The new data privacy laws concerning cookies can be confusing to companies reliant on websites. You may be left wondering, “What is the cookie law? Why do I have to accept cookies?” Law firms should understand if they must comply with the relevant cookie banner laws. We discuss the current and upcoming cookies-related regulations and explain how you can protect your company and website from noncompliance issues.
What Are Cookies?
Cookies are designed to make your online experience smoother and easier. They are small files that websites send to your phone or computer that the sites use to remember certain information about you.
For example, imagine you visit a website where you conduct a reasonable amount of online shopping. You log in to your account, and your username and password are remembered on the screen, so you just click accept. Cookies allow the website to remember you and your login details. Then you go to your cart to see what you put in last time. There’s a shirt and a few toys for your kids. Again, cookies allow this memory. You remove half the toys and decide to purchase the shirt and remaining items; as you click to checkout, your shipping and payment addresses appear on the next screen, along with your credit card details, and yes, this is all thanks to cookies.
This is where privacy and cookie laws enter the debate.
What Is the Cookie Banner Law?
Essentially these laws were designed to protect users’ online privacy by making the consumers aware of how websites collect information about them and what happens to that information. Some sites may even opt to sell your personal information, so they must disclose this fact. The laws also enable you to disallow the website to collect your information.
Two of the most prominent cookie laws are embedded in the California Consumer Privacy Act and the EU’s General Data Protection Regulation. These laws were enacted to protect their residents’ online privacy.
California Consumer Privacy Act
There are several cookie laws in the U.S., including the California Consumer Privacy Act (CCPA). Under the CCPA, cookie collected data counts as personal information. Because each state can make its privacy laws, this Act applies only to California residents. If your website attracts visitors from California, then you must abide by the cookie banner law in the CCPA.
EU’s General Data Protection Regulation
Other laws around the U.S. and the world are based around online privacy and cookies, including laws in the following countries:
- South Africa
- Hong Kong
- New Zealand
Additionally, other U.S. states besides California have or will have laws regarding cookies, including:
- The Virginia Consumer Data Protection Act (VCDPA) has been signed and enters effect at the beginning of 2023
- Colorado’s Privacy Act will go into effect in 2023
- Utah’s Consumer Privacy Act enters effect at the end of 2023
- Wisconsin (possibly will enact a cookie law soon)
Some experts speculate that the remaining states will adopt variations of the CCPA or the VCDPA over the next several years. So while your law firm’s website may not currently require a cookie banner to comply with relevant regulations, it’s likely that it soon will.
Does My Law Firm’s Website Need to Comply With the Cookie Banner Law?
You must comply with the relevant regulations if your website attracts users from any jurisdiction covered by a cookie banner law. Something to note here is that the law isn’t based on which states or countries your website actively markets to. So even if you’re a New Jersey-based law firm, if you have the occasional site visitor from California, you should comply with the CCPA and get a cookie banner consent solution to protect your website from fines and potential lawsuits.
Since more U.S. states will likely follow their cookie laws, it’s far better to comply now; play it safe, so you aren’t sorry.
Breaking the data privacy laws can come with strict fines. For example, the CCPA may fine non-compliant websites up to $7,500 per individual violation. When it comes to their attention that your website isn’t compliant, you may have racked up hundreds or even thousands of violations.
Worse, once you have been fined for violating the cookie banner law, this can open the door to class-action lawsuits. These can prove to be even more costly than the CCPA fines.
How Can My Firm Comply With the Cookie Banner Law?
While it may sound as though adding a cookie consent banner to your website is difficult technology work, the good news is that it is not challenging legal tech. Many online companies will help your website achieve compliance. Many online businesses will even build you a cookie consent banner for free!
So, while you may not have website visitors from jurisdictions with a currently active cookie law, the truth is that you will likely encounter this type of web traffic soon. Protecting your website and your law firm by utilizing these free products can save you significant money and headaches in the future.