Cookies and GDPR: Is your website compliant?

The General Data Protection Regulation (GDPR), or GDPR in English, as well as the ePrivacy Regulation, force web pages (and beyond) to respect the privacy of their users.

Surely you have noticed that whenever you access a website, you are asked about accepting cookies. Before the GDPR, these cookies were automatically saved by your browser, for the purposes of Marketing, Analytics, website operation, etc.

Do you know what cookies are?

To better understand what the GDPR regulates, first, it is worth knowing what cookies are. In a simple and practical way, cookies are files saved on your computer by your browser, and originating from the websites and platforms you visit. This data is used for different purposes, and can be classified as follows:

  • Session Cookies: These Cookies are temporary; that is, when you close the browser, the computer will automatically eliminate them, and they are normally used to identify patterns in your browsing. For example, they are used to show you a cookie warning only when you enter the website (and not on every page you visit within a given website).
  • First-party cookies: First-party cookies help, for example, a certain website or platform to remember you! For example, without first-party cookies, websites would not be able to remember your language preferences!
  • Third Party Cookies: These are the bad cookies! They only exist for one purpose: tracking. In other words, these cookies can see: your browsing history; your online behavior; your demographic information; consumption habits; among other aspects. The good thing is that all current browsers give you the option to “Block third-party cookies”.

Therefore, according to the GDPR, users must expressly accept cookies from the websites they visit, and they must inform in detail what data is collected and how it will be processed. However, there are some exceptions. For example, it is not necessary to accept cookies that are essential for the website in question to function.

What must your website guarantee to comply with GDPR rules?

Os Cookies e o RGPD: O teu site respeita a lei?

In order to comply with GDPR rules, without making the experience of visitors to your website difficult, there are some good practices that you should follow. The fundamental principle that you must keep in mind is that: “Everything must be clear and simple!”

As we told you previously, you must inform users in detail about the type of cookies your website uses and what their purpose is. This information must be presented in a clear and accessible way, for example, with a banner or pop-up.

If your cookies collect personal data, until the user accepts the cookies, they must be blocked. However, it is obvious that if your website requires cookies to function, you will not be able to limit access to specific content or functions on your website if cookies are not accepted. However, you can limit full access to your website. In this case, you are presenting an alternative to navigation, namely rejection.

We hope this article has enlightened you more about cookies, what they are, how they are used and how you can comply with the GDPR.

See you soon!

Note: This article is not intended as advice. Its purpose is strictly informative and does not, under any circumstances, dispense with a specific analysis of your specific case.

A Paipeláine nas Redes Sociais!

Não se esqueça de visitar e subscrever o nosso Canal do YouTube, visitar-nos no Facebook, Instagram ou seguir a nossa página do LinkedIn. Esperamos por si…