With so many types of cookies and cookie notices out there, we’re not surprised that many companies come up with half-baked cookie language.
It can be especially confusing when you want to be compliant in both the United States and the EU, meaning that you have to conform to multiple standards, most notably the GDPR.
Bearing that in mind, let’s talk about how tech marketers such as yourself should REALLY be using cookie notices.
How do cookies actually work?
Cookies have a reputation for being pesky privacy invaders, and users are typically wary of them. Cookies, though, are actually super useful for both tech marketers and end-users.
For example, cookies allow visitors to stay logged in on a site as you move around its pages. They also enable you to set display preferences that the page will “remember” every time you visit it.
In marketing, cookies watch the pages between sites, collecting information about a visitor’s interests. You can then use that information to tailor ads to your visitors—this is called behavioral advertising.
With cookies, tech marketers can curate highly personalized and richly interactive experiences with visitors.
Why do end-users distrust cookies?
Even though marketers love cookies and they can benefit end-users, individuals don’t always see it that way, and they’re protective of their personal data.
Individuals have every right to be careful with cookies, as they do pose some risk to their data security.
Among the biggest offenders are third-party cookies. Third-party cookies are cookies that AREN’T created by the website someone is browsing (those are called first-party cookies). In other words, third-party cookies have a different host domain than the cookie in the browser bar when it was downloaded.
They come from unknown sources, usually linked to on-page ads. What’s worse, you may not even know about them!
Here’s a statistic to keep you up at night—72% of all website cookies are loaded in secret by other third-party cookies. AND 18% of all website cookies are Trojan horses, aka cookies hidden inside other cookies…sometimes 8 layers deep!
What does the law say about cookie notices?
- Provide them with a way to explicitly consent to being tracked by cookies
You should also be aware of the Cookie Law, known more formally as “ePrivacy Directive 2002/58/EC.” This legislation, which actually came out before the GDPR, works alongside it. Its purpose is to regulate the use of personal data by service providers, websites and other companies (i.e. how they handle it, how they use it and why).
In the US, laws and regulations can vary a lot, so we recommend you look to the CCPA (California Consumer Privacy Act) for guidance.
While the CCPA doesn’t require that you use opt-in notices for cookies, it does say that you need to be ready to disclose what data your cookies are collecting and what you’re doing with the data. The CCPA also establishes the right to opt out of the sale of personal data that you may have collected with your cookies.
What’s the best way to use cookie notices?
According to our survey, right now, only 58% of tech companies have a cookie notice in place, but 43% are actively working on adding one. Whether you’re in the former or latter, you need to make sure that you’re using cookie notices correctly.
The most popular tactic is a simple “accept” or “decline” option, but 14% of companies take this a step further and allow users to specify the exact type of cookies they want to allow or disallow.
But what’s really the best way? Let’s break it down into, “just OK, better and best.”
Just OK—telling people they’re being tracked
Good—letting people accept/decline
Great progress! If you offer users a simple “accept” or “decline” option, as most tech companies do, you’re moving in the right direction. Also, you’re technically in compliance with the GDPR. Congrats!
Great—letting people opt into specific cookies
Though only 14% of our respondents do this, the BEST way to “do” cookie compliance is by letting people opt into specific cookies.
Examples of these cookies include but aren’t limited to: analytics cookies (domain, initial timestamp, current timestamp, last timestamp, session number, etc.), functionality cookies, chatflow cookies, advertisement cookies, and cookies from third-party systems.
Bonus tip—You also need to make sure that you have cookie banners in every language your customers may speak. For example, include a French-language banner for Canadian contacts.
How do I manage cookie settings in HubSpot?
One of the many things we enjoy about HubSpot is the fact that it offers you a myriad of ways to configure your cookie banner. You can customize it for different domains and URLS. AND you can display different cookie categories options on your site, and have users activate or deactivate each category.
Not only that, if you use HubSpot CMS for your website or have landing pages, HubSpot lets you mix and match analytics cookies, functionality cookies, necessary cookies and advertisement cookies, giving users the ability to customize their preferences. We think that's pretty neat!
Cookie laws are vast and confusing, but if you start with simple steps and the help of platforms like HubSpot, we know you’ll create effective, compliant cookie notices on your website. Huzzah!
DISCLAIMER: We’re pretty smart tech marketers, but lawyers we are not. 👩⚖️ For that reason, we’re obligated to tell you that the legal information in this blog is not intended to be taken as legal advice. You may neither rely on this document as legal advice nor as a recommendation of any legal understanding.
Interested in even more legal compliance stats and strategies? Download our free “Marketing Legal Compliance in the Real World" report to see how your compliance tactics stack up against other tech and software companies.