What Are Cookies & How Do They Work?
Cookies are text files containing small pieces of user data sent to your browser by any website you visit. These work on tracking your activities and preferences, aiming to make the whole experience more fulfilling for both the site and the user. While most cookies are generally safe, some of them may be used to track in-depth data without consent.
What Is A Cookie Law?
A cookie law refers to a set of guidelines that websites need to follow while using cookies. These cookies are normally used to track website visitors and their browsing habits, based on which the site seeks to provide a better user experience. However, not all users are open to being tracked on their online activities and preferences, which is a major cause of concern related to the invasion of privacy. This is why specific laws governing the usage of websites and tracking were created.
Cookie laws prevent websites from storing cookies without informing users or receiving their consent. The primary reason for introducing these laws was to protect the privacy of users and also to prevent cookie-collected information from being misused. The GDPR (General Data Protection Regulation), passed by the EU (European Union), is the most strict privacy & security law.
Cookie Law in Canada
In effect from 2000 and with the latest amendment in 2015, PIPEDA (Personal Information Protection and Electronic Documents Act) is a Canadian law related to data privacy. According to this law, websites are required to obtain consent from users to track, collect and use their data.
With PIPEDA, Canadian users are empowered to manage their personal information, correct it and also challenge the website’s PIPEDA compliance through the Privacy Commissioner. Further, the Canadian federal privacy law regulates the private sector’s collection, usage and disclosure of personal information.
To Whom Does PIPEDA Apply?
Based on the 10 Fair Information Principles, this law applies to any website operating in Canada and across the world that obtains and uses personal information related to Canadian residents for commercial use.
Who Is An Exception For PIPEDA?
PIPEDA does not apply to:
- Non-Profit & Charity Organizations;
- An Organization of The Federal Government listed under the Privacy Act;
- A Provincial or Territorial Government;
- Political Parties & Associations;
- Hospitals, Schools, Universities & Municipalities (since these are governed by provincial laws. However, PIPEDA may apply under certain conditions)
Businesses that are subject to the provincial privacy laws of Alberta, Quebec and British Columbia may also be an exception to PIPEDA.
Canada’s Anti-Spam Legislation (CASL) deals with spam and other electronic risks & threats. It aims to protect the privacy of Canadian users while allowing businesses to compete globally. This federal law prohibits the installation of any computer program and software on another user’s device for commercial purposes without the device owner’s express consent.
CASL also prohibits websites from automatically installing or updating an installed software on a user’s computer without their consent. However, in cases where program owners and businesses are already considered to have the user’s consent without requesting it, additional requirements are to be met based on the program.
CASL applies to any business that:
- Sends or helps send a CEM (Commercial Electronic Message) to any Canadian user;
- Sends a CEM from Canada; or if their CEM is accessed from a device in Canada.
Regarding CASL exceptions, this federal law does not apply to apps and programs downloaded, installed or updated on their devices by the users themselves.
Based on PIPEDA and CASL, it is given that websites must provide clear and precise information on cookies before collecting them. There must also be a provision for users to withdraw their consent to cookies.
Cookie Law in The USA
California Consumer Privacy Act is a data protection law regulating the use of Californian residents’ personal information (PI) by global businesses. This state-wide regulation applies to any for-profit business, irrespective of its global location, that obtains and processes PI of California residents.
CCPA empowers California residents with the right to opt out of their cookie consent and to request disclosure or deletion of previously collected data. It also affirms that businesses covered by the act must provide users with a “Do Not Sell My Personal Information” option via which they can disallow their data sales to third parties.
With Virginia’s CDPA, users are empowered with the right to know, access, correct and delete their personal information collected by websites using cookies. Virginia residents can also opt out of third-party data sales.