In case you haven’t noticed, I’ve written a lot this year about big changes to data privacy laws. This month I thought I would hone in on a particular issue: using cookies on your website. You may have noticed recently that a lot of websites have starting using a banner or a pop up feature on their home page which asks visitors to opt in to accepting their cookie policy. Apart from being another step that is a bit of a nuisance, companies are doing this to ensure compliance with new privacy laws. The EU’s General Data Protection Regulation, more commonly referred to as GDPR, requires websites that store cookies from EU visitors to notify them and gain their consent. The requirement doesn’t apply to “functional” cookies, as in those that the website needs to function (ex: to load images faster), but it does apply to any other type of cookie that is stored on a visitor’s computer to remember it for a future visit. In the past, gaining a visitor’s express permission wasn’t necessary and referencing a website’s privacy policy was sufficient, but now the banner or pop up feature is the best practice to ensure compliance. For websites that require a visitor to set up an account before cookies are used, accepting terms and conditions that incorporate a cookie policy complies with the law. However, if your site uses cookies before a visitor is prompted to create an account, then the pop up feature or banner is needed. Here are some questions that you need to get answered to make sure that you are in compliance: 1. At what point do we begin using cookies for visitors? 2. Are they the type of cookies that are permanently stored on a visitor’s computer? 3. How do we use any information gathered from the use of cookies? 4. Do we share any of that information with any other organizations? 5. If we use cookies prior to a visitor registering for an account, would the features of our website be altered if someone opted to not use cookies? The average visitor will be unwilling to read about how cookies are used on your site, so it makes the most sense to fully explain that in a privacy policy that can be found elsewhere on the site and reference it in the banner. The following is a sample of some language that could be used in a banner: “By clicking “Accept” you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. To find out more about the cookies we use, please see our Privacy Policy.”