cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Newcomer II

GDPR and the effect on web browser cookies

What paths are organizations taking to address the information retained by Cookies in regard to GDPR:

a) Restrict Cookies to geographical locations,

b) gain consent from users (how is revocation of consent managed to ensure compliance),

c) Other?

8 Replies
Newcomer III

Re: GDPR and the effect on web browser cookies

While considering the different aspects, the ePrivacy Regulation will need to be included too. 

Newcomer I

Re: GDPR and the effect on web browser cookies

As per GDPR,  simply visiting a website is not a consent so users will have to opt-in whether they want their information to stored in cookies or no.Since it doesn't specify what needs to be done and organizations would take time to find a lawful ground for collecting this information so I think as of now they will either have to find how to get users consent (remind you that if you find consent then you will have to give them option to opt-out) or disable cookies. That is all I can think for now Smiley Happy

 

Newcomer II

Re: GDPR and the effect on web browser cookies

Great points Kojha.  To this point, we have seen MailChimp start offering a GDPR Consent form which you can have pop up at first contact to your website.  This helps on the front end.  The concern is on revocation of consent and the cookies on scattered systems and how to "clean" them up unless a very short life is given to them which negates their value greatly.

 

Any thoughts on this?

Contributor III

Re: GDPR and the effect on web browser cookies

Whilst the new ePrivacy Regulation is still in draft and doesn't come into force at the same time as GDPR, it will depend on whatever legislation was enacted in country in support of the previous directive and your supervisory authority's interpretation of that legislation.  In the UK we have PECR (Privacy and Electronic Communication Regulation) which will large continue to be enforced as is until the ePrivacy Reg is agreed in Europe.

 

The Brexit decision and the political moves around it makes matters more complex in the UK.  It looks likely that there will eventually be similar national legislation, but who is to say.  In the interim the key point is to inventory your persistent and session cookies, remove those no longer needed and update your privacy pages accordingly.  Consent can't be informed and freely given unless you do at least that.

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP M.Inst.ISP
Contributor I

Re: GDPR and the effect on web browser cookies

simply visiting a website is not a consent so users will have

> to opt-in whether they want their information to stored in

> cookies

 

That's my understanding as well..

 

But since we're having this discussion, what am I missing? 

 

Doesn't the pop up that comes up on most EU websites now that says before you continue, you should know we use cookies for x,y,z purposes, meet the requirement?

Newcomer II

Re: GDPR and the effect on web browser cookies

With the "Right to be forgotten" / revocation of consent, how does the web site owner delete those cookies they placed on anyone's systems?

Newcomer I

Re: GDPR and the effect on web browser cookies

Not sure Brian how can this be offered to Opt-Out or revocation. For cleanup I think an automated tool can help. So far I know there are still lot of cloudy shades over cookies and no one has a perfect answer of it Smiley Sad

Newcomer I

Re: GDPR and the effect on web browser cookies

Yes, I agree that they will have to choose whether they want cookies to be accepted or not. Question is, How do we empower them to opt-out when they no want their information to be stored on cookies? Can we make them accept the cookies with a time frame after that it will be automatically cleaned up? But as per GDPR, you'll have give them both the options (Opt-in and Opt-Out).