Webmasters Asked on January 10, 2021
I want to know if I need a cookie notice on my personal, non-commercial, USA-based website. My site requires people to register if they want to see all of the site’s content. I use cookies so that returning users don’t need to log in each time they visit. The info they are required to submit when they register is name, email address, city and country. More than half of my users are in Europe (although not necessarily in the EU).
By “non-commercial” I mean (1) the site is completely free to visitors, (2) there are no ads, and (3) I receive no revenue whatsoever.
I did read the GDPR a few years ago (before cookie notices were a thing) and it is very clear that it does not pertains to personal sites. But I know nothing about cookie-notices, not even by whom they are mandated.
Indeed, the information out there is disparate and often confusing. According to the folks in this Quora thread, GDPR applies to you as well. On the other hand, this article would suggest you can ignore it right now.
CCPA applies only to businesses, for now anyway, as this article argues, so you should be okay there.
Now here's my take, working in ad tech and having to deal with these concerns regularly. If you store any personal information, you should have some sort of cookie policy or disclaimer. Even if your cookies are only first party cookies, not third party cookies, but you are still storing PII (personally identifiable info - which can mean anything from email address to IP address), you should disclose what you collect and for which purpose. If it's only for login and web analytics, disclose that. If you do not use the info to retarget or sell or advertise, also disclose that.
Between the ever-changing compliance landscape of GDPR, CCPA, and whatever may come next (V2 of GDPR, V2 of CCPA, other US state laws, US federal laws), you want to make sure that you are covered. Right now, governments are dealing with other problems, but it's only a matter of time until they turn their attention back to online privacy.
If your website and user base are small, you may be able to get away with not posting anything, but all it takes is one complaint and you may find yourself with more work than if you had originally posted the darn thing. All in all, it's better to be overdressed than underdressed here. Someone on a call with IAB mentioned that if you comply with the most strict version of best practices, you will almost certainly be covered.
Another good article here, including ideas for implementing notices. Keep in mind that your notice does not have to be loud or intrusive. You can execute it minimally and gracefully, as long as it's visible. Most, if not all, of your users will either ignore it or click "okay" anyway.
Correct answer by Henry Visotski on January 10, 2021
Get help from others!
Recent Answers
Recent Questions
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP