March 9, 2021

Cookies - not just a delicious treat - are the means through which marketers and data companies learn about online user behavior.

It allows us to provide better user experiences, personalized ads, and, generally, something that consumers want. Don't believe me? Imagine how annoying it would be to spend hours looking for what you want, or confusing it would be to get "male hair implant" ads as a woman in her thirties? Overall, we as users like being greeted with a "Welcome Back, Melanie!" on our favorite sites and ads that speak to our interests (25% off paint and hardware? Don't mind if I do).

However, as marketers, we need to understand the incredible amount of information we have access to and be transparent with users as to how we're using it. This isn't just the ethical thing to do, it's also quickly becoming a legal requirement.

With the passage of the General Data Protection Regulation (GDPR) in 2016 by the EU, the precedent was set, and other regions, countries and states started following suit. Notably, California has been the first state to enact data privacy laws in the United States when it passed the California Consumer Privacy Act (CCPA) in 2018, and California Privacy Rights Act (CPRA) in 2020. It's only a matter of time before data privacy laws are authorized at the federal level, and rumors are a bill is already being written.

So, what do all these acts and regulations mean? Simply, that websites must have a cookie policy on their site, and users must be able to easily opt-out. The cookie pop-up you see throughout your web browsing is the most common form of adherence (and pre-emptive strike) to these laws. Easy enough to implement, but what about the policy?

While there isn't a one-size-fits-all template, here are some common tools you may be familiar with that use cookies - and should be noted in a policy:

  • Google Analytics
  • Google Ads
  • Remarketing / Retargeting
  • Social Advertising (i.e. Facebook, Instagram, LinkedIn, etc.)

If you don't have a cookie policy on your site currently, that should become a top priority. Work with your legal, compliance, and/or risk teams to make sure you're covered. Though third-party cookies will be disappearing by 2022 (stay tuned for more info coming on this!), it's imperative you disclose use of first-party cookies.