What’s Happening With GDPR And ePR? Where Does CookiePro Fit In?
What’s Happening With GDPR And ePR? Where Does CookiePro Fit In?
2019 -0 5-23T10: 00:59+02: 00
2019 -0 5-23T10: 10:09+00: 00
( This is a sponsored article .) Is privacy such issues on the web? According to this ConsumerMan piece from NBC News a few years back, it is 😛 TAGEND
The Internet has become a serious threat to our privacy .– Jeff Chester of the Center for Digital Democracy
Your online profile is being sold on the web. It’s kind of crazy and it’s not harmless .– Sharon Goott Nissim of the Electronic Privacy Information Center
There are no limits to what types of information can be collected, how long it can be retained, with whom it can be shared or how it can be used .– Susan Grant of the Consumer Federation of America
While there’s been talk of introducing a “Do Not Track” program into U.S. legislation, the EU is the first one to actually take steps to induce the Internet a safer place for consumers.
With these initiatives keep business accountable for the information they track and use online, web developers have to add another thing to their list of requirements when building a website 😛 TAGEND
The protection of user privacy.
In this post, we’re going to look at 😛 TAGEND
Where we currently stand with GDPR,
What alterations we’ve seen on the web as a result,
What’s coming down the line with ePR,
And take a look CookiePro Cookie Consent tool that helps web developers make their websites compliant now.
GDPR: Where Are We Now?
With the one-year anniversary of GDPR upon us , now is a great time to talk about what the updated legislation has done for online privacy.
It’s not like the EU didn’t have privacy directives in place before. As Heather Burns explained in a Smashing Magazine article last year 😛 TAGEND
All of the existing principles from the original Directive stay with us under GDPR. What GDPR adds is new definitions and requirements to reflect changes in technology which simply did not exist in the dialup epoch. It also tightens up requirements for transparency, disclosure and, process: the lessons from 23 years of experience.
One other key alter that comes with moving from the previous privacy directive to this privacy regulation is that it’s now consistently implemented across all EU states. This attains it easier for businesses to implement digital privacy policies and for governing bodies to enforce them since there’s no longer any question of what one country has done with the implementation of the law. It’s the same for all.
What’s more, there are clearer guidelines for web developers that are responsible for implementing a privacy answer and notification on their clients’ websites.
Has GDPR Led to Any Changes in How Website Handle Data?
It seems as though many companies are struggling to get compliant with GDPR, based on a test done by Talend in the summer of 2018. They sent data requests to over a hundred companies to see which ones would offer the requested information, per the new GDPR guidelines.
Here is what they found 😛 TAGEND
Only 35% of EU-based companies complied with the requests while 50% outside of the EU did.
Merely 24% of retail companies reacted( which is alarming considering the kind of data they collect from customers ).
Finance companies seemed to be the most compliant; still, only 50% reacted.
65% of companies took over 10 days to respond, with the average response time being 21 days.
What Talend indicates, then, is that digital services( e.g. SaaS, mobile apps, e-commerce) are more likely to fall in line with GDPR compliance. It’s the other companies — those that didn’t start as digital companies or who have older legacy systems — that are struggling to get onboard.
Regardless of what actions have been taken by businesses, they know they must do it.
A 2018 report published by McDermott Will& Emery and Ponemon Institute showed that, despite businesses’ inability to be compliant, they were scared of what would happen if they were found not to be 😛 TAGEND
Those that said they feared fiscal repercussions were right to do so. The GDPR assesses fines based on how severe the infringement is 😛 TAGEND
Lower level offenses result in fines of up to EUR1 0 million or 2% of the non-respendable revenues constructed in the prior fiscal year.
Upper level offenses result in fines of up to EUR2 0 million or 4 %.
Some high-profile cases of penalties had now been popped up in the news, too.
Google received a EUR5 0 million penalty for committing a number of violations.
Mainly, the issue taken with Google is that it buries its privacy policies and consent so deep that most consumers never find it. What’s more, a lot of their privacy policies are ambiguous or unclear, which leadings users to “Accept” without really understanding what they’re accepting.
Facebook is another company we shouldn’t be too surprised to see in GDPR’s crosshairs.
Their penalty was only for PS500, 000. That’s because the fine was assessed for grievances issued between 2007 and 2014 — before GDPR went into place. It’ll be interesting to see if Facebook changes its privacy policies in light of the much larger sum of money they’ll owe when another inevitable breach occurs.
It’s not just the monetary fine businesses should be nervous about when failing to comply with GDPR.
Stephen Eckersley of the UK Information Commissioner’s Office said that, after the GDPR went into effect, the amount of data breach reports increased exponentially.
In June of 2018, there were 1,700 reports of companies in violation of GDPR. Now, the average is roughly 400 a few months. Even so, Eckersley estimates that there will be double the amount of reports in 2019 than there were in previous years( 36,000 vs. 18,000 ).
So , not only are the regulate bodies willing to penalize business for failure to comply. It seems that consumers are fed up enough( and empowered !) to report more of these violations now.
Let’s Talk About ePR For A Second
The ePrivacy Regulation has not yet become law, but it’s expected to soon enough. That’s because both GDPR and ePR were drafted to work together to update the old Data Protection Directive.
ePR is an update to Article 7 in the EU Charter of Human Rights. GDPR is an update to Article 8.
Although they’re separately defined, it’s best to think of ePR as an enhancement of GDPR. So , not only do businesses have to take care with data collected from individuals, the ePR says that they have to be careful with protecting the identity of individuals, too.
As such, when the ePR rolls out, all digital communications between business and consumer will be protected. That includes 😛 TAGEND
If a consumer has not expressly given permission for a business to contact them, the ePR will prohibit them from doing so. In fact, the ePR will take it a step further and give more control to consumers when it comes to cookies management.
However, we’re not at that point yet, which entails it’s your job to get that notice up on your website and to make sure you’re being responsible with how their data is collected, stored and used.
What Web Developers Need To Do To Protect Visitor Privacy
Do a search for “How to Avoid Being Tracked Online” 😛 TAGEND
There are over 57 million pages that appear in Google’s search results. Do similar keyword searches and you’ll also find endless pages and forum submissions where customers carry serious concerns over the evidence gathered about them online, wanting to know how to “stop cookies”.
Clearly, this is a matter that holds customers up at night.
The GDPR should be your motivation to go above and beyond in set their minds at ease.
While you probably won’t have a hand in the actual data management or usage of data within the business, you can at least help your clients get their websites in order. And, if you already did this when GDPR initially was enacted , now would be a good time to revisit what you did and make sure their websites are still in compliance.
Just make sure that your client is safely handling visitor data and protecting their privacy before providing any sort of privacy consent statement. Those statements and their acceptance of them are worthless if the business isn’t actually fulfilling its promise.
Once that part of the conformity piece is in place, here’s what you need to do about cookies 😛 TAGEND
1. Understand How Cookies Work
Websites allow businesses to gather lots of data from guests. Contact forms collect info on results. eCommerce gateways accept methods of payment. And then there are cookies 😛 TAGEND
Cookies are pieces of data , ordinarily stored in text files, that websites place on visitors’ computers to store a range of information, usually specific to that visitor — or rather the device they are using to view the site — like the browser or mobile phone.
There are some that collect bare-bones details that are necessary to provide visitors with the best experience. Like preserving a logged-in session as visitors move from page to page. Or not displaying a pop-up after a visitor dismissed it on a recent visit.
There are other cookies, usually from third-party tracking services, that pry deeper. These are the ones that track and later target visitors for the purposes of marketing and advertising.
Regardless of where the cookies come from or what purpose they serve, the fact of the matter is, customers are being tracked. And, until very recently, websites didn’t have to inform them when that took place or how much of their data was stored.
There’s no get around the usage of cookies. Without them, you wouldn’t have access to analytics that tell you who’s visiting your website, where they come from and what they’re doing while they’re there. You also wouldn’t be able to serve up personalized content or notifications to keep their experience with the site impression fresh.
That said, do you even know what kinds of cookies your website uses right now?
Before you go implementing your own cookie consent notice for guests, make sure you understand what exactly it is you’re collecting from them.
Go to the CookiePro website and run a free scan on your client’s site 😛 TAGEND
After you enter your URL and start the scan, you’ll be asked to provide merely a few details about yourself and the company. The scan will start and you’ll receive a notice that says you’ll receive your free report within 24 hours.
Just to give you an idea of what you might see, here are the report results I received 😛 TAGEND
As you can see, CookiePro does more than just tell me how many or which cookies my website has. It also includes kinds that are gathering data from guests as well as tags.
Be sure to review your report carefully. If you’re tracking data that’s completely unnecessary and unjustified for a website of this nature to get ahold of, that needs to change ASAP. Why put your clients’ business at risk and compromise guest trust if you’re gathering data that has no reason to be in their hands?
Note: if you sign up for an account with CookiePro, you can run your own cookie audit from within the tool( which is part of the next step ).
3. Provide Transparency About Cookie Usage
GDPR isn’t trying to discourage industries from employing cookies on their websites or other marketing channels. What it’s doing, instead, is encouraging them to be transparent about what’s happening with data and then be responsible with it once they have it.
So, once you know what sort of cookies you’re using and data you’re handling, it’s time to inform your visitors about this cookie usage.
Keep in mind that this shouldn’t just be served to EU-based guests. While those are the only ones protected under the regulation, what could it hurt to let everyone know that their data and identity are protected when they’re on your website? The rest of the world will( hopefully) follow, so why not been very active and get consent from everyone now?
To provide transparency, a simple entry notice is all you need to display to visitors.
For example, here is one from Debenhams 😛 TAGEND
As you can see, it’s not as simple as asking visitors to “Accept” or “Reject” cookies. They’re also given the option to manage them.
To add your own cookies entry banner and advanced alternatives, use CookiePro’s Cookie Consent tool.
Signup is easy — if you start with the free scheme, it takes just a few seconds to sign up. Within an hour, you’ll receive your login credentials to get started.
Before you can create your cookie permission banner, though, you must add your website to the tool and run a scan on it.( You may have already completed that in the prior step ).
When the scan is complete, you can start creating your cookie flag 😛 TAGEND
By publishing a cookie consent flag to your website, you’re taking the first big step to ensuring that guests know that their data and identity is being protected.
4. Make Your Cookie Consent Form Stand Out
Don’t stop at simply adding a cookie flag to your website. As Vitaly Friedman explained 😛 TAGEND
In our research, the vast majority of users willingly offer permission without reading the cookie notice at all. The reason is obvious and understandable: many customers expect that a website’ probably wouldn’t work or the content wouldn’t be accessible otherwise.’ Of course, that’s not necessarily true, but users can’t know for sure unless they try it out. In reality, though , nobody wants to play ping-pong with the cookie consent prompt and so they click the consent away by choosing the most obvious option:’ OK.’
While ePR will eventually rid of us of this issue, you can do something about it now — and that’s to design your cookie consent kind to stand out.
A word of caution: be careful with using pop-ups on a mobile website. Although consent kinds are one of the exceptions to Google’s penalty against entry pop-ups, you still don’t want to compromise the visitor experience all for the sake of being GDPR compliant.
As such, you might be better off using a cookie flag at the top or bottom of the site and then designing it actually stand out.
What’s nice about CookiePro is that you can customize everything, so it really is yours to do with as you like. For instance, here is one I designed 😛 TAGEND
You can change 😛 TAGEND
You can write your own copy for each element 😛 TAGEND
And you get to decide how the banner will function if or when guests engage with it.
5. Educate Visitors on Cookies
In addition to giving your cookie consent banner a unique looking, use it as a tool to educate visitors on what cookies are and why you’re even using them. That’s what the Cookie Settings area is for.
With Cookie Consent, you can inform visitors about the different types of cookies that are used on the website. They then have the choice to toggle different ones on or off based on their comfort level.
That’s what’s so nice about CookiePro taking care of the cookie scan for you. That style, you know what kinds of cookies you actually have in place. All you have to do, then, is go to your Cookie List and select which descriptions you want to display to visitors 😛 TAGEND
Just make sure you explain the importance of the most basic of cookies( “strictly necessary” and “performance) and why you recommend they leave them on. The rest you can provide explanations for in the hopes that their response will be, “Okay, yeah, I’d definitely like a personalized experience on this site.” If not, the choice is theirs to toggle off/ on which various kinds of cookies they want to be shown. And the Cookie Consent tool can help.
In other terms, a cookie consent bar is not some superficial attempt to get consent. You’re trying to help them understand what cookies do and give them the power to influence their on-site experience.
There’s a lot we have to be thankful for with the Internet. It closes geographic gaps. It presents new opportunities for doing business. It enables consumers to buy pretty much anything they want with merely a few clicks.
But as the Internet ripens, the ways in which we build and use websites become more complex. And not just complex, but risky too.
GDPR and ePR have been a long time coming. As websites assemble more data on customers that can then be used by third parties or to follow them to other websites, web developers need to take a more active role in abiding by the new regulations while also set visitors’ intellects at ease. Starting with a cookie consent banner.
( ms, yk, il)
Read more: smashingmagazine.com