Some thoughts on cookie consent
Michael Irene is a data and information governance practitioner based in London, United Kingdom. He is also a Fellow of Higher Education Academy, UK, and can be reached via moshoke@yahoo.com; twitter: @moshoke
These days, almost every website requires individuals to fill consent form or affirmatively agree to allow the site to place cookies on individuals’ devices. In addition to that, some companies wouldn’t allow you to browse through their website if you don’t allow cookies consent. Some companies believe that once you have a website, have a cookie policy and seek cookie consent. That’s not the case. There are specific criteria that companies must consider before throwing in the cookie consent or maintaining a cookie policy. For example, a consulting firm that uses its website for information purposes doesn’t necessarily need a cookie policy. The consulting company might use cookies for functional capabilities for the website. In that case, the company is exercising legitimate interest functions.
To be sure that a company needs a cookie policy, companies must identify the cookies they serve.
Identification allows the company to know these cookies and, more importantly, summarise their functions to their customers and web-visitors.
After the identification process, the company wants to find out if the cookies are intrusive.
This intrusive assessment helps determine the likelihood that users will find some level of tracking too heavy.
Another way to promote transpa rency in cookie policy usage is to ensure that the company’s privacy policy discloses when cookies are used for other purposes. If you will be using cookies for targeted advertising, it is best to inform visitors on your website. If you’re using first-party cookies (cookies served by website operator) or third party cookies (done by a third party other than the website operator), highlight these features on your privacy policy or explain your cookie policy
further. Some companies use cookies for targeted marketing purposes and fail to inform data subjects about this act, especially in the so-called third countries. It is a violation of data protection global standards to fail to notify customers about this.
Your privacy policy should also disclose this and lead the customers to the cookie policy to get further information.
There must be a simple and easily accessible means to accept or refuse targeted adver tising. If customer A accepts to allow cookie, there should be an easy way for the customer to withdraw that same consent. The end-to-end management of such consent must be simple and not complicated. Companies should try to adopt the ‘do not track’ browser functionality proactively. It would help ensure that companies are not intruding excessively into the privacy of customers. A colleague keeps getting texts from a company asking him about his trip to cinemas, and surprisingly too, he thinks that some thirdparty company listen to his conversations.
The latter happened when he mentioned that he would like to buy a car and get adverts about vehicles.
It might be that he accepted a cookie from a website, and it tracks his daily behaviour onl ine and offline.
Companies must know that they don’ t need a cookie policy if their website doesn’t carry out unnecessary tracking, and when they track customers, they must seek the customer’s consent. The company must always try to be transparent about its cookie methodologies.