The end of the cookie era draws near! No, not the chocolate chip type you dunk in a glass of milk, but the type placed on your web browser that can track your online activity. Cookies are small text files sent by websites you’re visiting to the computer or device you’re using. Companies use them to ensure their site actually works as well as to determine what ads to serve users. New privacy regulations, however, are set to enforce stricter rules on the use of cookies without receiving proper prior consent.
What is the e-Privacy Regulation?
The e-Privacy Regulation is set to replace the 2002 Privacy and Electronic Communications Directive (known as the ePrivacy Directive) and has been in the works for quite some time. It was originally proposed as a sister regulation to the General Data Protection Regulation (GDPR) back in 2018. The new privacy regulation aims to protect the personal data of online communications by creating rules for traditional Electronic communication service providers and entities that were not previously covered by the ePrivacy Directive, such as WhatsApp or Facebook Messenger.
The regulation would create stricter rules around not just personal data but also metadata, meaning data describing the other original set of data collected. Most importantly, the ePrivacy Directive and the new e-Privacy Regulation aim to solve consent issues around cookies. The proposed changes to the e-Privacy Regulation would allow users to either accept or deny the usage of cookies on the browser-level and also clarify to websites that they do not need to get consent for “non-privacy intrusive cookies.” These cookies would allow website features like “shopping carts” to keep track of what a user has ordered. It would also require that organizations allow end-users to withdraw their previously-granted consent at least once per year.
How does this affect my business?
The business impact of the e-Privacy Regulation will be significant. The new changes under the e-Privacy Regulation will apply to electronic-communication networks (such as instant messaging apps, Voice over Internet Protocol (VoIP) platforms, and machine-to-machine communications); data stored in or sent from consumers through phones, tablets, and computers (including cookies, device IDs, and other identification software); and practices used to address customers over electronic-communication networks for direct-marketing purposes (such as direct mail, newsletters, emails, Text SMS, social media marketing).
All major companies use cookies—whether their own or from a third party—to improve their website and for marketing purposes. Cookies allow companies to advertise to specific shoppers and analyze visitor traffic and behavior on their websites. Under the new e-Privacy Regulation, the use of cookies will require consent except when the cookies are necessary for transmitting data, providing a requested service, or measuring a website’s audience; this essentially means that all marketing-related cookies will require consent. Consent will also be required for metadata used in digital marketing, unless it is being used for purposes related to service quality, billing, interconnection, or fraud prevention.
Integrating data privacy and compliance with Bolt
Bolt is a strong advocate for data privacy and compliance. Our products are built with Privacy by Design Principles and we provide resources and tools for our merchants to be able to meet their data privacy and compliance requirements as well, such as our recent GDPR Whitepaper and Compliance e-Book. The Bolt checkout iFrame is fully customizable and allows for consent checkboxes for marketing or newsletter purposes – ensuring that we put individual rights at the forefront of our product and partnership with merchants. Bolt is GDPR compliant and is able to provide assistance to merchants receiving data-related requests from their shoppers. It is important for companies to do an in-depth analysis and keep a repository of all the cookies that are being used on their website and the purposes of each of those cookies in order to be able to comply with the changing regulations around data privacy.
