Cookies are small text files that your website sends to a visitor's browser to remember them the next time they visit – e.g., their username and password. (There are also chocolate chip cookies, but that's a topic for another blog.)
Cookies requirements vary among different jurisdictions; Canada's requirements are less stringent than the European Union's. By complying with the EU's rules for using cookies, you can have confidence knowing your cookies policy complies with Canadian requirements.
Cookies in Canada
The Office of the Privacy Commissioner of Canada (OPC) recommends you use online banners and interactive tools to make users aware of your cookies policy.
- Let users know how you're using the information you gather and who has access to it. This should be done when or before the information is collected.
- Give users the option to opt out, ideally before any data is collected.
- Inform users that you are limiting the sensitive data you collect as much as possible.
- Tell users the information you collect is either destroyed or de-identified as soon as possible.
Cookies in the EU
- Obtain consent from users before installing cookies.
- Explain what information your cookies are gathering and for what purpose.
- Document and store the consent you have received.
- Allow users to access your website even if they deny consent.
- Make it easy for users to withdraw consent at any time.
One exception to the above rules is that you are not required to obtain consent before installing cookies if the cookies are needed to access certain parts of your website, such as secure areas. These cookies are often referred to as "strictly necessary" cookies. However, you must still explain what the cookies do and why they are needed.
What we recommend
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.