Party 29 Opinion 04/2012 on Cookie Consent Exemption.
Understanding Strictly Necessary Cookies
Strictly necessary cookies are essential for your eCommerce website to function properly. They do not collect any personally identifiable information or track browsing habits. These cookies enhance the user experience on your site by remembering language preferences and other settings, making the user’s visit as efficient as possible through the buying process.
Other Types of Cookies
Apart from strictly necessary cookies, there are non-necessary or non-essential cookies. These cookies are not required for basic website functionality and often serve different purposes, such as tracking user behavior for targeted advertising or marketing research. These cookies include third-party cookies used by services, tools, or websites other than your own. They also include functional, analytics, and advertisement cookies.
Based on duration, cookies can be classified into:
- Session cookies: These are short-lived cookies that expire when the user session on a website ends or when the browser is closed.
- Persistent cookies: These cookies have a longer lifespan, ranging from days to weeks, months, or even years. They remain on the user’s device until they reach their expiration date or the users clear them from the browser.
The Importance of Cookie Consent
According to the GDPR and ePrivacy Directive, websites must ask for user consent to use cookies that are not necessary for accessing the website’s functionality. These cookies require consent because they collect user data for their purposes. Collecting data without users’ consent is unlawful, and consent is one of the six legal bases for processing user data.
For consent to be valid, it must be:
- Informed: Users must have adequate information about it before giving consent.
- Freely given: Users must have a free and genuine choice to give consent.
- Specific: Cookies with multiple purposes must seek different consent for different purposes.
- Unambiguous: Users must be able to give their consent via explicit and affirmative action.
- Revocable: Users must be able to easily withdraw their consent at any time.
- Demonstrable: You must be able to provide proof of cookie consent in case of an audit.
Criteria for Cookie Consent Exemption
The ePrivacy Directive allows for two criteria for using cookies without “informed consent”:
- Criterion A: The cookie is used solely for “carrying out the transmission of a communication over an electronic communications network”.
- Criterion B: The cookie is strictly necessary to provide a service “explicitly requested by the user”.
Case Scenarios for Cookie Consent Exemptions
Let’s analyze some cookie examples to determine if they meet criterion A or B.
Exempted Cookies
These cookies meet criterion A or B and are exempted from informed consent. They include:
- User-input cookies
- Authentication cookies
- User-centric security cookies
- Multimedia player session cookies
- Load balancing session cookies
- UI customization cookies
- Social plug-in content sharing cookies for “logged-in” members
Non-exempted Cookies
These cookies do not meet criteria A or B and require explicit consent from the users to be stored on their devices. They include:
- Social plug-in tracking cookies
- Third-party advertising cookies
- First-party analytics cookies
Conclusion
Understanding the nuances of cookie consent exemptions is crucial for eCommerce. By ensuring your website complies with these regulations, you can provide a seamless user experience while respecting user privacy.
Discussion
Related Posts
If you enjoyed reading this, please explore our other articles below: