Cookies are at the center of attention due to the European Union’s latest GDPR – General Data Protection Regulation. GDPR pursues the EU’s Cookie Directive, which has been in force for many years.

Cookies are very important for E-commerce and online businesses. Do you know about the role of cookies in E-commerce business and what is the impact of GDPR on it? If you don’t this article will help you understand it.

Businesses that gather personal information from European data objects should start paying regards to how GDPR can affect the in common business practices and calculate their need for submission. For marketing folks, the biggest worry revolves around the complications of data collection and accord. For E-commerce and online businesses, the simplest way of collecting this data is by the use of ‘cookies’ – the small bundle of data left by websites on a web browser.

But on the contrary, privacy worries and cares encircling cookies has been a problem for many years now. Under the GDPR, it is vital to mark that personal data like credentials, IP address, and other information collected in the cookie is not an organization’s asset but that of a consumer.

Before we look into the impact of GDPR and how cookies are helpful, for those who are not familiar with cookies, let me give you an introduction to what are cookies?

What is a cookie?

Cookies are basically, small files that are sent from a server to the web browser. Unlike the HTML, CSS etc. files, the browser sends this cookie file back to the server with each consequent request. Cookies are placed on a consumer’s browser to track their data and they serve a lot of different purposes. Like, for example, E-commerce websites use cookies to track your login, what did you add to your shopping cart or removed from your shopping cart, to track your shopping history etc.

They are also used by intermediaries to track your browsing activities. Common examples include advertisers who want to track traffic from ads placed on websites. This here and there of cookies makes them act like a mutually shared file that both the E-commerce server and the browser can use. Although, technically, only the server can edit the cookie file while the browser can just hold or send it.

Now that you know what a cookie is, let me tell you something about their purpose.

What is the objective of a cookie?

The objectives of cookies may be simple or even complicated. Hence, I will go the simple way. Websites can track the visits on the site, but they can’t differentiate between the source of the visit. Like, if 1 person visited the website 100 times or if 100 people visited the websites once. This makes it almost impossible to track a visitor’s activity on the website and whether they viewed a product or made a purchase.

This is where cookies come in, they act as a memory for websites and they collect the content data of a visitor, what they searched for, what they purchased etc. on the browser and send this information to the website’s server. But even cookies are vulnerable and hence it is important to secure cookies too.

What is GDPR?

The GDPR – General Data Protection Regulation (EU) 2016/679 is a directive laid by the EU law on privacy and personal data protection of an individual with the European Union and the European Economic Area (EEA). It also explains the distribution of personal data outside the EU and the EEA. The primary aim is to give control to the customers of their personal data and to clear up the regulatory atmosphere for International business by integrating amidst the EU.

GDPR is the regulation, which came into effect in May 2018, affects data protection for an individual in the European Union. While its proposition is to take consent of the consumer before using their personal data increasing the transparency, its impact is more extensive.

Overriding the Data Protection Directive (95/46/EC), this directive consists of conditions and needs relating to the use of personal data of customers in the EU. It applies to businesses established in the EU or those who are using and processing the data of European people – irrespective of their geo-location and data person’s citizenship. Managers of personal data must zero in on the right technical and administrative provisions to carry out the data protection regulations.

What is the impact of GDPR on cookies?

Privacy fear encircling cookies isn’t new to the EU, the regulations for cookies were implemented first in 2011. In a recent post shared by Guillaume Marcerou, the privacy director of Criteo global said that one of the main problems for the digital marketing domain is that identifiers like Cookies, mobile ad IDs etc. are now measured as personal information. For many US-centered organizations who are bound to regulations, this may seem exceptional but for European countries even including France, this is already a case.

Talking about the difference, under GDPR, all EU members (states) have to consider cookies and other such identifiers as personal information. If any business is found violating this regulation, will not only be penalized to an amount almost equal to 4 percent of its global revenue or €20 million (whichever is greater of the two). Further, the US organizations which collect this information about European consumers will also have to follow this rule.

And it’s not only just the brands aiming European consumers that have to be watchful of the varying scene. Data protection in the EU is said to be in the lead for other countries. Consumers have become more vigilant and aware about the safety of their personal data, thanks to the data breaches on Facebook. This gave rise to a speedy swing in consumer’s demands for robust data protection from the brands with which they engage.

Asking for the permission under GDPR:

With the focus on compliance, organizations have to ensure that permission for using or storing the personal data is willingly given when the permission is sought in a simple and plain language. Request for permission is not considered as willingly given when terms or conditions are added to the contract. Organizations should provide an inclusive cookie notice to the users for taking their permission.

This implies that be it big or small brand, they all need to inform their users about how they will use the personal data on a say yes basis. The worth noting point is that no E-commerce website can restrict the usability or services on the basis of permission been granted or not.

Permission is not needed for cookies which are particularly used for collecting non-personal data, like tracking the purchase of a product. But if a cookie collects any personal data like IP address, then as per GDPR, this could be considered a violation and hence fined.

Companies, which allow intermediaries and their ads to use the cookies, will also be considered liable to the violation of the regulation. Because although, the cookies of such ads are not owned by the E-commerce or online business sites, they allow the ads to show up, hence subjected to GDPR.

Sticking with GDPR can raise opt-ins:

It is an open secret that gathering the consumer data transformed the marketing and sales by applying customer analytic tools. This is exactly why the GDPR has been the talk of 2018 for the consequences specifically in the E-commerce sector. Overlooking GDPR regulations is just out of question, not only because an organization can be heavily fined but also because data protection is becoming more important and competitive in agreement with the new procedures.

Andrew Beehler, Senior Manager of Programmatic and Yield Operations at Digital Trends said that if an organization is using data in ways that assist and help the consumers then many of them will opt for it. Only the bad actors who are not open with their consumers about how they use the consumer’s data are set to lose.

Opting for an open and consumer-based approach to advertising and marketing proves to them that they are treated as people and not data pits. Additionally, informing customers about how you plan to use their data, can help you create interactions about how your practices can benefit them better.

Apply submissive traffic sources:

As a consequence of GDPR, programmatic ad purchasing has declined in Europe, and it’s not only affecting the European businesses. To make things worse, there’s a scarcity of advertising companies who follow the GDPR regulations and regrettably, this may not change anytime soon. The reason is that most of the advertising companies are sticking to false marketing methods like CPC (cost per click), CPM (cost per thousand) and the ones which depend on cookies.

Andrew Beehler also quoted that before GDPR, brands could easily collect data from cookies stored in a browser without any actual input from a consumer. Since GDPR demands openness about the use of cookies, it is really impacting the CPC and CPM rates; hence advertisers need to be very cautious while using these phony matrices in the new system.

The advertising scene is rapidly changing, and businesses are struggling to find new sources of traffic. Google and Facebook got $8.8 billion hits legally on the day when GDPR was activated. While companies like New York Daily News, Los Angeles Times etc. blocked the European traffic to save themselves from the fines. Hence, as a result of this big change, companies will have to seek submissive traffic sources.

Fill the bill with GDPR:

It was observed that only 21% of US businesses had a good plan laid for complying with GDPR. From the example of Google and Facebook, we can make out that there’s still a chance to use GDPR for your advantage and win the race against your competitors. Not just will you establish the trust for your brand but also promoting GDPR will help you attract potential partners.

Like, if you are selling ad space on your website, excelling the GDPR puts you in the top position when it comes to grabbing premium ad space. Even though you don’t, you still can make headway over your competitors who might be dealing with fines or facing hurdles overcoming GDPR.

Go all in with innovation:

With GDPR, if you can’t use the same traditional programmatic ad purchasing to reach to your potential customers, there are other ways too. Influencer marketing will not only take the limelight for its capability to connect brands to their customers, but tactical public relations campaigns will also be helpful in assisting marketing influence and establishing brand credit.

In the meantime, the programmatic advertising that businesses rely on will have to be improved. GDPR isn’t a capital punishment for E-commerce businesses. It simply creates a stage of equality for those who gather data online, inspiring us to be more open, customer-centered and innovative.

Take Away:

From a consumer’s point of view, implementing GDPR is beneficial in protecting the personal data but from the point of view of businesses, this poses a challenge because they have to comply with this regulation else they will have to pay heavy penalties.

Due to GDPR, the old ways of marketing like CPC, CPM won’t work in this new ecosystem and hence it is time to innovate and use new and improved techniques to ensure security and even strengthen their relationship with their consumers.