top of page

Everything You Need To Know About Using Cookies On Your Business Website



If you own a business and have a website then you may be aware of cookies. Perhaps you have heard you need a cookie banner and that cookie usage and permissions are part of your wider data protection responsibilities. Many business owners though, don’t really understand what cookies are and, because it's this ambiguous technical buzzword, it’s easy to assume cookies are overly complicated and something to leave the website platforms and site developers to deal with. The truth is, a basic understanding of cookies and how they work is essential because if regulations are not adhered to, even due to an oversight, you may find yourself in breach of the Privacy and Electronic Communications Regulations 2003 (PECR).


The good news is cookies are not as complicated as you might think. The great news is that this article is going to explain what cookies are, how they work and what you can and can’t collect, as well as how to structure your cookie policy so it is transparent and protects both you and your website users. 


What Are Cookies And How Do They Work?

Website cookies are small text files stored on a user's device by a web browser when that user visits a website. Generally, they are used to track a user’s experience of the website to improve functionality and user experience. They may also enhance personalisation. Through storing certain information, they may personalise the experience for a customer and this could make their journey through the site simpler and speed up transactions.


When a user visits a website, the server sends a small amount of data (the cookie) to their web browser. The browser stores this cookie and when they return to the website, the browser sends the cookie back to the server. The website then reads the cookie to identify the user and provide a more tailored experience.


Although cookies have a somewhat negative reputation, their key purpose is to better serve the customer and enable website managers to monitor interactions and pinpoint areas where the site can be improved.


So, why are cookies viewed with caution and scepticism?


Well, there are different types of cookies and any user tracking can be seen as intrusive. When users share their information on a website, by signing up for a newsletter or making a transaction, they understand what data they're sharing and why. Cookies are more ambiguous though and therefore they must also be opt-in.

Businesses need to understand the types of cookies they are collecting and must handle these in a way that respects user privacy.


Types Of Cookies


First-Party Cookies: These are created by the website you're visiting. They’re often used to remember user preferences or login information specific to that site.


Third-Party Cookies: These are created by external services or advertisers embedded on the site (e.g., through ads or social media plugins). These cookies track users across multiple sites, usually for advertising purposes. Websites may allow third-party cookies or choose not to have them. Google has committed to blocking third-party cookies which would essentially spell the end of this type of tracking. However, this phasing out has been postponed several times already.


Session Cookies - Cookies that track a user on a website but are dropped when the session is ended. Meaning they are unable to store information beyond a single session.


Persistent Cookies - Stored on a user's device, persistent cookies enable data previously shared on a website to be accessed. This might include sign-in details or be used to recall user preferences. Persistent cookies often allow for tailored content and a more personalised experience.


UK GDPR and Cookie Law

Post-Brexit, some may assume that EU cookie law will be, or already has been, removed from UK businesses. It has not. GDPR regulations, including policy around cookies, are mirrored in most global legislation and in the UK GDPR. The requirement to display a cookie banner to obtain consent from website users prior to tracking cookies has not been lifted and there are no known plans to relax this policy.


Websites must be compliant with The Privacy Electronic Communications Regulations 2003 (PECR) which state that -


  • Users must be able to access details of all cookies used, what they do and the reason(s) for their collection (including first-party and session cookies)

  • This information must be presented to all first-time visitors in a non-discreet manner, usually via a cookie banner or pop-up that links to the policy

  • If using non-essential cookies consent must be given


Website providers have a responsibility to display details regarding their cookie use and obtain permission from the user to collect cookies that are not essential for the functionality of the website. The website owner is also responsible for the compliance of third-party cookies so must ensure they understand what data they are collecting and for what purposes, so they can reiterate this to the site user in their cookie policy.


What Must My Website Display To Be Cookie Compliant?


  • Cookie banner or pop-up: This must be opt-in, so all first time visitors will need to confirm their permission via a tick box or button and there must be a clear option to reject cookies. To stay compliant with GDPR, this box must not be ticked before you collect any user data. This banner or pop-up must also link to - 


  • Cookie policy (OR a cookie section within your privacy policy): This is a legal document that informs users of your processes. It must be displayed on your website. You must have a privacy policy and this might include a cookie policy within it, or you might opt to have a separate cookie policy. This should detail:


  • What types of cookies are used

  • What they’re used for

  • How long the cookie is stored

  • Whether cookies are provided by yourself or a third party

  • How to refuse cookies at a later time


Does My Website Use Cookies?

Almost certainly. Cookies are usually managed by the website provider so most, if not every, platform uses at least essential cookies as they are usually necessary for basic functionality. 

Plugin features on your site may also carry their own cookies. Regardless, although site platforms must adhere to GDPR and other regulations, ultimately the website owner is responsible for informing users about cookie use. Hence, every website must display a cookie banner.


If you’re unsure which types of cookies your website uses and for what purpose, there are ways to check. In my Free Cookies Guide, I take you through how to uncover the cookies your website uses and help you de-code what these are and what they do. Then we delve into how to create or update your cookie policy, so make sure you download the guide.


How To Create A Cookie Policy

As mentioned, my free cookie guide will take you through what is needed in your cookie guide. However, it isn’t a particularly simple process and you will find yourself with a double dose of legal and tech jargon. So, you may prefer my assistance in drafting a bespoke cookie policy for your business website. Cookie policy drafting or cookie policy updating can be booked as a stand-alone service or you may find my legal packages more useful and better value. Cookie policies are included in my Start-Up Package, my GDPR/Privacy Package and my E-Commerce Package.


Cookie Policy Template


Creating your own cookie policy? Don’t forget to use my free guide and then get off to the best start with my Cookie Policy Template. This will give you the structure your policy needs, ensure you include all necessary information and the policy is professionally created to ensure it is legally robust and transparent.


And remember, while cookies on your website are crucial for legal compliance, cookies with your tea are essential for sanity. Just like a good cookie policy, a good biscuit should be transparent (you should see the chocolate chips), not too intrusive (but definitely dunkable), and always leave your users (or taste buds) satisfied.

Comments


bottom of page