[User Story] Implement cookie notice to inform users #546
Comments
chrisdburr
moved this to Backlog
in Trustworthy and Ethical Assurance Platform (Feature Roadmap)
chrisdburr
added
documentation
chrisdburr
changed the title
|
@cptanalatriste: please identify a list of cookies we use that fit into the above categories (e.g. just essential cookies) so that the banner can be created. |
chrisdburr
moved this from Backlog
to Ready
in Trustworthy and Ethical Assurance Platform (Feature Roadmap)
|
@RichGriff please could you confirm which cookies are being stored so I can ask our data protection officer to confirm the message we need to use. |
|
next-auth.csrf-token (Essential cookies so that the user can be authenticated) |
marlonscloud
moved this from Blocked
to In progress
in Trustworthy and Ethical Assurance Platform (Feature Roadmap)
|
Just spoke with our DPO. All we need is a cookie notice, and (ideally) a privacy notice somewhere on the site (e.g. in the docs). Because all cookies are deemed "essential" under the relevant law, no user opt-in/opt-out is necessary. It's just about being transparent. He will send over some copy at which point I will update this issue. |
|
@aranas I would suggest we also include a short description of our intended use of data analytics (e.g. user adopttion). Again, it's just about being transparent, as in this case we're not storing cookies on the user's machine to track them as individuals—just looking at how the set of users is using the site. |
|
I suggest something like the following: To improve the platform, we track basic usage data. We do not use tracking cookies to follow users across different websites. Our focus is on understanding overall platform engagement, rather than individual user behavior. This data helps us measure impact and communicate with funders to ensure continued support for platform development. |
|
Thanks, @aranas. The following has also been provided by our DPO:
@RichGriff, we can move this forward at our next spring planning. |
Prior to public beta release, we will need to implement a cookie banner.
Here is guidance from our DPO:
**The rules around cookies are governed by the Privacy and Electronic Communications Regulations (PECR) and the ICO's guidance can be summarised as follows. A cookie banner should greet the site visitor on their first interaction with the site.
The ICO's guidance sets out the following approach:
Essential or ‘strictly necessary’ cookies – do not require consent (“cookies so that we can provide you with the best user experience possible”)
Cookies used to remember goods in a shopping basket
Cookies for security purposes (such as in online banking)
-‘Load balancing’ cookies to ensure pages load quickly
Non-essential cookies (“functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful”) – require consent (i.e., to tick a box before we set them)
Analytics cookies
Cookies to recognise you when you return
First- and third-party advertising
Not PECR compliant
‘by continuing to browse our website you consent to the use of cookies’
‘we use cookies. find out more’
pre-ticked ‘accept’ boxes
'we collect unless you opt-out' approaches
Making it much more difficult to make an informed decision than simply pressing ‘ACCEPT’
PECR compliant
Explains the essential cookies
Allows opt-in to categories of non-essential cookies before browsing the website
‘REJECT’ or ‘DO NOT ACCEPT’ is as prominent as ‘ACCEPT’
The main Turing website notice covers this according to the guidance. **
The text was updated successfully, but these errors were encountered: