GDPR's new cookie policy: How to rig

In Norway, it has been common for a broad interpretation of the GDPR's “cookie clause”. Now it's over. Are you absolutely sure you're not breaking the law? Here are the new guidelines -- and how to best follow them.

Morten M Wikstrøm
CEO, Consulting

GDPR has for the vast majority been a heavy and nebulous matter. Companies have invested countless hours and dollars in understanding what the heck that means — and in changing their own practices. When it comes to the processing of cookies specifically, however, we have taken a shortcut here on the mountain.

The melody in Norway has been that consent is controlled by the settings in the browser, and we have settled on that. But that tune is sour, say the National Communications Authority (Nkom) and the Danish Data Inspectorate. Now they come with an unequivocal note sheet: Cookies that process personal data require actively consenting.

What does that mean to me?

Let's explain. If your website writes cookies, small cookies, to the user's browser, i.e.

  1. inform about which
  2. if they process personal data: obtain explicit consent

Please note that personal data is not only name and address, but also IP address and information about behavior patterns — if this can be linked to a specific person. And what exactly is considered a consent? Well, if you thought it kept letting the user press “I understand”, you're wrong. The consent must be in accordance with the GDPR rules, which will state, among other things, that:

  1. it must be documented
  2. A user should be able to say yes and no
  3. the website should be possible to use without cookies
  4. the user should be able to grade and adjust their consent

Help — how do I fix this?

First of all, it's good that you're taking it seriously. If you are not doing this properly, are you breaking the law, and you risk going for a juicy bang. The good news is that we at Increo have nerded a bit, and now offer a solution that fixes this for you — fast, affordable and easy.

Together with Cookie Information, we scan your pages so that you get a complete overview of all the cookies you use today. We collect everything in a cookie table, and put up a banner that is 100 percent in line with GDPR. Here, users get a complete cookie categorization — and can easily decide what they want to consent to.

The solution fits with the vast majority of publishing solutions, and you also get access to tools that ensure that you stays compliant in the time ahead. And since we're Increo after all, we make sure the banner is pretty to look at, fits your visual profile, and doesn't annoy the user.

Does this scare people away?

We understand you're asking, but the answer is no. Not only that, we believe on the contrary that builds trust. Remember: You must Obtaining consent. Then you're better off doing it in a way that's neat -- and that shows that you take user privacy seriously. And you do when you clearly and responsibly give people the keys to their own information.

It's really about respect for the user. And when you give, you get. Cookie Information figures show that when you do this properly, 99% of visitors consent.

Customers are not scared away by popups, they are scared away by bad popups. And they deserve better than that.

Do you want to be guaranteed GDPR compliant? Contact us for more information about the solution!

No items found.
No items found.

What can we help you with?

Sebastian Krohn
Sebastian Krohn
Agency Manager, Consulting
Oslo
sebastian@increo.no
/
988 00 306
Morten M Wikstrøm
Morten M Wikstrøm
CEO, Consulting
Trondheim
morten@increo.no
/
976 90 017

See also:

Keep up to date with our newsletter