What are cookies and why is obtaining consent from supporters online so important for charities?
Cookies are crucial to helping charities improve the usability of their websites. For charity supporters, they help pinpoint areas of a website they are particularly interested in, as well as make the basics of website browsing easier. Cookies can store vital details around logging in, donating, and shopping on charity’s online retail sites.
Consent is vital, with websites legally obliged to tell visitors that cookies are being used and information is being stored and analysed. Here we explain what cookies are, how they work, and why consent is so important for charities and their supporters. We also look at the latest legislation and offer best practice guidance.
Simply put, cookies are pieces of information websites and online services use that are generated when users visit them. Through web browsers information is stored then sent to the website when the user visits again.
The type of information stored includes remembering donation and log in details and tracking users’ browsing behaviour. They are vital to making websites work more efficiently for website owners and users alike.
Not all cookies are the same and the different varieties have a range of functions to enable the smooth running of the website for users. Here are the key forms of cookies:
These are cookies that expire at the end of the browsing session, often when a user closes their browser. They allow websites to detect and link user actions while they are browsing during that session. An example of this is to remember if they have put something in the cart of their online shopping site.
Persistent cookies can be stored for longer and are stored on a user’s device in between online browsing sessions. This means several different websites can remember similar actions and behaviour, which helps to target advertising and marketing. The length of time the cookie is set by website operators, but users can delete previously set persistent cookies or configure their browser to set their own time limit for use.
First-party cookies are a form of cookie set by the website the user is visiting. The URL of the site will tell a user who is setting a first-party cookie. Third-party cookies are set by other websites other than the one visited. They are used when a website involves sites, such as advertising and links and plug ins to social media platforms, such as Twitter.
Typically, the user’s IP (internet provider) address is collected and shared across a wide range of websites. This contains a lot of personal information, which requires the consent of users for a website to use.
This has been incorporated into UK data protection law and sits alongside the UK’s Data Protection Act of 2018. Consent is also required in UK law under Privacy and Electronic Communications Regulations (PECR). This specifically looks at electronic communication, around marketing telephone calls, texts and emails.
The Information Commissioners’ Office (ICO), which regulates data and privacy, says that when using cookies PECR-compliance needs to be looked at before GDPR legislation.
This is because PECR governs the storing and accessing of stored information online. Meanwhile, GDPR legislation applies to the processing of data collected through cookies outside of the user’s devices.
The ICO adds that “to process personal data, you must have a lawful basis”. Under GDPR charities must have a ‘legitimate interest’ to process cookies, such as showing it is necessary for the smooth running of a site and is not at odds with users’ rights or freedoms.
For example, there are more than 1,600 cookie consent plugins alone to choose from for charities using the Wordpress.org content management system.
These ensure consent is valid. For example, forced consent or pre-ticked checkboxes are not compliant under GDPR. Users must also give clear consent. Simply scrolling or browsing a website is not valid.
Among widely used cookie consent tools are CookieYes, which offers options on the number of consent logs depending on website traffic. Others include Complianz and cookie compliance tools and notices from Hu-mainity.co.