An Overview of Cookies and their Usage
Overview of the GDPR
GDPR or General Data Protection Regulation is a European legislation, applicable to all member nations of the EU and all websites that receive visitors from the European Union. The regulation aims to control how personal data is accessed, handled and used by websites. This is widely deemed to be the most important piece of legislation pertaining to data protection in the last two decades. The basic principle of the legislation is the empowerment of people or internet users to determine how their personal data will be accessed, tracked and used by websites and people operating the sites. Data protection, privacy and security are the fundamentals that this regulation tries to secure.
GDPR wants complete transparency between webmasters or their websites and internet users or citizens of the European Union. The regulation requires organisations and individuals operating websites to seek explicit content from the users to express their approval of cookies tracking their activity and their personal data being stored and used for different purposes. The General Data Protection Regulation clearly mentions that name, email address, contact information, internet protocol, banking details and any such data that can be used to identify an individual, in the real or virtual world, should be accessed, stored or utilised in any way only if the person is aware of such activity and agrees to have their data be dealt with by the webmaster or website owner.
GDPR has a comprehensive list of what it classifies as common personal data and sensitive personal data. Common personal data includes name, phone, address, email, age, gender, employment status, job or position, credit information, purchase history, other customer information and internet protocol address. Sensitive personal data includes ethnicity, race, genetic data, biometrics, religion, political view or ideology, association with trade union or other organisations, sexual orientation, relationships and health information including medical history.
Cookies Compliance as per GDPR
GDPR and its provisions are not limited to the correspondence between a website and the visitor. Beyond the disclosure and consent or otherwise, webmasters should adhere to the guidelines of the regulation in regards to storing the data, using it in myriad ways and sharing it or disseminating it with other parties. There should not be any compromise on data security or privacy of individuals. Visitors to a website should also be provided the right to delete all their data, should they request so. Any individual has the right to have all their data deleted at any stage they wish. Websites should immediately comply.
Websites should also have an illustrated webpage to describe all cookies. If a visitor wants to check out this webpage and learn about different cookies, then this should be facilitated and the user has the right to check or uncheck all unnecessary cookies. There are some cookies that are necessary for the functioning of the website and these do not access or track sensitive personal data. The consent obtained from a visitor should be sought again in twelve months. The GDPR and ePR require websites to get the initial consent renewed after disclosing changes to the cookies policy, if any.