A cookie is a small text file saved to the user’s device when accessing a website. It can store information that identifies the user’s preferences or past actions.
To comply with the Privacy and Electronic Communications Regulations (PECR) it is necessary to inform web site visitors about any cookies you use and what they are used for. Any cookies that are not essential to the use of the website must NOT be saved to the user’s device until the user has consented to the storage.
The user must be provided with details of all cookies in use on a website including
- is the cookie essential or non-essential?
- how and why is it used?
- how long does it exist?
See the ICO website for additional details.
Cookie Consent Solutions
Many Third-party cookie consent solutions exist
- data privacy regulation compliance
- targeted website platforms
- website changes required to implement. E.G. An autoblocking feature attempts to block third-party cookies but it is recommended to test that feature to ensure compliance. If autoblocking does not work it will be necessary to amend the website code to ensure consent is agreed before saving the cookie to the user’s device.
- how intrusive to the user. Some solutions require considerable screen estate making the website very difficult to use on mobile devices until consent is given.
- how are cookies audited? Options include automatic scanning and classification or manual audit
Many Cookie consent vendors offer cookie auditing services although the free versions typically work with just a few website pages so they might not discover all the cookies in use.
Performing a Cookie Audit
To confirm which cookies are used by your website you can manually perform a cookie audit using your browser developer tools or a browser extension.
The following steps are based on Google chrome browser, developer mode and windows.
#1 – Open Google chrome using a New Incognito Window. Using a standard window can include additional cookies relating to browser add-ons.
#2 – Open the website url
#3 – Press F12 or use the browser menu to access the developer tools.
#4 – open the Application tab, then Lefthand tree select Storage>Cookies>YourDomain
The righthand view shows any initial webpage cookies.
If the website has a cookie consent blocker accept all cookies to ensure any optional cookies are created.
To audit, all cookies visit each page especially those containing third party components like maps and re-CAPTCHA. You might find some cookies are only available on individual pages.
If the website has a membership section login as a member to ensure any authorization cookies are created. If the login has option Remember Me check that also
#5 – determine usage for each cookie including lifetime. Several websites provide the ability to search for details based on cookie name .
#6 -Verify the cookie consent popup currently handles the different cookie classifications.
- clear all site cookies refresh the page and ensure only essential cookies are stored.
- verify that the consent popup is presented
- decline consent refresh page and verify only essential cookies are stored.
- verify the consent popup is no longer active.
- verify that it is still possible to update the cookie settings
- amend the cookie setting to Allow non-essential settings and refresh the page.
- verify that non-essential cookies are now saved.
- amend the cookie setting to again Deny non-essential cookies and refresh the page.
- Any non-essential cookies should have been automatically deleted.
Using Chrome browser extension
We have used the Google Chrome browser extension Edit this Cookie. (Also available for other browsers). This allows a cookie to be viewed, edited, etc. All cookies can be copied to the Windows clipboard then pasted in JSON format into a text file.
The extension needs to be installed then enabled for use in Incognito mode to perform a cookie audit.