In 2020 Cookie Management should not be a hot topic. Unfortunately, going around, you can still see important firms doing messy things. Let’s see an example with some humour.
Some days ago, the Italian Privacy Authority launched a public consultation on updates to Cookie Laws. Personally, I thought that cookie law is not a theme in 2020: breaking cookie law is not simple, the only thing you have to do is to ask permission to the user before creating cookies (then you should differentiate technical cookies from profiling cookies, bla bla bla).
What are cookies? They are small pieces of informations stored by your browser in order to do a lot of things (remember your language, options you have chosen, and, obviously track your behaviour while you are navigating the website). To see them, you can press F12 on most browsers look at “Application” from the top menu and you will find the cookie list:
If you get caught creating cookies without permission, you’ll get a fine under GDPR. Don’t get me wrong: if you are a small business, and don’t have time to manage your website, something can get misplaced or deactivated and a cookie may be created when you do not want. But if you are a big company that is not acceptable (and your fine could be amazingly big).
Let’s look at the website of a gov-owned company (gov is big by definition): I can tell their story, once upon a time they had a static, unresponsive, self-produced website, but at a certain point they asked to a well-known agency to change their image (new name, new logo, new corporate colours, all the marketing things to look younger, smarter, cooler, etc.) and then they outsourced the website.
Since this is a true example I obviously had to cover everything that can identify the company, but looking to the website I ensure you that, by a marketing point of view, they did a good job. Let’s see:
After a couple of seconds, the homepage is obscured by a blue page asking you permission about cookies, and tells you that if you continue on the website you accept all the legal things and so on. Apparently, everything is ok: you cannot even see the website without giving consent to cookies:
Let’s press F12, and let’s see if everything is ok:
Uh oh… We have some _ga and _gid items: Google Analytics cookies are tracking us, and they are doing that before we gave consent to cookie creation. No good.
If you say no (and you should always have the opportunity to say no) no tracking cookies will be created (example of denied consent from my website):
What’s the lesson here? In Italy GDPR things are perceived as a legal issue, usually treated by legal people. Some of them acquired sufficient technical knowledge to manage things, some others did not: in that case you need tech people to assess tech things (and data protection is a tech thing, at least often).
And ah, yes, my website creates a cookie to store the fact you did not give consent to cookies… I should write that 😀 😀 😀