First, what are cookies?

By Monica Pitts

No, unfortunately I’m not talking about little sugary nuggets of baked goodness. The cookies in question are internet or web cookies. They are secure ways for browsers and servers to talk back and forth. They are used to adjust your user experience, track user behaviors, and target ads. They were developed in 1994 by Netscape to make shopping carts for e-commerce stores possible.

There are currently three initiatives pushing for opt-in cookie compliance: The EU, General Data Protection Regulation (GDPR), and E Privacy Regulation, as well as the California Consumer Privacy Act (CCPA) based in the state of California. All three classify web cookies as unique identifiers considered to be personal information. While a cookie doesn’t share your actual personal information, it does track how you use a website, which helps marketers and business owners place users into groups and identify common behavior patterns.

How do you know if your site uses cookies?
Here are some tell-tale signs your site uses cookies.
• You have a WordPress site, which is like 35% of the web if your website was professionally built in the last 10 years, it’s likely on WordPress. Not sure? Go to — it’ll tell you.
• You use Google Analytics to track visitor behavior.
• You do remarketing and have a Google Ads or Facebook racking pixel installed.
• You display ads on your website from Google Ads, Facebook Audience Network, or another display advertiser.
• You allow users to save their login information.
• You have a shopping cart on your website.
• You allow people to adjust the layout of your pages, for example, from a grid to a list-style layout.

Okay. So your site uses cookies. Now what?
Do you need to comply?
Any site receiving traffic from Europe or California is supposed to follow their rules. Every website I monitor has traffic from those locations, event companies like mine nestled in the good ol’ Midwest US of A. EVERY SITE. Don’t kid yourself by thinking because you’re located in Iowa, you’re all good. The World Wide Web really is world-wide, and people from all over find websites for the darndest reasons.

Currently, you still have options.
You could do nothing. Not sure how long that would fly, but for now, you can do nothing. It’s not going to comply with the GDPR, E privacy regulation, or CCPA, or Google. Who knows how long it will be before search engines start penalizing people for not doing so? They could be doing it right now, and we just don’t know it… or it could be years.
Or, just an idea, maybe a good place to start is by telling people your site uses cookies and post your privacy policy. While it feels like this would cover all your bases, just telling people doesn’t make you 100% compliant. The key is people get to CHOOSE if you track their information. So just telling people, “Hey, we’re tracking you, and if you’re on our site, you agree to let us do it,” isn’t a choice. It’s not like, “Eat your veggies and you’ll get ice cream.” It’s like, “Eat your veggies or don’t eat.”

To truly comply, you have to give people a choice.
That’s why it’s described as “OPT-IN”, because people have an OPTION. You notify visitors of cookie usage, post your privacy policy, and delay cookie implementation until visitors opt-in. And if they choose to use your site after opting out, they use your site without cookies, flaws and all.

How do you get a cookie notification for your site?
Subscribe to a service.
Even if you choose an all-in-one solution service, you’ll still need to implement it. You don’t just sign up and have it magically appear on your site. Your site and the service have to talk to one another, and someone has to make that happen. The services are billed monthly or annually. I haven’t used any — are a few I came across frequently in my searches are Iubenda, Cookiebot, and CookieMetrix

If you have a WordPress site you can do it yourself.
If you use WordPress to power your website, you can add the functionality through a plugin. After set up you’ll need to make sure to set up and test diligently to make sure you meet compliance (EZIGDPR and CookieMetrix offer free scans). Commonly used plugins include GDPR Cookie Consent By WebToffee, WP GDPR Compliance By Van Ons, Cookie Notice for GDPR & CCPA By dFactory and EU Cookie Law (GDPR) By Alex Moss, Marco Milesi.

So there you have it.
Like it or not, you probably need a cookie notification on your website. The extent to which you comply with the initiatives is really up to you. So grab a plate of chocolate chippers and enjoy.

Monica Pitts is the founder and Chief Creative Officer of MayeCreate Design. She spends her days constructing a marriage of form and function; creating art with her design team to grow businesses through websites and online marketing. Monica considers herself an artist, marketer and web dork with the ability to speak geek and English.