GDPR Cookie Policy on websites update

  In April 2020, following a survey carried out by the Data Protection Commission (DPC), a report was published into the usage of cookies and tracking technologies on Irish websites and mobile apps.

Do you need to do anything, YES YOU DO

Any website, has until 5 October 2020 to comply with new laws governing cookies and tracking technologies. Regulation 5 of the ePrivacy Regulations and GDPR are the relevant pieces of legislation that govern the new laws on cookies and tracking technologies.   you can read full report here In order to comply fully with the legislation, you will need an advanced cookie policy generator for your website, one that can scan your website and identify the cookies and technologies that your website uses. We use one such cookie policy generator on our website, see sample below. Very Important Changes Concerning the GDPR Amendments affecting Websites

You have 3 options when installing automatic cookie policies on your website that comply with the new laws:

Contact us today for pricing and to find out what you require

Please find below GDPR cookie compliance checklist to help you and please also refer to the Guidance document on Cookies.

GDPR Cookie Compliance Checklist

  1. Ensure to have a cookie banner on your website
  2. Ensure the cookie banner gives the browser the options to accept and reject cookies or select preferences. If the browser is only given the option to accept, this type of consent is not GDPR compliant.
  3. Ensure to have a cookie policy on your website.
  4. Ensure your cookie policy is easy to find and easy to understand.
  5. Ensure you have a data privacy notice displayed on your website and it is easy to find and understand.
  6. Obtain a list of all the cookies that are operating on the website and the function they carry out. You will also need this for your cookie policy.
  7. Ensure the list of cookies is grouped into necessary and non-necessary cookies that are operating on your website.
  8. Obtain user consent before non-necessary cookies are set on the browser’s computer device. Do not use pre-ticked boxes. Communication and necessary cookies do not require consent. The list created from No. 7 above will assist you here.
  9. Make it possible for website users to change their cookie settings easily and provide comprehensive information about the cookies operating on your website.
  10. Only use the cookies for the purposes that have been outlined in your cookie banner/consent. Do not use them for any other purpose. It is all about transparency.
  11. If your website requires user consent for cookies, ensure that there is a record of cookie consents. The Data Protection Commission will ask for proof of consents if your website is audited.
  12. Ensure your website is compliant on or before the 5 of October 2020. From the 6 of October 2020 the Data Protection Commission will commence the auditing of websites.

Again, the cookie policy generator that we can set up and install for you will do all of the above Contact us for details

 

 

Google Analytics Data Retention and the General Data Protection Regulation (GDPR)

Over the past year Google has shared how they are preparing to meet the requirements of the GDPR, the new data protection law coming into force on May 25, 2018. Today they are sharing more about important product changes that may impact your Google Analytics data, and other updates in preparation for the GDPR. This is important and requires action even if you are not based in the European Economic Area (EEA).

Product Updates

Today Google introduced granular data retention controls that allow users to manage how long their user and event data is held on googles servers. Starting May 25, 2018, user and event data will be retained according to these settings; Google Analytics will automatically delete user and event data that is older than the retention period you select. Note that these settings will not affect reports based on aggregated data.

Action: Users of Anlaytics should review these data retention settings and modify as needed.

Before May 25, Google will also introduce a new user deletion tool that allows you to manage the deletion of all data associated with an individual user (e.g. site visitor) from  Google Analytics and/or Analytics 360 properties. This new automated tool will work based on any of the common identifiers sent to Analytics Client ID (i.e. standard Google Analytics first party cookie), User ID (if enabled), or App Instance ID (if using Google Analytics for Firebase). Details will be available on our Googles Developers site shortly.

Google say they remain committed to providing ways to safeguard your data. Google Analytics and Analytics 360 will continue to offer a number of other features and policies around data collection, use, and retention to assist you in safeguarding your data. For example, features for customizable cookie settings, privacy controls, data sharing settings, data deletion on account termination, and IP anonymization may prove useful as you evaluate the impact of the GDPR for your company’s unique situation and Analytics implementation.

Contract And User Consent Related Updates

Contract changes

Google has been rolling out updates to their contractual terms for many products since last August, reflecting Google’s status as either data processor or data controller under the new law (see full classification of our Ads products). The new GDPR terms will supplement customers current contract with Google and will come into force on May 25, 2018.
In both Google Analytics and Analytics 360, Google operates as a processor of personal data that is handled in the service.

  • For Google Analytics clients based outside the EEA and all Analytics 360 customers, updated data processing terms are available for their review/acceptance in their accounts (Admin ➝ Account Settings).
  • For Google Analytics clients based in the EEA, updated data processing terms have already been included in their terms.
  • If you don’t contract with Google for your use of our measurement products, you should seek advice from the parties with whom you contract.

Updated EU User Consent Policy

Per Googles advertising features policy, both Google Analytics and Analytics 360 customers using advertising features must comply with Google’s EU User Consent Policy. Google’s EU User Consent Policy is being updated to reflect new legal requirements of the GDPR. It sets out your responsibilities for making disclosures to, and obtaining consent from, end users of your sites and apps in the EEA.

Action: Even if you are not based in the EEA, please consider together with your legal department or advisors, whether your business will be in scope of the GDPR when using Google Analytics and Analytics 360 and review/accept the updated data processing terms as well as define your path for compliance with the EU User Consent Policy.

Find Out More

You can refer to privacy.google.com/businesses to learn more about Google’s data privacy policies and approach, as well as view their data processing terms.

Google say they will continue to share further information on their plans in the coming weeks and will update relevant developer and help center documentation where necessary.