State of Cookies September 2021
Last year I built a cookie check tool that implements a very simple check on whether a website is likely to be compliant with the guidance provided by the Data Protection Commission. (introduced in this blog post).
Since then over 500 sites have been added to the survey set and you can see from the trend chart above three has been some improvement in the grades as sites are improved. Some improvement, but still the majority of the sites achieve only a C grade.
Why this matters
This is a simple test and could be used as a first step to identify sites that are not compliant with the ePrivacy and data protection regulations. While a case would require further investigation a qualified pipeline of candidate sites can be identified very quickly. Such an approach might be used by Data Protection Authority or a third party (see “Online privacy watchog [sic] files more than 400 complaints related to Internet cookies").
What needs to be done
With the risk of over-simplification of the guidance, you need to review each cookie that you use and classify it as either necessary or not necessary. Necessary cookies can be placed in the browser without consent; not necessary (generally categorised in various categories) can only be placed after the visitor provides consent. Consent is defined by the GDPR which means that it cannot be defaulted, must be informed and must be revocable. For a more detailed discussion see this post.
Tools are offered by various companies to help manage the cookies on your site and can help classify cookies offered by third parties. The cookies that you invent you will need to classify.
Data Collection
The data is collected and recorded each time a valid url is submitted to the cookie check tool. The reports for each of the urls is refreshed each week to update the graphs presented on the website.
I do not use the data as the basis for cold calls to sell services.