Does Your Web Site Comply With The EU Cookie Law?
Data privacy and protection is a concern for many people. News stories about mass data leaks, identity theft and other fraudulent activity heighten awareness about security and privacy and beg the question, “What data is being collected about me and who has access to it?” The rise in use of ad- and content-blocking in web and mobile browsers is testament to the worry that we don’t really have any idea when or how we’re being tracked when we use mobile apps or visit websites.
EU Privacy Laws
In 2011, the EU passed a privacy law (part of the EU privacy directive) requiring websites to obtain permission from users before storing cookies in web browsers. Countries within the EU have data protection agencies that govern the auditing and enforcement of the “EU Cookie Law.”
Google informed all users of its cookie-serving products (AdSense, DoubleClick Ad Exchange, DoubleClick for Publishers, +1 button, and Google Analytics) that they would have to add a cookie opt-in to their pages, or be suspended from these products until they complied. I highlighted the word “all,” because this new requirement is for every Google product user, not just those living in the EU.
Google has been in the EU’s crosshairs recently, first because of its unwillingness to accept the EU’s “right to be forgotten” ruling (to have your Web history removed from the search engines), and more recently due to anti-trust concerns.
Here’s Google’s spin on privacy, from its AdSense Help’s EU consent policy FAQs:
It has always been Google’s policy to comply with privacy laws, so we’ve agreed to make certain changes affecting our own products and partners using Google products.
Rather than give the EU another reason to investigate it, Google decided to be proactive and pre-emptive. It informed all users of its cookie-serving products (AdSense, Analytics, etc.) that they would have to provide the cookie opt-in option on their sites no later than September 30, 2015.
If you want to read the exact wording of Google’s policy, click here
This policy also applies to separate mobile versions of websites. And it isn’t restricted to just websites either. Any mobile app (iOS or Android) that uses any Google product that adds cookies also must provide opt-in messaging.
What Does This Mean to You?
If you haven’t already implemented an opt-in solution on your site, you probably received a message from Google in late September or early October, with a request to contact them. Use the provided contact form to do so.
How We Helped SBIers Comply
The EU Cookie Widget then automatically adds code to all of your site’s pages, with a geolocation element added in. This ensures that <em>only</em> visitors from the EU and the UK will see the opt-in bar. Why detract from the user experience of visitors from outside those two regions?
If Google ever changes its mind and wants all your site’s visitors to see the cookie opt-in bar, we’ll simply remove the geolocation feature. Your site will then show the opt-in bar to every visitor.
Not an SBI User?
If you don’t use SBI!, things are more complicated for you. You’ll have to implement a cookie opt-in bar from one of several third-party providers. Those that provide a geolocation feature are fee-based products.
Google created a site, cookiechoices.org to help you implement an opt-in for cookie consent.
The bottom line is that, as our society’s privacy concerns and laws begin to catch up with our web and app technologies, more changes will need to be implemented. Make sure that you’re subscribed to the SiteSell newsletter to continue to be informed of issues like this.