Do I need a cookie banner?

We’re pretty sure you know the chocolate chip kind, but there still seems to be plenty of mystery about web cookies. Lots of people are wondering “do I need a cookie banner?” and we’re going to answer that question.

One of the most common things we notice when looking at people’s sites is they are often missing a cookie consent method. In this post, we’ll explain what cookies are and whether or not you need that banner/box. 

What is a cookie?

A cookie is a small file that gets downloaded onto your device when you visit a website. Typically information around the user’s device and preferences are stored in cookies. But, as you no doubt will have heard, things such as your IP address, location – and, in some cases, even your personal information – can be stored in them too. 

Not all cookies store personal information. In fact, there are now strict rules around cookies. You must give users control over how their information is collected and stored. 

The UK GDPR defines as a cookie as:

“A type of ‘online identifier’, meaning that in certain circumstances these will be personal data. For example, a user authentication cookie would involve processing of personal data, as it is used to enable the user to log in to their account at an online service.” 

– From the ICO

About “online identifiers”:

“Natural persons may be associated with online identifiers provided by their devices, applications, tools and protocols, such as internet protocol addresses, cookie identifiers or other identifiers such as radio frequency identification tags. This may leave traces which, in particular when combined with unique identifiers and other information received by the servers, may be used to create profiles of the natural persons and identify them.”

– From the ICO

Examples of online identifiers could be:

  • IP or MAC addresses
  • Advertising IDs
  • Pixel tags
  • Account handles or user names
  • Device fingerprints

What are the rules?

The rules around cookies can be summarised as:

  1. Tell people that your site is using cookies (regardless of their purpose)
  2. Explain what the cookies are doing and why they are necessary
  3. Get consent from the user to store a cookie on their device and collect their information

These rules apply to more than just standard cookies. They also apply to any behind the scenes behaviour that records user information, preferences, or actions. You’re well within your rights to refuse access to your site if someone does not give consent. If you do this though, you may find your traffic quickly dries up if you reject visitors. 

The legislation is actually quite in depth and covers a broad range of examples. You could write entire books on this stuff. So if you’re really worried, you should contact a legal professional to put your mind at ease!

What counts as giving consent?

The simplest way to tick this box is a cookie banner. You will almost certainly have seen these about. They’re everywhere these days; those boxes, banners, and popups that ask you to “Accept All”, “Reject All” or “Set Preferences”. 

These cookie banners include a link to the site’s cookie policy and will give a user the option to enable the specified cookies, reject them entirely and, in some cases, pick and choose which are allowed and which are not.

The TL:DR (too long: didn’t read) of this is: you need a button that allows a user to accept or reject your cookies.

Do I need a cookie banner?

The short answer is yes, you most likely do. It’s extremely unlikely that your site isn’t using some kind of cookie. In many cases they are a necessity for your site to even function. 

WordPress users can install a plugin such as Complianz which will scan your site for all your cookies, and generate a cookie policy for you. 

Wix and Squarespace users aren’t exempt, the best thing you can do to cover your back is turn on a consent banner in your control panels. By the looks of things, Wix uses cookies on all of their sites by default, even if you’re not tracking any site visitor’s data.

There are arguments, intricacies, and exclusions around some types of cookies and their behaviour. But it is still good practice to be upfront about the use of cookies on your site and their purpose – even if consent might not strictly be required. 

If you want to read more about cookies, what your obligations are, the risks, and what happens if you don’t comply pop on over to the ICO here

If you don’t have a cookie banner and would like one, or just want some advice drop us a message!