Business owners in Canada using first-party cookies or third-party cookies on their websites are required by PIEPDA to collect consent from their users. What is PIPEDA? PIPEDA stands for Personal Information Protection and Electronic Documents Act. It is Canada’s federal law on personal data protection.
Ensuring compliance with PIEPDA can be tricky for business owners since the law does not make any explicit provisions for cookie banners. It lays out the various data principles that all business owners may use to obtain, process, or track a user’s data and the same applies to cookie consent. PIEPDA has ten principles:
- Accountability
- Identifying Purposes
- Consent
- Limiting Collection
- Limited Use, Disclosure, and Retention
- Accuracy
- Safeguards
- Openness
- Individual Access
- Challenging Complaince
Business owners must incorporate all ten principles in their privacy practices.
When thinking of designing a compliant cookie banner, there are three PIEPDA principles that all business owners should keep in mind:
Identifying purposes
A cookie banner should clearly state the purpose of collecting a user’s data. If the consent was previously obtained for one purpose, it would need to be obtained again in case there is another purpose for which the data is being processed.
Openness
Users must be informed why and what data is being collected so that business owners remain compliant with this principle. An up-to-date privacy policy displayed in your cookie banner will do the job!
Consent
This is key in determining your cookie banner’s look and feel. PIEPDA leaves it up to the interpretation of the business owner to determine “meaningful consent”. Consent can be both implicit and explicit, however, if the website uses third-party cookies, and the user’s data is being used for targeting, advertising, etc. then explicit consent is required. Implicit consent or deemed consent is required when it is implied that the website will process the user’s data. It is hard to determine circumstances within which implicit vs explicit consent might be required but compliance with PIEPDA principles is of the utmost importance. If a website fails to comply with PIEPDA principles, there may be a fine of up to 100,000 CAD per violation and there may be other penalties.
Cookie banners are one of the first components of your website that a user is greeted with, therefore, it is critical to ensure that the banner displayed to the user fits other design aspects of the website. This is where a good UX/UI design comes into play.
Various vendors offer ready-made cookie banners, and website owners can customize these cookie banners in certain ways to fit the website aesthetic. These tools specifically make banners that are PIEPDA compliant, not only that but some of these tools also manage the data collected from the website’s cookies and store data for future references and proof of consent obtained from users as well.
Are you unsure what kind of cookie consent should you obtain? Or whether you are PIEPDA compliant? Reach out to us at info@bluedotmarketing.ca to connect with a web design expert at Bluedot Marketing!