Since its implementation in 2018, the GDPR has changed quite a bit, and this year is no exception. More changes are on the way. These changes are essential for both web designers and web developers to be aware of.
In this article, we’ll take a look at two big impacts the GDPR is having on web designers and developers.
Changes in Cookie Consent
Cookie consent underwent a huge change in May 2020, when the EU updated its guidance on GDPR. The update was done in order to clarify some points, which included two major points for cookie consent. These include:
- Cookie walls: are no longer acceptable as they don’t offer site visitors a choice. If they reject cookies, then they’re blocked from using the site. The new update stipulates that cookie walls cannot be used.
- Scrolling/swiping: when site visitors scroll/swipe through a site’s content, this cannot be accepted as implied consent. The GDPR states the consent must be explicit.
This means the EU is cracking down on cookie consent. Many are criticising this update to the GDPR, as the cookie notices are not really protecting site visitors’ privacy. As a result, the update by the EU is meant to equalise cookie consent options, as well as ensure they’re simplified to make site visitors’ lives easier.
However, the effect on website analytics has been challenging for web developers and designers. We have permission to use cookies in only specific ways.
Google & Apple Crack Down on Third-Party Tracking
Another big change is that both Apple and Google are cracking down on third-party tracking. For taking this approach, both companies are currently dealing with antitrust complaints. Both Apple and Google are looking for ways to use privacy legislation for their own advantage. Both companies are currently being hit with antitrust investigations.
However, the problem is that with the removal of third-party cookies, these large tech companies are siphoning off most of the ad revenue, while the smaller tech & ad companies lose out on advertising income.
So, what do these changes in the GDPR mean for web designers and developers? Let’s take a look at what web designers and web developers need to understand about cookies.
What Web Developers Need to Know About Cookies
As a web developer, it’s imperative to stay involved with cookie consent and tracking decisions. Then you can ensure they’re correctly implemented.
For website redesign projects, use a cookie audit tool such as Chrome Dev Tools. This can show you how tracking cookies are being used. If you’d like more detail, then use a tool such as Cookiebot or Ghostery.
Always use the standard cookie opt-in/out as directed by GDPR guidance. This may mean, in some cases, that you lose some Google Analytics data.
What Web Designers Need to Know About Cookies
You must understand the GDPR because you will design the points where cookies are placed, the data that’s collected, as well as how the data is processed.
Run a functionality audit, which allows you to map cookie activity in the data and compliance areas on your service blueprint.
Conduct a cookie audit and gap analysis. These audits will show if the existing cookie pattern is compliant or not, as well as what content is needed around it.
Always follow Privacy by Design best practices and avoid finding a design practice that works. Instead, if you’ve already created design elements that work (such as a compliant cookie banner), then continue to use this design.
Work with your teams to ensure all designs meet the GDPR and can be correctly implemented. And only request data that’s actually needed.
It may be necessary for your content team to update your privacy policy per the GDPR as the use of cookies continues to change and evolve.
The EPrivacy Regulation
As you’re aware, the GDPR is also accompanied by the ePrivacy regulation, which is legislation that’s still in process. Remember that cookie consent is regulated by the GDPR. However, the cookies are handled by the ePrivacy Directive of 2002. You may have heard this referred to as the Cookie Law. The goal of this law is also to protect customer privacy.
Currently, the EU is in the process of developing the ePrivacy regulation, which will be a much stricter version of the ePrivacy Directive of 2002. The regulation under development will cover more than cookies. It will also include all electronic communications (messaging apps, spam mail, lOT data transfer, and more).
The draft of the ePrivacy regulation has been under consideration since 2017 by the EU. It must be agreed to by both the Council of the European Union and the European Parliament. Since 2017, the European Parliament and the Council have not been able to come to an agreement on the scope or detail of this regulation.
The main problem is that some EU countries want to strengthen the current ePrivacy Directive. One consideration they want is for a site user to set acceptance and rejection of cookies directly in the browser, rather than one for each individual site they use. However, there are other countries that say this will be bad for business.
As noted earlier, the draft legislation continues to be working on with the EU trying to find an acceptable version of this law. It’s possible the law will be rejected, or it finally reach a compromise. However, if an acceptable version is reached this year, it will not become law until 2025. It takes time for the implementation of the law.
How to Deal with Cookies Right Now?
Because each EU country is currently using the ePrivacy Directive differently, if you’re currently based in an EU country, then use the advice from your national Data Protection Authority. Then keep an eye on developments with the EU privacy legislation.
As always, ensure you’re giving EU citizens the options required by the GPDR and the ePrivacy Directive. It’s also a good idea to avoid using cookie walls.
This is the best advice we can give until there’s a firm development with the ePrivacy Regulation.
