Privacy Law Updates
| Publication year | 2024 |
| Citation | Vol. 49 No. 1 |
| Author | Jay Parkhill |
Jay Parkhill
Parkhill Venture Counsel, P.C.
Cookie banners are ubiquitous and confusing. Every time we visit a new website we get a popup asking us to Accept Cookies, Reject Cookies, Manage Cookies or Do Not Sell my Personal Information. All the notices are well intentioned for sure, and are legally required, but they are obtrusive, hard to understand and mostly we end up wishing they would just go away. They also tell us that disabling cookies may cause websites to function poorly. As an experiment then, I decided to reject cookies on every website, both to find out if anything would really break, and also so I could take a look at the consent mechanisms. Here are the results of that experiment.
A few notes on terminology before diving in: "cookies" technically refers to small files that a website stores on a computer. Cookies store information about a person's visit to a website, which allows the site to track things like a person's browsing history, login information and other metrics. Sites can also use tracking code embedded in tiny images on a website, and other technologies, to do the same thing. Those are technically different from cookies but they accomplish the same purpose, so this article will use the term cookies to loosely refer to all technologies that can be used to track visits to a website, or across websites.
Of course, tracking user data is valuable to site operators and advertisers but when we visit a site it can be difficult or impossible to know what information is being collected about us. Cookie notice and consent banners are intended to provide transparency in this regard.
The EU's e-Privacy Directive (originally adopted in 2002) was the first major law to require notice and consent regarding cookies. Cookie notices started becoming more common in the early 2010s, and got an extra push when the EU adopted the General Data Protection Regulation in 2016. Collectively, these laws require that websites: (i) notify users before placing cookies, and (ii) allow users to opt out of the placement of cookies that aren't required for the site to operate.
US states began adopting their own privacy laws beginning with the 2018 California Consumer Protection Act (now called California Privacy Rights Act or CPRA). As of this writing 13 states have adopted comprehensive privacy laws and most contain
[Page 42]
restrictions applicable to cookies. Unlike EU law however...
To continue reading
Request your trial