When you imagine a cookie, what will you come up with? First image in your mind would be the soft and sweet taste of a cookie. Right away, you may think about huge calories, makes you fat.
A cookie used for a website is not different with the cookie I mentioned. Today, we will learn CCPA regulation about cookies.
If you visit the site you’ve never accessed before, you will notice the cookie bar below.
[The Cookie Bar]
A cookie bar is the UI that shows the site’s cookie policy. CCPA requires companies to disclose information about cookie collection and usage.
Cookie Policy
A cookie policy is a statement regarding what cookies are active on your website, what user data they track, for what purpose, and where in the world this data is sent. A cookie policy should also contain information regarding how your users may opt out of the cookies or change their settings relating to the cookies on your website.
To comply CCPA cookie regulation, it should include information regarding:
1) You use cookies on your website and explain briefly what cookies are,
2) What types of cookies you (or any third parties) are using,
3) The categories of personal data that they collect;
4) The purpose why you use cookies
5) let users know how they can opt out of having cookies placed on their devices.
[The Cookie Definition]
[The types of Cookie they collect and use]
When you see the cookie bar, you can figure out the consent is already checked. Is the site wrong when developing the cookie bar?
[The Cookie Bar - Consent]
The answer is No. Under the CCPA cookie regulation, cookie consent is based on an opt-out mechanism.
CCPA cookie consent
The CCPA requires businesses to inform consumers before or at the point of collection of their personal data, but does not require prior, explicit cookie consent.
Now we learn that if you collect a cookie, we need to disclose the cookie bar under the cookie policy. Giving an opt-out option for consent is accepted. To deny providing any cookies, I tried to opt out of Necessary cookies. But suddenly a warning message showed up. What’s going on?
[Block to opt out Necessary cookies collection]
CCPA cookie requirements for Necessary Cookies
Strictly necessary cookies, the ones required to make websites function, do not require consent. It is advisable to disclose their use to the website visitors, but it is not required to allow them to deactivate these cookies, if without them, the website would not function properly.
Other types of cookies, such as functionality, performance, or analytics cookies should be optional.
The CCPA requires that phrases like “by continuing to use this website you agree with our use of cookies” disappear from websites.
What are GDPR Cookie Consent Requirements?
Under GDPR, websites need to collect consent to utilize all cookies other than those absolutely necessary to the running of the site. GDPR has strict requirements for what counts as consent, requiring a “clear affirmative act” that users are opting-in to having their data collected. It’s no longer good enough to use a pre-checked box or a banner that tells the user that by continuing to use the website they agree to cookies. Additionally, when companies request consent, they must do so in a way that is “clear, concise, and not unnecessarily disruptive", meaning that your site can't bury a consent mechanism in the middle of a lot of legal jargon.
Finally, under GDPR, websites must provide a way for users to withdraw their decision to grant data collection consent, and the "right to be forgotten".
Under CCPA, data collected by cookies can count as personal information. While CCPA requires businesses to gain opt-out consent for cookies, it does require them to disclose what data is being collected by cookies and what is done with the data. Additionally, businesses need to take steps to comply with the right to opt-out of the sale of personal information collected by cookies.
[1] Cookie Definition, https://techterms.com/definition/cookie
[2] Cookie Bot, https://www.cookiebot.com/
[3] Cookie Law, https://www.cookielaw.org/regulations/ccpa/