Do I Need A Cookie Policy?
• 24 Nov 21
Do I need a cookie policy on my website?
How times have changed! Decades ago, the word “cookie” would bring to mind a sweet confectionery laden with chocolate chips or rainbow sprinkles. Today however, the word “cookie” could bring to mind, in equal measure, a concept that is connected to data and internet browsing.
Despite the evolving definition of “cookie”, few people know what exactly a web “cookie” is. Briefly, a computer “cookie” is a packet of data that is sent from a website and stored on the user’s computer, through the user’s internet browser.
Web cookies can prove useful for both the website operator and the website user. They allow website operators to track the activities of visitors to the website, in order to facilitate web operations. They also allow for website visitors to engage in web activities with more convenience – cookies for instance allow for passwords to be stored on commonly used sites for easy access, or for visitors to keep track of the items in their online shopping cart.
Yet, the usage of “cookies” also brings up various concerns from a legal and compliance perspective. An immediate concern that may spring to mind for website visitors is whether that privacy rights will be infringed through the use of “cookies”. Likewise, website operators may be concerned that their usage of “cookies” will result in an infringement of data protection laws.
Given the risks involved, it would be prudent for companies that operate websites for business activities to have a cookie policy.
Reason 1: Obtain consent to the processing of personal data
The usage of cookies is likely to involve the collection and processing of personal data. This means that the laws and regulations surrounding the collection and processing of personal data applies to the usage of cookies.
Personal data is widely defined to encompass data that can be used to identify an individual. In this regard, there is a very wide range of data that can potentially fall within the definition of “personal data”.
Businesses often collect and process individuals’ personal data for the purposes of their operations. Yet, the data privacy enforcement climate is becoming increasingly strict amidst the emergence of high-profile data breaches.
Besides, data privacy regimes are becoming increasingly consistent as jurisdiction seek to adopt a coordinated approach towards data privacy enforcement. One concept holds true across data privacy regimes worldwide – the requirement for consent to collect and/or process personal data for specified purposes.
A cookie policy informs website visitors of the purposes of the usage of cookies, as well as how website visitors may disable cookies on their web browser.
Reason 2: Greater accountability for the data protection officer and fewer data breaches
Data privacy regimes around the world not only require companies to obtain consent from individuals with respect to their personal data, but also to take measures to maintain accountability to individuals who provide such consent (“data subjects”).
Measures that companies may be required to take to maintain accountability include acceding to data subjects’ requests on information with respect to the status of their personal data and how their personal data has been used.
A cookies policy can facilitate such accountability efforts, through various means, such as:
- Providing website visitors with the contacts details of the person whom they are to reach out to, in the event they wish to make certain requests in relation to their personal data
- Setting out the procedures for conveying data subjects’ requests
Reason 3: Is a cookie policy a legal requirement?
In certain jurisdictions, companies are required to have a standalone cookies policy. In particular, the European Union has enacted laws that require websites to post a standalone cookie policy – separate from its privacy policy.
Given the cross-border nature of commerce, it would be prudent for companies to adhere to the high watermark of standards as far as data privacy compliance is concerned, in order to ensure smooth operations across as many jurisdictions as possible.
Reason 4: Harsh consequences of failure to comply with data privacy laws
It is getting increasingly important to comply with data privacy laws and regulations around the world.
The proliferation of high-profile data breaches in recent years has resulted in a stricter data privacy enforcement climate across the globe.
A failure to comply with data privacy law and regimes could result in hefty penalties, as well as a tarnished reputation. All these could result in huge losses that could potentially cripple your business.
A cookie policy is key to ensure compliance with data privacy laws and is a quick win – simply publishing such a simple document on your website could potentially save your company huge amounts of money.
Reason 5: Source of reference for internal data privacy
While cookie policies may be public facing, they may also serve as an important point of reference for your own personnel who operate your website.
Cookie policies may serve as a reminder to your personnel on various cookie-related matters, such as to how cookies should be used.
Indeed, this is important as the weakest link in any company’s data compliance ecosystem is human error – after all, we all err from time to time and human error cannot be eliminated.
Measures can, however, be taken to reduce human error, and a cookie policy is one such measure.
WHAT’S NEXT?
When it comes to legal basics, it can seem overwhelming at first. But, it doesn’t have to be. GLS offers a host of free Startup resources to help set you on your way. You can also browse our list of over 200 Legal Templates and Tools, to choose the products your Startup needs at each critical stage of business.
We also offer a wide range of subscription based Legal Support Plans created specifically for Startups who want a 360 degree service in creating their own virtual legal dept.
*The above content does not constitute, nor is it offered as, legal advice of any kind. GLS Solutions Pte Ltd is not a law firm and any support provided pursuant to this entity is not regulated legal advice or legal opinion.