Cookie notices and your website
This article is a 5 minute read.
Ever wondered about the Cookie Consent widgets that display on websites that you visit?
This article aims to explain HTTP cookies and how important it is to have a cookie notice on your website in Australia.
Does your website have cookies?
Most websites do use HTTP cookies. If you have indexed your website with Google and use Google analytics or other performance tools, and social channel integrations, your website uses cookies.
You can find out the type and the number of cookies on your website by using the Cookie Script online tool.
What are cookies?
Cookies are small pieces of data sent to your web browser by a website that you visit. They identify your computer and web browser e.g. Chrome. They were named after ‘fortune cookies’ which traditionally hold small pieces of paper written with playful (but highly unlikely!) predictions of the future.
Cookies help your browser remember information about the website(s) you visit. A simple example is when your username and password are auto-filled when you log into an online account — it was a cookie that set your login information. This saves the user a lot of time and hassle, so therefore convenient. Because cookies technically record personal data, privacy laws in some countries now require the need for visitors to consent to website cookies before entering.
First-party and third-party cookies
Not all information collected by cookies is sufficient to identify a person who uses a website. There are numerous types of cookies but the two over-arching types are:
First-party cookies — directly created from a website to the device that you are using. First-party cookies help identify you as a unique user, but not necessarily personally identifiable, so you can be recognised if you visit the same website again. They often store information relevant to the website browser such as what you’ve viewed in the past or your settings preferences. First-party cookies can offer a better user experience on a site, including saving time by auto filling forms with your information that you have input into your device.
Although cookies can create a smooth internet experience, not all people are comfortable with the way cookies are used. Privacy issues are the main concern in that cookies track your browsing habits and some collect personal data.
Third-party cookies — these are probably the most controversial type of cookie in terms of data privacy. They predominantly are used to track your behaviour for advertising purposes. If you are on a website and click on an advertisement, or a product you’re interested in, a third-party cookie could be generated that follows your online movements by presenting further prompts to click on the product, in the form of an advertisement, when you’re on another site.
Clicking on a Facebook "like" button, or linking to Facebook from your site, will also produce a third-party cookie. watching a YouTube video on a site sets a tracking cookie. Third-party cookies gather information about your online movements.
Cookies can be used for:
Setting your chosen language preference
Remembering items in a shopping cart
Remembering if certain settings are turned on
Authenticating your identity
Preventing fraud
Creating highly targeted ads
Tracking how you interact with ads
Making recommendations
Tracking items you view in an online store
Auto-filling your information in forms.
Are Cookie Consent Notices mandatory for all Australian websites?
In Australia, the handling of cookies and user data is governed by the Privacy Act 1988, which includes the Australian Privacy Principles. These principles require organisations to handle personal information, including data collected through cookies, in a transparent and responsible manner.
At the time of writing, Australian data protection laws do not require cookie banners or consent popups. However, if your website collects sensitive personal information, you should obtain the express consent of users to accept your website cookies. With security issues at the forefront of web users minds, many users want transparency from businesses with how their input data is used by owners of websites.
Some Australian websites are set up so that users must accept the use of their cookies. While this is required in the EU and in the US state of California, it isn’t necessary by law for Australian websites. If your website audience is global, you should have a cookie notice that users accept of decline.
Information-only websites
If your website has been indexed in search engines, and uses analytics tools, your website uses cookies. Add a statement about the cookies you use to your Privacy Policy. You could also consider a basic cookie notice that links to your privacy policy.
Websites that collect personal information
If your website collects personal information, e.g. via a contact form or customer login, you should have a cookie notice with a link to your privacy policy that includes your cookie policy or, even better, a cookie widget with an ‘accept’ or ‘decline’ option especially if you have an international audience.
Does your website attract international audiences?
European Union audiences
The EU is seen as the global leader in tech regulation. The EU requires all websites to have a cookie consent widget with an ‘accept’ or ‘decline’ option.
The EU has two important laws regarding cookie consent:
The ePrivacy Directive requires the consent of users for cookies that gather personal information and track user behaviours.
The General Data Protection Regulation or GDPR is legislation with strict rules on how a website requests and obtains consent before using a website. Acceptance must be earned via clear and affirmative consent meaning users must always agree to cookies if they are visiting a website. The EU is pretty serious when it comes to enforcing these laws, so failure to offer this to European audiences may result in your Australian site losing some functionality, or being blocked.
British audiences
The requirement for cookie notices and policies in the UK are similar to those in Australia. So, unless your website collects personal information, UK users don’t have to directly accept the use of cookies but they need to be informed about them.
USA
Except for the state of California, the US has a pretty relaxed attitude to privacy and cookie in that the US does not require consent for cookies. However, Californian law requires the consent of users for cookies that gather personal information and track user behaviour.
Other countries
Find out more about cookie consent relating to a range of different countries on TermsFeed.
Do you need a cookie policy?
Yes, if your website uses cookies, you need a cookie declaration or policy. This can be integrated into the privacy policy on your website.
The basic requirement is that the cookie policy must be clear and offer information about the purpose of your cookies.
What happens if visitors decline to accept cookies?
Some website cookie notices have an ‘accept’ or ‘decline’ option. If visitors decline, the site experience may be more sluggish, certain elements may not load properly, and users will have to manually input their details if they need to log in.
Best practice summary for Australian website owners
Find out what cookies your website uses via an online tool like Cookie Script. As a baseline, include the information about your cookies in statement/declaration as part of your Privacy Policy.
If you collect personal information from users of your site, you should have a cookie notice in the banner, footer, or a popup. This can be an information-only statement about your site’s use of cookies with a link to your privacy policy, or an accept or decline cookie notice if you have an international audience.
Most businesses and organisations are opting to add a cookie notice for professional transparency, and best practice — considering their audience could be in countries that require users to accept the use of cookies.
Need help with your Cookie Notice and Privacy Policy? Contact me.
