Navigate the jungle of cookie rules: essential tips for digital compliance

Cookies, who doesn’t love them? Well, I’m talking about tasty baked nuggets from companies like New Zealand’s Cookie Time. Their Cookie Bar in Queenstown or Cookie Time Bakery Shop in Christchurch are a must-visit for cookie fans from all over the world. But enough about these tasty cookies as I’m getting hungry. It’s time to switch to digital cookies and how to make your small business website compliance in the simplest way possible.

What are cookies? What are they used for?

Every website, yours as well, uses cookies to make it easier for visitors to use the website. Cookies help websites remember their visitors and their behaviour. For example, ever placed something in an online shopping cart, left the website without making a purchase, then returning a week later to discover that your cart with the item in it was still waiting for you in the digital shopping aisle? Cookies.

Cookies are small bits of data that websites store on the visitor’s device to remember preferences and activities like what was in a shopping cart when it was abandoned. But it is also what remembered your log-in details when you select “remember me on this device” so you don’t have to keep entering your log-in details on every visit.

Some cookies track browsing habits, which is why websites often ask for your consent to use them. Cookies are helpful for visitors but also give website owners a lot of power and thus responsibility. Therefore cookies need to be managed properly to protect people’s privacy.

How cookies track visitors and what it means for your website

To keep things as simple as possible, I’ll touch briefly on the different types of cookies that are out there. Just to give you an understanding of the differences.

• First-Party Cookies: these cookies are created and placed by the website you visit. They are handy little pieces of information that remember the visitor’s preferences and login details, which helps to improve the user’s experience on that particular website.
• Second-Party Cookies: these cookies are similar to first-party cookies but they are shared between related domains or partners. They aren’t as common and are often used for specific partnerships.
• Third-Party Cookies: these are created by other websites, for example by advertisers. They track activity across multiple sites so they can be used for targeted ads and analytics. This is what happens when you shop for a particular item, don’t buy it and leave the site but then you see ads for that particular item on social media or other sites you visit.

Importance of being compliant by asking for cookie consent

You may not care about cookies or privacy concerns yourself but lots of your website visitors do. Various countries around the world have implemented privacy and cookies rules that websites must abide by. Even if you're not located in a certain area but you target them or their citizens visit your website, you must stick to these rules.

• European Union (EU): The EU's General Data Protection Regulation (GDPR) and ePrivacy Directive require websites to obtain explicit consent from users before collecting personal data through cookies. This applies to all websites accessible to EU users, regardless of where the website is based.
• United Kingdom (UK): The UK's Data Protection Act, which implements GDPR, requires websites to obtain express consent from users before collecting their personal data.
• Brazil: The Brazilian General Data Protection Law (LGPD) requires explicit consent from visitors before a website can collect their personal data.
• South Africa: The Protection of Personal Information Act (POPIA) in South Africa requires explicit consent for the use of cookies.
• Thailand: The Personal Data Protection Act (PDPA) in Thailand mandates explicit consent for the collection of personal data through cookies.
• California, USA: The California Consumer Privacy Act (CCPA) requires websites to provide users with the option to opt-out of the sale of their personal information, which can include data collected through cookies.

These regulations help to protect users’ privacy by ensuring that individuals are informed about and consent to the collection and use of their personal data.

How to implement a cookie consent bar and cookie policy

A cookies consent bar is more than a simple banner that displays on your website. You cannot place any cookies or load items like Google Analytics or Google Tag Manager before a visitor has given permission. The cookie consent bar must hold off cookies until consent has been given.

Throughout the years of running WordPress websites, I have tried several cookie consent solutions. They all did a great job but they are often complicated or annoying to set up – long onboarding flow with lots of steps to get through.

The one solution I really liked is CookieYes, a UK based company that created a cookie consent solution perfect for small business website or personal sites, as long as they run on WordPress. Their user-friendly approach and generous free tier of 15,000 page-views/month makes it easy and cheap to use. Even if it is just a test to see if this is the best cookie consent solution for you: start free and see how you go.

And they have created various free tools to help you navigate the jungle of cookie rules and being compliant.

• Free Privacy Policy Generator: the easiest way to create a custom privacy policy for your website (no email/signup required)
• Free Cookie Policy Generator: a great way to create a custom cookie policy for your website
• Free Cookie Checker: check how many and what kind of cookies your website places. It generates a detailed cookie audit report that is easy to understand (no email required).
• Free Google Consent Mode Checker: check if the Google Consent Mode V2 is set up correctly on your website (no email required)

Why CookieYes is such an easy and affordable solution

The set up of the CookieYes cookie consent solution is easier and more flexible than many other solutions I have tried. It’s easy to do, even if you’re not tech savvy or don’t have legal knowledge. CookieYes explains everything well and the set-up wizard is relative short and easy. I think these screenshots say it all.

It is so easy to create a cookie banner that fits your brand and looks great in your website. Use your own colours or have the system extract the best colour combo from your website’s design, and tweak the colours it selected if needed. Start designing your cookie bar and see how easy it is to set up a great looking cookie consent bar that perfectly fits your brand.

Less is more… The easiest way to stay compliant

Adding a cookie consent bar and a cookie & privacy policy to your website is a must-have. Even if you’re running a New Zealand website and mainly get traffic from New Zealand or Australia. Transparency is important to run a successful business, which also goes for collecting customer data and how you use it.

But there is more you can do to protect your customers and protect yourself. The more data you collect, the more you are responsible to keep that data safe. Collect less & place fewer cookies then your life will be much more easier. And your customers will appreciate it. More and more people are focused on privacy and what companies do with the data you collect.

So review the tools you are using and the cookies they place to decide if it’s really necessary. For example, for many small or medium business, a big part Google Analytics’s features aren’t needed and most don’t even look at them. So why collect certain data and place certain cookies? Maybe there is a simpler and more privacy-friendly solution around? But I’ll save that topic for a separate blog post.

How to create a unique cookie consent bar for your website

To make your life easier and to make sure you're not wasting a lot of time on cookie stuff, keep the following in mind:

1. Always ask your website's visitors for permission before placing cookies! A cookie consent bar is a must-have.
2. A cookie consent bar doesn't have to be boring or packed with legal mumbo-jumbo. You can create something informative yet fun.

Therefore I highly recommend checking out CookieYes and get started for FREE. For a lot of small business websites or personal blogs, you won’t even need to go to a higher plan. But if you grow and you do need to switch to a paid plan, it’s good to know that CookieYes is more affordable than the majority of the cookie bar solutions out there. And it is much easier to use.

Questions or interested in more info? Feel free to place a comment below in the feedback section. Happy to answer your questions.

Any info posted here is not legal and/or regulatory advice. These are just tips from a DigiGeek that shares their experience with the CookieYes tool. If you do need legal or regulatory advice please consult a legal specialist.