Proceed with Caution – Cookies May Create Legal Exposure for Site Operators
Cookies can be incredibly useful to website operators as they can enable the operator to gather helpful information about how visitors use its website and thereby target its advertising efforts without disrupting the user experience. However, as web visitor privacy control continues to be prioritized by applicable law and marketplace demand, the landscape for using cookies has changed dramatically from three years ago and will continue to change. Here are some key recent developments:
- Third-party cookies are falling out of favor with Big Tech. Firefox and Safari already block third-party cookies and Google announced that it would stop supporting third-party cookies by 2022. Considering these three browsers account for over 85% of global web browsing activity, organizations that currently rely heavily on third-party cookies should begin pivoting to alternative tracking technologies (e.g. first-party cookies, ETags, universal IDs, local storage, IndexedDB, web SQL, etc.) sooner than later.
In addition, if your organization is required to get visitor consent before using cookies, be sure that the consent request is clearly communicated to the visitor and that the consent mechanism is easy to understand. Do not rely on colors to indicate consent, and do not use pre-checked “agree” boxes. If a visitor does not consent to cookies (or makes no choice), you should not block the visitor from using the website, and you should stop using cookies.