Website Cookie Banner advice please

[method111]

Hi all,

I was wondering if anyone could help with some advice regarding cookie notification banners, cookie policy and privacy policy documents in the UK please?

Currently I've just started creating a small website using Adobe Portfolio.


Having looked online I've noticed there are a lot of subscription based websites offering to help (with conflicting information regarding what’s needed exactly), but I would prefer to keep things simple without the additional cost as it's only a 2 page portfolio to showcase illustration and animation work. (Plus there is no option I can see to add additional script to the Adobe Portfolio, in order to add a custom Cookie Banner.)


(Apologies I do have pictures to show, but I cannot add links until after I've posted 30 posts on these forums). So far I've turned on the "cookie banner" in settings and I've added the text at the bottom of the website page to say -

"This website uses cookies so that we may better serve you." Accept


Then I'm assuming I'd also need a cookie policy document and a privacy policy document?

The website itself is extremely bare-bones with just some pictures of illustration work and one compilation video of animation work - nothing else. I've deleted the contact form in case it complicated things (so might add a link/email address instead) and I haven't added Google analytics as again didn't want to complicate anything in relation to getting the documentation correct.

If anyone can advise as to what is needed in this case (or examples), would would really appreciate any help given.

Many thanks in advance.

 

[gpietersz]

The easiest thing is to not use cookies, and not record any personal information. If you are not using Google analytics or similar is your site actually setting any cookies? Happy to tell you how to check or have a quick look. The easiest thing is to check whether your site sets any cookies in your own browser (assuming you are not blocking cookies in your browser).

Most web servers record IP addresses by default and these have been held to be personal data under the GDPR. On the other hand, its unlikely to be pursued by the ICO. Its probably good practice to flush old web server logs, and your web houst should be doing that. I tmight be safe to add a privacy policy page saying you are not collecting any information (bar IP addresses if they are logged).

 

[DontAsk]

Just don't use any cookies that are not essential to the functioning of the website and you do not need to get the users permission. E.g. session cookies, cookies to remember what's in a shopping cart, etc, ..., do not need explicit permission.

You should state that these are used in your cookie policy.

 

[gpietersz]

@DontAsk it sounds like a content site so no cookies are essential. Am I correct @method111

 

[fisicx]

What cookies are Adobe setting in the site?

 

[gpietersz]

Ignore my comments above re servers, with a service like this you do not have access to the logs.

It looks as though by default they do not seem to set any cookies. You have disabled GA, so you are probably not setting any. Double check though! You should probably have a privacy policy stating you do not collect any personal information, but Adobe may, and link to their privacy policy.

 

[method111]

Hi all,

Thank you for all the replies and my apologies for the delay in posting. In reply to @gpieterz yes that's correct it's only a content site, nothing is actually being sold on the site itself. Rather it's just advertising animation and illustration services, upcoming projects and previous portfolio work.

I've since used a couple of cookie checkers and have posted the results below in case it helps.

However just to check I need to have a cookie policy stating that the cookies below are being used?

Plus a privacy policy stating that "my website doesn't collect any information as such - however Adobe might be" and then a link to Adobe's privacy policy?

Can I ask does all the policy documentation have to be spot on? In that if I make an mistake or error somewhere along the line as to what cookies are being used or there is an error in the privacy policy is there some elbow room? As I have no previous experience of drafting documents of this type, other than going by other examples that I've come across online. To be honest just trying to get the website correct and looking okay is enough of a challenge without the documentation to do also.

Thank you again to everyone for your time and help, really appreciate it.



Cookie Yes - Found 2 Cookies

1. JSESSIONID .nr-data.net Used by sites written in JSP. General purpose platform cookies that are used to maintain users' state across page requests.

2. hdntl adobeprod-a.akamaihd.net No description available.




Cookie Bot - Found 3 Cookies and reports the website is compliant apparently with EU regulations.


1. hdntl akamaihd.net HTTP Session
Cookie purpose description: Used to optimize the loading speed on the website.

2. JSESSIONID nr-data.net HTTP Session

Cookie purpose description: Preserves users states across page requests.
Initiator: Script tag
Data is sent to: United States (not adequate)

3. p.gif typekit.net Pixel Session

Cookie purpose description: Keeps track of special fonts used on the website for internal analysis. The cookie does not register any visitor data.



Upon checking my browser it says - 2 Cookies.

1. cookie_consent

&

2. JSESSIONID

 

[fisicx]

If you really want to showcase your work don't use Adobe Portfolio. It's a not very good way to display your work. There are much better ways to do this (for free).

Take a look at this: https://wordpress.com/

Lots of free portfolio themes to choose from: https://wordpress.com/themes/filter/feature:portfolio

 

[method111]

Hi Fisicx,

Thank you for your message and WordPress suggestion. Funny enough I started using free WordPress originally to design the site on, but then discovered I had Adobe Portfolio as part of my Cloud subscription.

I can't remember exactly but I think with WordPress I would have needed to pay for their subscription to access some of the features I wanted. However then discovered Adobe cloud kind of had what I wanted and was covered by my sub. Plus no WordPress ads or anything.

I was also looking at free server hosting and installing WordPress, but in the end I went with the Adobe portfolio and purchased a domain name for £4.30 covering 1 year. However will see how things go with Adobe but might very well return to WordPress later on as it has so many options and designs.

 

[gpietersz]

Recommending wordpress.com rather than self-hosted! Who are you and what did you do with the real @fisicx ?

 

[Marbman]

I too would recommend WordPress and .com is a great option but it does come with some restrictions.

I always go for the self hosted .org version. Yes you will need to purchase hosting but there are plenty of good companies out there with very cheap yearly deals.

 

[antropy]

Don't bother with Cookie Banners, I don't think anyone actually gets in trouble for not having them.

Paul.

 

[ctrlbrk]

Don't bother with Cookie Banners, I don't think anyone actually gets in trouble for not having them.

Paul.

Did I misunderstand or is this advice suggesting to ignore GDPR law?

 

[gpietersz]

'

Did I misunderstand or is this advice suggesting to ignore GDPR law?

Stricly speaking it is a suggestion to ignore the ePrivacy directive, ("cookie law") which predates the GDPR. Its a very silly law and rarely enforced on small business. I seem to recall even the ICO itself was not following it at one point (strict compliance is quite difficult).

I use a Firefox extension called "I don't care about cookies" so I do not have to see all those silly banners (although Google's annoying page shows for a second before it auto-clicks on it). I get much better privacy than the cookie law provides by using another extension that automatically deletes cookies (imginatively called "cookie auto delete").

 

[ctrlbrk]

'
Stricly speaking it is a suggestion to ignore the ePrivacy directive, ("cookie law") which predates the GDPR. Its a very silly law and rarely enforced on small business. I seem to recall even the ICO itself was not following it at one point (strict compliance is quite difficult).

Well, I'm not going to argue whether a law is silly or not, but if I were @Ozzy I would not like to see advice to flout any law in my business forum.

Not only would it open the door to potential lawsuits but it's a bad idea in general.

 

[gpietersz]

Well, I'm not going to argue whether a law is silly or not, but if I were @Ozzy I would not like to see advice to flout any law in my business forum.

Not only would it open the door to potential lawsuits but it's a bad idea in general.

I very much doubt @Ozzy would be liable.

I agree with you in that I would be uncomfortable giving that advice my self (which is why I did not do so in the first place - it did occur to me).

On the other hand it seems reasonable to point out that it is very rarely enforced despite being often not complied with in full. Some things, like not setting any cookies at all until there is an agreement to accept them, can be quite tricky to do and a lot of canned cookie banners do not do that.

 

[DontAsk]

There are enough stupid platform v. publisher debates in the US, we don't need them on UKBF.

Ozzy is not liable for someone suggesting to ignore whatever law.

 

[ctrlbrk]

On the other hand it seems reasonable to point out that it is very rarely enforced despite being often not complied with in full. Some things, like not setting any cookies at all until there is an agreement to accept them, can be quite tricky to do and a lot of canned cookie banners do not do that.

Pointing out something is not being enforced or that a system like the cookie banner does not work properly is one thing, but @antropy seems to have suggested to defy the regulation, which is why I asked for clarification.

As for

I very much doubt @Ozzy would be liable.

That is generally true, but if a user claims they got in legal trouble because they relied on negligent advice provided on this forum and are able to demonstrate that at least one moderator did see the advice in question and took no action, they may have a case.

Besides, most websites' Terms and Conditions, including this one, have clauses that state that users' contributions must comply with applicable law. Suggesting to disregard applicable law goes against that.

It is not for users to say which law should be disregarded and which shouldn't. Next thing you know I start suggesting people not to pay taxes in certain countries because the rate is too much or whatever.

It's a slippery slope.

 

[DontAsk]

Besides, most websites' Terms and Conditions, including this one, have clauses that state that users' contributions must comply with applicable law. Suggesting to disregard applicable law goes against that.

The worst that can happen is the poster gets banned and /or the post is deleted. It does not in any way expose the moderators to legal action. They can't know in advance what people are going to post.

It also says "It is not intended to amount to advice on which you should rely. You must obtain professional or specialist advice before taking, or refraining from, any action on the basis of the content on our site."

So anyone taking Antropy's advice had better do their own due diligence.

 

[fisicx]

I didn’t bother with a banner. I just added a link to my privacy policy with instructions on how to block cookies. ICO was quite happy with this.

 

[ctrlbrk]

I didn’t bother with a banner. I just added a link to my privacy policy with instructions on how to block cookies. ICO was quite happy with this.

On your website do you use any cookies other than strictly necessary cookies?

 

[fisicx]

On your website do you use any cookies other than strictly necessary cookies?

Yes. But nothing that can identify you.

 

[ctrlbrk]

Yes. But nothing that can identify you.

It does not matter. If you use cookies other than strictly necessary cookies and you have not obtained consent to do so before using those cookies you are in breach.

From https://gdpr.eu/cookies/

Cookie compliance
To comply with the regulations governing cookies under the GDPR and the ePrivacy Directive you must:

• Receive users’ consent before you use any cookies except strictly necessary cookies.
• Provide accurate and specific information about the data each cookie tracks and its purpose in plain language before consent is received.
• Document and store consent received from users.
• Allow users to access your service even if they refuse to allow the use of certain cookies
• Make it as easy for users to withdraw their consent as it was for them to give their consent in the first place.

 

[antropy]

"The ICO has never actually fined a UK organisation for failure to comply with the rules around use of cookies (or other tracking technologies)."
https://bateswells.co.uk/2019/07/wh...os-latest-publications-on-cookies-and-adtech/

I'm not a legal professional, or qualified to give legal advice, you should do your own research.

With that out the way, my opinion is that the EU rules around cookie consent are beyond stupid, they reduce sales, and are never enforced.

Therefore the logical thing for a business to do to maximise conversions is not to show the popup.

Paul.

 

[DontAsk]

the EU rules around cookie consent are beyond stupid,

THis.

But so are the number/type of cookies some sites seem to want you to agree to.