Cookie Consent

a) Section 11 provides that personal information may only be processed if there are a lawful basis for the processing. A lawful basis includes that the data subject or a competent person where the data subject is a child consent to the processing. The standard is to use a Cookie Consent for this.

b) Why a Cookie Consent and Policy?

i. A cookie can contain personal information.

ii. If personal information (including by using cookies) is collected, the responsible party must take reasonably practicable steps to ensure that the data subject is aware of many things (section 18).

iii. Companies sometimes refer to the use of cookies in their privacy policy.

iv. Privacy Policy and a Cookie Policy are two different subjects that should be dealt with separately. The cookie policy deals specifically with the use of cookies on your site, whereas the privacy policy is a general document regarding all of the personal information processes on a website, including contact forms, mailing lists, etc.

v. Cookies are a potential privacy risk, because they are able to track, store and share user behaviour.

vi. Whereas most of the remaining Privacy Policy may be static, the cookies used on a website are dynamic and might change often.

vii. The majority of the cookies in operation on a website are usually set by third parties, i.e. have another provenance than the website itself.

viii. A cookie notification and policy are also the international standard as most websites already have cookie notices and policies. The risk of not having one may mean that visitors to your website will think that you are immature from a compliance perspective. They may also get the impression that you simply don’t take privacy seriously. This may have a serious impact on your reputation.