Don't wanna be here? Send us removal request.
Statistics
We looked inside some of the posts by champprivacy and here's what we found interesting.
Average Info
Notes Per Post
6
Likes Per Post
5
Reblog Per Post
1
Reply Per Post
0
Time Between Posts
12 days
Number of Posts By Type
Text
8
Photo
1
Last Seen Tumblr Blogs
Fun Fact
US Tumblr user growth rate is estimated to slow down to 4.1%.
Text
GDPR Cookie Consent Examples
10 Examples of GDPR Cookie Consent
Cookies are small text files that get downloaded on the site visitor’s device when they visit a website. It allows the website to recognize the device and store additional information, such as user preferences, location, etc.
Developers and businesses use cookies to improve and enhance the user experience. However, when your website uses cookies, you are required to declare it to the site visitors. Thereafter, you will have to gain explicit cookie consent from the user for GDPR compliance.
However, things are not that straightforward. There are several factors that determine whether your cookie consent practice is great or sketchy. Some of these factors include your cookie consent notification, the language used in it, the accessibility of the cookie policy, and so on.
In this post, we will take a look at GDPR Cookie Consent notice, different types of cookie notifications, along with GDPR Cookie Consent examples across all domains.
What is GDPR Cookie Consent Notice? Why Does it Matter?
Laws like the General Data Protection Regulation (GDPR) and ePrivacy mandate that users must explicitly grant their consent before websites can deploy or install cookies on user computers. Hence, if the user or the business is based in the EU, they must adhere to these regulations.
As such, Cookie Consent Messages emerge as banners, pop-ups, and notifications on a website offering the user the option to consent, deny, or change the preferences of the use of cookies.
The key highlights of cookie consent as per GDPR guidelines include:
Cookie Consent Message must be clearly visible and must display when the user first visits the website.
The consent collection must be through an explicit opt-in action with dedicated buttons to accept, reject, or modify cookie settings.
It should include a link to the website’s cookie policy.
All the non-exempt cookies and scripts must be blocked from running until the user consents.
Different Types of Cookie Notifications
There are several ways in which you can display your cookie consent message. Some of the common ones are listed as follows:
Cookie Banner: These alerts are located as headers and footers and are fixed in their position. Its inconspicuous location ensures that it does not eclipse any content and is yet prominently located.
Cookie Consent Pop-Up: These messages emerge as pop-up notifications that may be located bang in the middle of the website or as a corner box on either side. Users can interact with the box to access the website content.
Implied Consent: In implied consent, websites assume that the user has agreed to the terms and usage of cookies if they continue to interact with the website. While it is not one of the best practices, considering that the user does not offer explicit consent, adding a link to explore cookie policy and modify settings could ensure GDPR Cookie Compliance.
10 GDPR Cookie Consent Examples
Following are 10 Cookie consent examples from various live websites:
1.
BT
British communication giant, BT, checks all the boxes and follows the best cookie consent practices, making it first on our list of GDPR cookie consent examples. Visitors receive a Cookie Consent Popup notifying them about BT’s Cookie Policy. Users can choose to accept the cookies as is or modify them through the “Edit Cookies” button.
It allows you to navigate panel-by-panel the different types of cookies that the website collects and their purpose.
Thus, you can accept or reject the cookies individually, depending on your preferences. Alternatively, you can select the “Allow all cookies.”
Additionally, after you have set the cookies, you can change these cookie settings using the dedicated cookies button at the bottom of every webpage.
As such, BT sets a great example of implementing GDPR Cookie Consent and GDPR Cookie Compliance.
2.
The Guardian
The Guardian displays a highly detailed banner at the footer that educates the user on the website’s cookie policy and usage. After going through the briefing, the users can grant explicit cookie consent with the “Yes, I’m happy” button or modify the settings through the “Manage my cookies” button.
3.
Puma
Puma has a floating banner at the footer. Users can check out the additional information through the “Cookie Settings” or directly agree to the preferences preset by the site with the “Accept all cookies” button.
4.
Kitchn
The culinary website keeps it simple with a plain footer declaring the change in the cookie policy as per GDPR guidelines. A single-click “Accept” button offers a blanket consent for the cookies. Alternatively, the “Learn more” link redirects to the GDPR Cookie policy page that contains all the necessary information.
5.
Financial Times
The Financial Times has the cookie consent message positioned as a corner box. Users can accept and continue browsing, or they can manually manage their cookies. Rather than following the obsolete practice of the persistent cookie wall, FT pushes for the subscription plans.
6.
H&M
The retail website has a persistent cookie consent corner box that displays on all pages. Clicking on the link in the cookie consent message redirects the user to the complete privacy notice issued by the company.
7.
British Airways
British Airways uses implied consent, declaring that the use of the website indicates the user’s consent for storing cookies. However, it maintains transparency by sharing the T&Cs, Use of Cookies, and Privacy Policy.
8.
Glamour Magazine
Glamour Magazine starts off with the standard cookie consent message. On clicking on the “Show Purpose” option, Cookie Consent Manager offers a buffet of cookies and their usage to users that they can toggle on or off to accept or decline their preferences.
9.
Harper’s Bazaar
Harper’s Magazine has a brief message of the cookie policy and a link to all the IAB vendors that gain access to these cookies. Users can accept them all in one go with the “Accept” button or individually select their choices through the “Learn More.”
10.
Nescafe
Visitors receive a Cookie Consent Popup on visiting the Nescafe website. The message links to the company’s privacy notice and GDPR cookie policy. Users can change and set their preferences through the link in the message or directly decline or accept the cookies with the buttons presented below.
Summary
Whether you use Shopify or WordPress, cookie consent forms a crucial part of any website, regardless of its purpose. Most websites that have a well-defined cookie consent flow make use of a Cookie Consent Manager to facilitate it. Cookie consent reinforces privacy and ensures compliance with regulations like GDPR.Here is a link for a free cookie consent solution.
Now that we have seen different examples, In this Article you can read about how to implement cookie consent on your website in 5 simple steps.
0 notes
Text
10 Steps to Implement Privacy By Design in your Organization.
We are living in truly exciting times, indeed, where simple 1s and 0s can chalk out and reconstruct an individual’s entire online presence. You can use them for mapping out their demographic detail, location, preferences, etc., to capture their virtual image. However, in the wrong hands, this power can leave one sprawling through the back alleys of illicit activities.
For this very reason, user and data privacy is progressively gaining importance day by day.
In this post, we will take a look at Privacy by Design, especially in the General Data Protection Regulation ( GDPR) context, and how to make it an integral part of any organization.
But First, What Exactly is Privacy by Design?
Concerns regarding data privacy are not new. The concept of prioritizing user privacy over any other process for systems and technologies was discussed extensively in the 1970s before being formally adopted in the 1990s. Doctor Ann Cavoukian proposed the idea of Privacy by Design (or PbD), which stipulates the following seven foundational principles:
Proactive not reactive; preventative not remedial.
Privacy as the default setting.
Privacy embedded in the design.
Full Functionality — Positive-Sum, not Zero-Sum.
End-to-End security — full lifecycle protection.
Visibility and transparency — keep it open.
Respect for user privacy — keep it user-centric.
Privacy By Design introduces a cultural change where privacy reigns supreme. Accordingly, several countries are formalizing legislature to ensure greater compliance. The GDPR, introduced in 2018, is one such law that has PbD written into it (Article 25).
10 Actionable Ways to Integrate Privacy by Design Within Your Organisation
Here are some ways to incorporate Privacy By Design in your organization’s framework:
1. Announce Clear Privacy and Data Sharing Policies
Typically, websites can collect user information in two ways — automated and volunteered personal data collection. In the case of the former, the user willingly enters their information in your website forms. On the other hand, the latter occupies a greater share of data and uses cookies, tracking scripts, web beacons, etc. to identify and record your personal data.
As a result, your website should explicitly state the nature and purpose of personal information that it will collect through pop-up notifications, banner displays, etc. Moreover, the visitor must have the option to opt-out from sharing such details.
2. Avoid Pre-Ticking Checkboxes
Checkboxes are one of the best ways to acquire explicit consent from your visitors for accessing and using their personal information. However, pre-ticking these checkboxes steal away from the choice a user may exercise. Hence, these boxes must always stay unchecked by default. In case the process cannot progress without their consent, a better practice would be displaying a prompt nudging them to tick the checkbox.
3. Incorporate Just-in-Time Notices
Privacy By Design principle #6 focuses on the visibility and transparency of your website components. Hence, you can use just-in-time notices to abide by this rule. Just-in-time notices instantly display short yet loaded snippets of details as the user enters their information in the form. It grants you the opportunity to share why you need the data and how you plan on using it.
4. Minimise Data Collection
This strategy relies on the foundation of Privacy By Design and GDPR — collect and process the least amount of user data to minimize liability and possible impact on privacy in case of breaches. Data minimization can take place in two ways — by limiting the volume of collected data or reducing the population size from organizations source data. Thus, you could choose to select/exclude a section of users or collect only the critical data.
5. Honour Confidentiality
To support your organization’s endeavour to be Privacy By Design compliant, you must focus on protecting confidentiality by restricting data observability. You can achieve it by limiting data access or sharing personal information only on a need to know basis. Additionally, you must also encrypt the data to prevent unauthorized access to data during transfer or in storage.
6. Separate and Sort Data
Data separation and mixing are two of the smartest data protection techniques. You can use them as a buffer to minimize the risk resulting from a data breach. The former isolates data and stores it across the database to unlink it, while the latter groups together varied data types and subjects to remove any correlation. In either case, the independent data bits or consolidated chunks will obfuscate the intruder and prevent them from extracting useful information from it.
To automate the creation of Data Mapping Sign Up here.
7. Educate and Empower
Educating and empowering your users and maintaining transparency can be one of the best practices of data collection and usage. Make it a habit for your website to inform visitors on the kind of data being collected, the purpose of this data, and to what extent it may be shared with third parties. Such a measure also ensures compliance with Articles 13 and 14 of GDPR.
8. Offer Control
In an age where businesses are proactive about privacy and customer-centricity, merely informing the visitor on their data rights is not enough. You must also offer them granular control over the data that they wish to share or curtail. Granting them the power to exercise consent, withdraw consent, update or retract information, and make choices will go hand-in-hand with the strategy to educate and empower.
9. Enforce Compliance
To ensure regulatory compliance, organizations must have a well-defined, thoroughly documented privacy framework that is practically applicable. A privacy-centered work culture must motivate the management and all employees to actively participate in the creation, maintenance, and upholding of privacy.
10. Demonstrate Respect for Privacy
Finally, there needs to be a mechanism to review the data and ascribe roles and responsibilities and fix accountability for how data is sourced and maintained. These authorities will record, audit, and report on the personal data processing systems and carry out a periodic evaluation for risk aversion and mitigation. In this manner, businesses can follow a well-documented process of Privacy by Design from scratch right up to the highest level.
Final Thoughts
According to a CISCO Consumer Privacy Survey (2019), 84% of the participants admitted to caring deeply about their data and want more control over how it is being used. Nearly half of these respondents also indicated that they would be willing to switch brands for more robust data protection and privacy policies. These statistics support the notion that privacy is not an after-thought. In fact, it must be the core motivator for introducing policy changes.
So, where does your organization stand in this aspect?
1 note
·
View note
Text
GDPR Compliant Cookie Solution - What it means?
Cookie Law as passed in 2009 got a new enforcement life after GDPR. Court of Justice of the European Union in the Planet49 case ruled that storing cookies required active consent(GDPR standard). Following the judgment Data Protection of Authorities of Ireland, Germany, Spain, and others have started enforcement actions against websites that do not have a GDPR compliant cookie consent banner on their website.
5 steps to create a GDPR compliant cookie consent solution for your website
Give users a notice using a banner or pop-up with clear and comprehensive information on the use & purposes of cookies. Ensure you add a link to your cookie policy or privacy policy in the notice
Set the cookies only when the user has given consent for cookies
Give users an option to Accept and Reject cookies
Create a second layer where users can give consent to each purpose of cookies separately
Create a permanent link or button for users to withdraw cookie consent. This should be placed on your home page or privacy policy page.
On implementing the above steps, your website should have the following flow for cookie consent:
GDPR Compliant Cookie Consent Banner
Table of Contents
What’s cookie consent
Cookie Consent Banner Design
GDPR Cookie Consent Examples
Cookie Consent Script
Cookie Consent for Google Tag Manager
Cookie Consent for Website Builders
Conclusion
What’s cookie consent
Cookie Consent is the process by which websites take user’s consent to set cookies. It started with Europe’s ePrivacy directive or the cookie law. With ePrivacy, it was mandatory for websites to take consent from users before storing or accessing cookies from user’s devices. However, websites termed consent as showing cookie banners with just an Ok button or implying consent by use of the website. GDPR clearly defines what constitutes as a legal consent and hence now cookie consent has to include an option to deny alongside accept and a method to give consent based on purposes or use of cookies like Targeting, Analytics amongst others.
When is cookie consent needed?
Cookie consent is needed:
If you offer your product or service to EU customers, including a free product or service. For example, media websites like Techcrunch are free services for EU customers
If you are targeting EU customers, this is indicated if you have an EU domain like .eu, .de or you offer local currencies, local language on your website or you are advertising to EU users like an American university advertising for its courses in EU
What happens if you don’t comply with cookie consent?
Users can file a complaint against your company with the Data Protection Authority of your country and this could lead to fines under GDPR. Recently, the Data Protection Authority of Ireland, Germany have started a sweep of websites to check if they comply with cookie consent and will be sending notices soon. Here are some actions are taken for not complying with cookie consent:
Planet 49: CJEU Rules on Cookie Consent
Oracle & Salesforce hit with class action GDPR lawsuit
IKEA was fined 10,000 Euros for cookie consent violations
Vueling Airlines was fined 30,000 Euros for not allowing users to give granular consent
Cookie Consent Banner Design:
A cookie consent banner has the following requirements to make it legal:
Cookie Consent Text: This is also termed as Cookie Consent Notice and is used to inform in a simple, clear language that you use cookies on your website.
Cookie Policy: This is a detailed version of your cookie consent notice explaining why you use cookies, a list of cookies with purposes and a method for users to withdraw consent for cookies
Accept & Deny Buttons: These are options for your users to either accept or deny the cookies. You should ensure that you don’t use dark design patterns to give more weight to Accept over Deny. For you cookie consent to be valid in EU, you have to ensure that for users ease of accepting and denying cookies is same.
Cookie Preferences: This should open up a preference center where users can give granular consent for each purpose. ePrivacy allows websites to set Strictly Essential Cookies without consent so that can always be on, for other purposes like Targeting, Analytics you should allow users to switch them on or off.
Is your website cookie compliant?
Scan your website for cookies and generate a compliance report
GDPR Cookie Consent Examples
Cookie Consent is the first interaction that users will have on your website, you should ensure that it is styled according to your website. Smashing Magazines list some ways to create user-friendly cookie consent banners. Some examples we liked and you can take inspiration from:
Techcrunch does a good job with the cookie consent notice. They explain to the users that they are using cookies, explains the use of the cookies, and also links to both privacy and cookie policy. However, they don’t have an option to Reject cookies and thus not a great experience for users who want to reject the use of cookies.
GDPR Cookie Consent Example: Techcrunch
AirBnB gives a preference center for users to give consent on each purpose separately. Here they have clearly defined Performance as one of the purpose explaining the use of cookies. Also, they allow users to switch off cookies for this purpose completely or switch off each cookie individually. In our opinion, consent for each cookie is overkill for users and you should be good with just giving a purpose level option to users.
GDPR Cookie Consent Example: AirBnB
Asos’s cookie banner is well styled but does not give option to users to reject or change cookie settings. This is something we would not recommend.
GDPR Cookie Consent Example: Asos
Webflow gives a nice banner at the bottom but does not give option to the user to accept or reject cookies. You can change your preferences, it would have been much better if we had the buttons on the banner itself.
GDPR Cookie Consent Example: Webflow
Cookie Consent Script
Cookie consent script blocks and unblocks cookies based on the user’s consent. It ensures websites comply with the ePrivacy Directive and GDPR. There are two ways in which the script can function:
Manually block cookies:
Change the class of each script that is setting a script from </type = javascript to </type=text & class = website-category>
The class value will allow you to handle granular cookie consent
Once the user gives you consent, change these scripts to type = javascript and execute them
One of the problems with the manual method is it takes a lot of time and you can miss some scripts which will make your website non-compliant.
Automatically block cookies:
Scans the website for cookies and allows you to categorize them into different categories
Automatically blocks the scripts and unblocks them once the user gives cookie consent
Sign-up to Privado and automatically block cookies with our cookie consent script.
Cookie Consent for Google Tag Manager
Your cookie consent solution should also ensure cookies set via tags from Google Tag Manager are blocked until the user gives consent. Here is how you can you use our cookie consent solution to do that:
Download the container from our dashboard
Import the container to your GTM, it will add the triggers to block and allow tags in your GTM account. Some examples are Allow Analytics, Block Analytics
You can either use the Allow triggers to fire these tags or use the Block triggers and add as an exception for your tags
Go to preview and your tags should only be fired once the user gives consent
Cookie Consent for Website Builders
We offer integration with the following third-party website builder tools to seamlessly display a cookie consent banner:
Conclusion
Cookie Consent seems simple on the outside but involves you to set the right cookie banner, blocking cookies, tags, pixels with the help of a script, and allowing users to change cookie consent from your home page or cookie policy. This guide will help you with setting all these elements for your website.
You can also use this free cookie consent tool and make your website compliant with privacy laws across the world including GDPR.
Originally published at https://www.privado.ai on October 6, 2020.
3 notes
·
View notes
Text
Spartoo, a multi-national e-commerce company fined €250,000 for GDPR violation
CNIL's GDPR fine of €250,000 has a wealth of information for privacy professionals. We have unpacked some insights in our latest blog post
📞 Recording all phone calls for the purpose of 'Training' was excessive and violated Data Minimization
🗄️ 5 year retention period for inactive accounts was considered excessive for the purpose of prospecting and a violation of Storage Limitation
🗺️ Absence of transfer information to Madagascar violated Article 13
🛡️ Collecting bank information over unencrypted emails violated Article 32(Technical & Organizational Measures)
https://www.privado.ai/post/spartoo-gdpr-fine-250k-euros-cnil
0 notes
Text
What is GDPR?
What is GDPR and does it apply to your organization?
Here is a good read in a simple language on 7 principles of GDPR and your rights as individuals under GDPR.
https://www.privado.ai/post/what-is-gdpr
#gdprcompliance #gdpr #gdprcompliant #ccpa #pdpb #dataprotection #dataprotectionofficer #dataprivacy #whatisgdpr
0 notes
Text
GDPR defines six grounds for a processing activity to be lawful. Read this article to understand
"What is the lawfulness criteria in GDPR?"
https://www.privado.ai/post/lawfulness-criteria-in-gdpr
0 notes
Text
What is the Cookie Law?
A lot of websites take permission to drop cookies, Ever wondered what are those cookies?
Cookie Law was prevalent
way before GDPR came into existence.
Here is a good read on what is cookie law and What changed after GDPR
https://www.privado.ai/post/what-is-cookie-law
0 notes
Text
How do i make my website GDPR compliant?
Your website is the face of your company and would be the first place of user engagement. It’s also a place where a lot of data is collected and hence important for GDPR compliance.
- Identify data collection points: The first step is to identify what data you collect on your websites and collection points of the data. Then we can apply GDPR requirements around them.
Cookies, Tags, and Trackers: Identify if you use cookies, tags, or other technologies for analytics, personalization, or advertising on other websites. Common examples would be Google Analytics, Double Click to create an audience, etc.
Forms: Usually used by Marketing teams to collect personal information from users to send them newsletters, marketing materials. It’s important to identify all these forms along with what information you are collecting from each form.
Sign-Up Pages: Another place where you would collect personal information to generate an account on your system.
Implement Notice & Consent on collection points: Once you have identified all collection points you will have to give users notice on data collected, purposes of processing and allow them to consent to each purpose separately.
Cookies: Implement a cookie banner giving information on the use of cookies for different purposes and give users an option to Accept or Reject cookies. You should also implement a second layer where users can give granular consent for each purpose separately.
If you wish to scan your website for cookies and get a cookie solution for free.
Here is the link privado.ai
Forms: Implement a checkbox for each purpose that you want to use this information for and give notice along with the checkbox with a link to a detailed Privacy Policy.
Sign-Up pages: Implement a notice and link to the privacy policy. If you intend to use email addresses for sending marketing emails take consent here.
Update your Privacy Policy: You will link your privacy policy in all your notices for detailed information and you should ensure it’s updated all the time.
Include GDPR notice requirements: For your privacy policy to be compliant you need to include details on data you collect, purposes of data processing, the legal basis for processing, contact details of organization, rights of the user, etc. We have covered the GDPR requirements of privacy notice in detail here.
Layered Approach: It will be easier if you can use a layered approach and link the right section to your privacy policy while giving a notice. For example, referring to the cookie policy on the cookie banner will make it easier for users to make a choice rather than reading the entire policy.
Maintaining versions: The burden of proof for GDPR compliance rests on you hence it makes sense to save versions of the privacy policy. It will help you as proof if there is a conflict in the future.
Automate Consent: You need to ensure that a user’s choice of consent is honored, it’s best to automate this to avoid any human errors.
For cookies and tracking technology there are multiple CMPs who can automate that for you.
For consent collected from forms, you have to ensure that the same is populated in all your internal systems like Salesforce, Hubspot, Mailchimp, etc. You should also train your team to ensure they do not send communications or contact users who have not given consent.
Allow consent withdrawal: For consent to be valid, withdrawal of consent should be as easy as giving consent. This means if you collect consent by one click, withdrawal of the same should not involve a lengthier process. One of the ways to simplify consent withdrawal is to build a Preference Center for users and include it in all communications and on your website. This will ensure GDPR compliance and build trust with your users.
Implement Security: Security is one of the key principles of GDPR. You should ensure that the data users enter on your website is secured. There are a lot of good resources on the internet on securing your website. We really liked this article by Webfx.
Monitor for non-compliance: Your website will evolve with time and you will use new tools, launch new campaigns. It’s important for you to review your website again whenever you are making new big changes. You can also use our website scanning tool for monitoring your website and get alerts in case your website becomes non-compliant.
2 notes
·
View notes