For instance: “Cookies can collect the information and allows as to show you relevant ads. How does it work? For example, maybe today you will see the advertisement of a pack of coffee that you recently looked. Cookie files are tiny pieces of text, that have been saved on your computer while you were looking for your coffee pack. Cookies have remembered your request and next time when you open your browser, “they” will show you the results of your recent request in the ad”.
Separate the purposes of data use.
GDPR also separate different purposes of using collected by cookies information. The user can agree or deny different aims of using the same part of information. Moreover, one denied purpose has no impact on other agreed purpose.
For example, if talking about our pack of coffee, user don't want to see related products or receive targeted ads, but it would be nice not to log in on the website every time after closing window or a tab.
Tell your visitors what data do you collect and how you will use this.
Here, first of all, make a research what data do you collect and why. After that, ask yourself: “do I really need all this stuff?” What data do you use in fact, and what information is just “in case”. GDPR says that the amount of data collected should not be excessive. Cookie files - these tiny pieces of text, that are saved to the customer's PC, notebook or smartphone while he or she surfing through websites were always existing, but what’s wrong now? In p. 30 GDPR says that cookies in combination with other data can help to identify the person. That is how cookies went to the evil side or transformed to the personal data.
Due to that, the notification like:
...is not enough from the legal point of view. You need to obtain an individual agreement. That means that before installation and using cookies you have to obtain an expressive customers compliance.
Here you should provide your audience with all required information about:
- What are cookies?
- What type of cookies do you have?
- Why do you use it?
- What files are must have on every site?
GDPR welcomes any type of visualization of data proceeding rules.