The Simple Guide to Cookie Consent for the UK and Australia in 2024

Contents

For most people, browser cookies and data privacy are daunting and complicated. I would be surprised if more than a small portion of the population knew what a browser cookie is. For most people, they are just things they agree to in little popups on websites.

This article will break down everything I know about cookies, cookie consent and data privacy. It will make everything simple. If you are a business owner, blogger, or user, prepare to finally understand what cookies are, why they matter and what you need to know about them.

What Are Browser Cookies?

A browser cookie is a small file that websites use to store data. The website saves the file to a user's device. When the user returns, the data is retrieved from the device and used by the website.

This process is how online shops remember what was in a customer's cart. It is how a weather website remembers a user's location. They remember by storing the data in cookies.

Cookies store personal data about users. They can track how you use websites. They can store any information they like about you and your browsing habits.

It is unethical and illegal for users not to be in control of their personal data. Cookie consent and data privacy laws ensure that websites cannot obtain personal data from users without informed consent.

Understanding the Laws

Depending on where you are in the world, different Data Privacy Laws apply. I primarily work with UK and Australian businesses. For that reason, I will focus on their privacy laws.

The UK sets data privacy laws in its PECR (Privacy and Electronic Communications Regulations) legislation. Following Brexit, the UK created privacy laws to emulate the EU's GDPR laws. Essentially, websites must obtain consent before using cookies. The website must provide clear and comprehensive information about the user's rights and let them opt-out.

In Australia, similar rules apply. Australia's Privacy Act states that websites must provide information about personal data collection and its cookie use. They must obtain informed, voluntary and current consent. If a user withdraws their consent, websites cannot use non-essential cookies.

To understand cookie consent, we need to understand two distinct types of cookies - essential and non-essential.

  • Essential Cookies are cookies that a website could not function without. A classic example is storing a user's login status so they don't need to log in on every page.
  • Non-essential Cookies are cookies that do not prevent the regular function of a website when removed. Analytics and personalisation cookies are both non-essential.

Now we understand those two types of cookies, let's break down how to implement cookie consent on a website.

  1. Audit all your website cookies. Find all the cookies in use by your website. Third-party apps that use cookies, like Google Analytics, should be included in this. Split them according to essential and non-essential cookies (watch the video below to learn how).
  2. Implement a cookie banner explaining the cookies in use and requesting consent from the user for their implementation. Explain that some cookies are necessary and some are not (read the example cookie banner message below).
  3. Include in your banner a link to a detailed Cookie Policy. This policy must explain how you use cookies, the data you collect, what you use it for and the user's rights to it.
  4. Provide easy access for users to update their cookie preferences whenever they choose. Also, you must prompt users to update their cookie preferences at regular intervals. Doing this keeps their consent current.

How to Perform a Cookie Audit

Example of a Detailed Cookie Banner Message

Our website uses cookies to enhance your experience, provide social media features, and analyse traffic. We use both first-party and third-party cookies for various purposes. You can learn more about the types of cookies, why we use them, and how you can manage your preferences in our Cookie Policy.

Creating a cookie banner is easy. Most website platforms provide plugins to help you make them. Getting the banner content right is essential. With that in mind, here are a few key things to watch out for with your cookie consent banners.

  • Make them easy to understand. A user must fully understand how you use cookies and their data privacy rights. Be explicit in your wording. Do not hide behind Legalese.
  • Give them clear options to opt in or out of cookie use. They have a right to protect their data. Preventing them from withdrawing consent is in direct conflict with those rights.
  • Make the banner look good and be easy to see. Integrate with the rest of your site using brand fonts and colours. Looking like obtaining consent is part of your brand will help build more customer trust.
  • The banner must be usable by everyone. Keep accessibility principles in mind so that all users can provide consent. If you don't know much about it, read my beginner's guide to Web Accessibility.
  • The banner must stay on screen until the user makes their choice. Even if they navigate to a new page, it must be visible. Once they provide (or withdraw) their consent, hide the banner.

Follow these principles. I guarantee you will implement cookie consent better than most websites.

The best practices for cookie consent require making it easy for users to update their consent preferences. Let's break that down further to clarify the best way to handle user consent preferences.

  • Make the settings easy to access. Have a clear button on the page (usually in the footer or the cookie banner) where someone can manage their preferences.
  • Provide clear guidance on the consent options available to the user and how they can choose them (read example consent management instructions below).
  • Immediately update the website's cookie implementation when a user changes their preferences. If a user withdraws consent, remove the non-essential cookies straight away.
  • Document user preferences to show compliance with legislation.

Example of consent management instructions

You can manage your cookie preferences at any time by clicking on the 'Manage Preferences' link in the footer of our website. From here, you can adjust which categories of cookies you accept or withdraw your consent entirely. Changes will take effect immediately.

The Future of Cookies

2024 is a year of change for browser cookies. Major browsers like Chrome, Safari and Firefox are all working to phase out and block third-party cookies. These changes are a massive leap forward in user data protection.

Over the next year, third-party technologies like Google Analytics will implement new, more secure ways to track users. As such, cookie consent will change.

We are still in a transition phase at the moment. When the new technologies are commonplace, legislation and guidance on obtaining user consent about their data will follow. When it does, I will update this post with the latest information.

Conclusion

Understanding and implementing proper cookie consent is a win for you and your website. It is tough to gain trust in the digital world. Being transparent about personal data usage and privacy goes a long way. 

If you are a business looking to engage new customers, they will appreciate you taking their privacy seriously. Putting their rights first will build more trust. More trust leads to more engagement. More engagement leads to more customers.

If you want to build a trusted website for your business, implementing cookie consent best practices can only help that.