Big drama for the last few years on GDPR and Cookie policies. Especially in large scale organizations that can be taken to court for not having crystal clear privacy and cookie policies.
Don’t get me wrong, I stand by this, and it’s one step in the right direction when these regulations came into play. What I am here to talk about us the backbone concept that brought GDPR and other such policies into play with such strict rules around them.
I’ll phrase it in sentence, or three.
The problem is not about using cookies. It never was. It’s about not setting transparent policies and declarations of where and how you you use cookies.
Cookies are not the problem. What was happening though, that a lot of websites, portals (mainly Meta, Google, YouTube, and other known culprits we see in the court every year) have embedded cookies with their services (such as a YouTube video, or Google Analytics). These cookies track user activity, where they come from where they go. Then give this data to the biggest buyers in the market, to target these users based on their user journey and preferences.
All this was being done without telling this poor user, and without their consent.
The new policies are super imposed, so that when a website uses any such cookies (their own or from a third party such as Google) they must declare it to the end-poor-user which exact cookies are they using, for what purpose and how and where the collected data will be used.
This has opened a new stream of business for companies that solely provide, cookie policy generation, cookie banner generation solutions. Great. A new business model is born. And now finally, users can select which cookies can be used and which cannot.
Now question. Do you have to use these cookies banners and write cookie and privacy policy if you are a small business with barely any budget to buy chocolate croissant with coffee everyday.
The answer as always is Yes and No.
Yes when you or your users are operating from a country where these rules apply.
No, if you do not use such service(s) that track users.
How can you avoid such services? Oh there are 100s of cookies-less alternatives to each an every service.
A few of my favourites are:
Instead of Google Analytics, you can use Matomo, or Usermaven.
Instead of using Google fonts, Adobe fonts, you can self-host these fonts on your website.
Instead of YouTube embed, you can either self host the video, or use other video host services (Bunny CDN, Cloudinary, or others)
The list is long, and time is short. But you get the idea, and hopefully understand what the real problem was, it was never to NOT use the cookies. It’s about transparency