Cookie Consent. What do you need to know?

In Canada, websites must comply with PIEPDA laws to collect and process user info, requiring them to obtain cookie consent from their users.
Cookie Consent

Ever wonder how a website remembers what product a user clicked on when they visited the last time? Or how Google can track the price of the flight tickets to a particular destination once searched? Websites use cookies, which are tiny files sent to browsers from the websites, to track, monitor and store a user’s online behaviour, designed to remember user preferences for a specific period of time.

Cookies are generally of four types, session cookies, persistent cookies, first-party cookies, and third-party cookies.

    • Session cookies remain active until the time a user navigates through the website.
    • Persistent cookies are generally permanent and remain active even when the website session is over. Persistent cookies store information such as login information, language preferences or location.
    • First-party cookies are set by the publisher’s web server or any JavaScript loaded on the website.
    • Third-party cookies are set by a third-party server, such as an AdTech vendor, or via code loaded on the publisher’s website. Their primary function is to display ads based on a user’s online activity and preferences.

 

In Canada, websites must comply with PIEPDA laws to collect and process user information, requiring them to obtain cookie consent from their users. Generally, websites require cookie consent to track, monitor, or store user data and hence, users can notice a cookie banner (“this website uses cookies”) displayed upon opening a website, and the cookie banner gives an option to either “accept” or “decline” the cookies. Some websites may allow users to enter despite cookies being declined, in which case user data is not collected or processed.

PIPEDA differs from other data privacy laws by the requirement to obtain meaningful consent. The consent is “meaningful” if the use of cookies is reasonable in the circumstances. It may mean that the website may need to obtain implied consent rather than explicit consent. In certain situations, “meaningful consent” is open for interpretation and left up to the judgement of the website owner. However, in cases where explicit consent is not required, websites need to notify users that they are collecting their data using cookies.

PIPEDA is not as stringent with respect to obtaining consent as the GDPR in Europe but more stringent than CCPA. In Europe, websites must obtain explicit consent for every non-essential cookie. CCPA does not require cookie consent. PIPEDA is generally less stringent and requires explicit cookie consent for marketing and advertising cookies, and businesses can rely on implied consent in other cases.

Users may be able to revoke their consent despite having provided consent once by simply disabling a given website’s cookie or deleting all cookies from the domain.

Cookies may seem intrusive, given that they store and track user data. However, they make a user’s everyday life a little bit easier, such as remembering login information for frequently used websites, displaying news articles from a user’s current location, and even remembering shopping wish lists which in turn helps improve user experience!