Cookie Audits Inspired by UK ICO
Cookie audits resurfaced as a major topic shortly after the United Kingdom’s Information Commissioner’s Office (ICO) recommended that such audits become a regular part of a company’s privacy compliance efforts.
As part of this guidance, the ICO emphasized the importance of performing comprehensive cookie audits to detail what cookies are being used on a website and to discern which of them comprise “strictly necessary” first and third-party cookies versus those which do not.
A Cookie Audit Should Inform Website Operators
The audit should inform operators about the:
- presence of cookies on a website
- purpose and use of each cookie including the cookie’s involvement with processing of personal data
- values, data, lifespan and other attributes linked to each cookie
- proper categorization of each cookie such as required, functional or advertising
- classification of each cookie as first or third party
Further details about the ICO’s guidance on cookies can be found in the UK ICO and French CNIL Cookie Consent Privacy Compliance Update Advisory and the Cookie Crack Down Webinar.
Every website is unique, but cookie audits do not need to be a difficult exercise for companies wanting to address consent requirements from the GDPR, CCPA, and other regulations.