Contributed by Chiara Musco
[Editors Note – we work with Iubenda, and asked them to write this to help our users. This article contains an affiliate link at the end.]
Are you trying to build up a website or blog? If so then you must be very excited: your website will take the shape of your dreams, projects and interests.
On the way to reaching your aims, there is something that has to be considered carefully in your plan: the law. In particular – privacy and cookie laws.
When you run a website, most of the time you are offering a service where you don’t personally know your users (or readers or customers). Even if you are only at the beginning of your online journey, you can probably guess that it could be very useful to know a bit more about your site’s visitors.
You may think “Uhm, what kind of data should I collect? I’m not interested in people’s private information so this does not really concern me”.
Woah there! Collecting your users’ data does not mean that you spying on them. The concept of user data is much wider than that!
If you collect your users’ email addresses to send a newsletter. If you allow them to upload images, or if you ask them for their name and surname or their phone number to recontact them later, well: the whole Privacy law thing does concern you.
In fact, in Europe, according to the Data Protection Directive (95/46/EC) and the ePrivacy directive (2002/58/EC, as revised by 2009/136/EC), any website/app user has to be informed if a processing/collection of their personal data occurs.
The laws like this are not only in Europe either: all over the world, in many countries, there are similar legal requirements.
Which data can be designated as “Personal data”?
Here is the definition of personal data:
“Personal data means any information relating to an identified or identifiable individual; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number (e.g. social security number) or one or more factors specific to his physical, physiological, mental, economic, cultural or social identity (e.g. surname and first name, date of birth, biometrics data, fingerprints, DNA…)”.
- identity and contact details of the website owner or app developer;
- particular categories of personal data that could be processed and collected and why;
- whether data will be divulged to third parties, and who they are;
- rights of the users in terms of resignation of consent and cancellation of data.
What is a cookie? Cookies are little data files used to stock information in people’s browsers. There are cookies for different purposes: especially to identify users and remember their custom preferences, and help them when browsing from one page to another without re-entering information, but there are also cookies used for analytics purposes, or to display adverts pertinent to the user’s interests and online searches.
Cookies can be classified as “in-session cookies” (which delete when you close your browser) and “persistent cookies” (which last longer) according to their lifespan.
Cookies can also be classified by the domain to which they belong – first-party cookies and third-party cookies. First-party cookies are meant to be set by the web server of the page, as opposed to third-party cookies that are gathered to the domain of the visited page by a different domain.
You can comply with Privacy and Cookie laws in many ways, but not all of them are suitable to protect you from fines.
However, the law requires you to acknowledge your user about the exact reason why you are collecting and processing their data: any website is different, so how can you know that the text you are copying is actually fitting your needs? Also in case of non-coherent policies, you risk expensive fines.
On the other hand, another solution would be to contact (and pay!) a legal counsel: this action would be the most professional and low risk…. but also really very expensive! In addition to this, you would need to spend more and more money for every little modification you would need through the years.
There are free options out there suitable for new/small sites which generally only work up to 10,000 page views per month. After that point, you’ll likely need to switch to a paid service. While this is annoying, and yet another cost to deal with if you choose a good cookie banner provider they will keep your site legally sound with the minimum of effort and stress.
The fines for not following the rules can be massive so whatever the cost, it is very likely worth it.
As we said to start – when running a website or app, you are offering a service. If you can make your users feel like you are taking care of them, then they won’t get worried about giving you their business… and their data, too.