Ever since Cookie Law directive was introduced in EU countries there have been questions.
People complained that the directive is lax and open for interpretations. But the fact that EU countries could implement it differently added to the confusion even more.
With the implementation of EU’s GDPR regulation the confusion increased even more.
Even the basic concepts are no longer simple. Just to name a few:
- What are cookies and what they really do?
- What do cookies have to do with data processing?
- Do I have to show cookie banner if I have a site outside EU?
- What is personally indetifiable information (PII)?
- Do I still have to ask for cookie consent it I don’t collect PII?
- Who can process data and what they should do in order to be able to do it?
- and so on and so on
The fact that GDPR regulations are lax and always change only add to this confusion. And to the point that different companies, institutions and even countries interpret it differently!
In France for example using analytics and web optimisation software without asking for visitors consent is allowed on certain conditions. On the contrary, in Germany it is not only strictly prohibited without consent, but…
Websites must explicitly list Google as the recipient of the personal data. Websites must clearly inform users that their personal data is not anonymized, will be transmitted to Google, processed and stored by Google, that US state authorities have access to this personal data, and that Google uses this personal data for any of its own purposes (such as profiling and cross-platform tracking).source
What a website owner can do about it?
The best way to make sure that your website complies with Cookie Law and GDPR in all EU countries is to take preventive action and apply the strictest policies.
For example, even if you can start using analytics software without consent in France, you should’t make an exception for it.
Instead you should always enable tracking after consent – which is the strictest of policies but will be always valid in all European countries.
This has a few important benefits:
- your analytics data will always be comparable between countries
- your data will be much easier to analyse
- you will not have to employ much resources into staying up-to-date with regional differences
Of course this also relates to other solutions that require cookies such as advertising platforms, A/B testing tools, screen recorders etc.