Data privacy is the new black

Frank Parker
Authored by Frank Parker
Posted Monday, November 15, 2021 - 10:05pm

Almost every website on the worldwide web runs on cookies. In fact, chances are that the website where you have found this article is also running on cookies. Cookies help make the browsing experience more pleasant, e.g., by remembering your information for autofilling form fields or by saving the items you have put in the shopping cart.

Statistics and marketing cookies make up the majority of cookies, and for a long time, website users had no control over what kind of data was collected about them or what happened to that data. However, with the enforcement of data privacy laws such as the GPDR and the CCPA, the power balance has been shifted so that website users are now in control of their data.

Website owners, on the other hand, are now obligated to deliver transparency about active cookies on their domain by providing a cookie policy, among other things. Read more about cookie policy. Moreover, website owners are now also required to inform end-users about what kind of data is collected about them.

What are cookies?

Cookies are small text files that collect information about website users. The cookie technology was developed some time in the early 90’s and the name ‘cookie’ comes from ‘fortune cookie’. This is due to both types of cookies being structures containing a message within.

Cookies can collect everything from trivial and seemingly uninteresting information such as the technical specifications of an end-user’s device to very sensitive information such as sexual orientation. But cookies are not bad in themselves, as they are nothing more, but a technology designed for collecting data. It is, however, what you can do with this data that is concerning.

An important step to becoming compliant with the GDPR and/or the CCPA is to provide full transparency of which are running on a website. This is done via a cookie policy. But naming all the active cookies is not enough to become compliant. The following cookie information should also be listed:

  • How long the cookies stay on the user’s browser
  • What type of data is collected
  • Where the collected data is sent to
  • Who the collected data is shared with
  • How to reject cookies
  • How to change the cookie settings  

What are the GDPR and the CCPA?

The General Data Protection Regulation, often abbreviated to GDPR, is a data privacy law from the EU that controls how for-profit and non-profit organizations handle end-users’ personal information. As long as a website caters to or has end-users from the EU, the business in charge of the website is expected to become GDPR compliant.

Similar to the GPDR is the California Consumer Privacy Act, often abbreviated to CCPA. The CCPA is a state-wide data privacy law that controls how for-profit organizations handle personal information of California residents.

Failure to become compliant with the GDPR and/or the CCPA can result in great fines, for example, non-compliance with the GDPR can result in fines of up to €20 million.

Share this

Gallery