Reading time: 6 minutes

As customers grow more concerned about their privacy online, you should take steps at your business to ease those concerns. Your business’ website likely collects information from your customers in various ways that they may not initially be aware of. Cookies are an example of such information. In many cases, cookies will count as personal information. New Zealand privacy law regulates how you deal with customers’ personal information, so make sure you know your obligations. Additionally, some overseas laws may apply to how your business uses cookies, requiring a cookie consent pop-up. This article will explain: 

  • how cookies work; and 
  • how the law may regulate them for your business.

What Are Cookies?

Cookies are small data files that your business’ website sends to your customers’ computer when they visit it. Their website browser (like Google Chrome or Safari) then stores these files. Your business can use cookies to track customers’ usage and activity on your website. Each visitor to your website receives a unique ID. This is then attached to the cookies that apply to that customer.

Different kinds of cookies serve different functions, such as:

  • session cookies;
  • authorisation cookies; and
  • tracking cookies.

For example, authorisation cookies store customers’ login details so that they do not need to enter their username and password every time they use your website. On the other hand, tracking cookies will record how often a particular customer visits your website and where they go.

If you use web analytics for your website, they will use cookies to analyse how customers interact with it. Cookies can show customer interactions like:

  • time spent on your website;
  • links clicked on;
  • options or preferences they choose;
  • accounts they log into;
  • items in their shopping baskets; and
  • which pages they visit.

What Is a Cookie Consent Pop-Up?

You have likely seen other websites with cookie consent notices or pop-ups. They are usually in the form of a cookie banner or pop-up box when visitors first enter your site. A pop-up will inform your customers that you use cookies and ask them to click a button saying “I Accept”. This means you have your customers’ express consent to track their usage of your website through cookies.

These banners may also provide a link to your privacy policy or cookie policy as well. In your cookie policy, you would outline: 

  • the cookies your website uses; and 
  • what information the cookies track about your customers. 

Cookies and New Zealand Law

In New Zealand, you must comply with privacy law if you collect personal information which can identify an individual. NZ privacy law does not directly deal with cookies, nor does it require you to have a cookie consent notice. If your cookies collect any personal information about your customers that can identify them, however, you must let customers know you are doing so. You would set this out in your privacy policy.

However, anyone can access your website from anywhere in the world. Depending on the law and the nature of your business, some overseas legal requirements may also apply to you.

Cookies and the GDPR

The General Data Protection Regulation (GDPR) is a framework of European Union (EU) laws that aim to protect EU residents and make sure they know what personal information businesses and companies use. This law may apply to personal information that your business collects about customers.

Like NZ privacy law, the GDPR operates on certain privacy principles. If this law regulates your business, you must:

  • process data lawfully;
  • collect information with a legitimate purpose;
  • minimise data you collect;
  • process accurate data;
  • limit the data you store;
  • keep data secure; and
  • be accountable for GDPR compliance.

Concerning cookies, if these cookies monitor or track visitors to your website, under the GDPR, you need the express consent of those visitors to use them. A cookie consent pop-up fulfils this requirement.

When Do I Need a Cookie Consent Pop-Up?

You do not need to have a physical presence in the EU for the GDPR to apply to your business. If your website interacts with EU residents by selling them goods or services or monitors their behaviour, then you must comply with the GDPR.

If your business does not do either of these actions, you do not need to worry about GDPR compliance.

You cannot control who visits your website, which means you can have EU residents interact with it. Cookies monitor your visitors’ behaviour, so you may need their express consent to do so. It may be wise to have a cookie consent pop-up even if you are unsure whether the GDPR may apply to you, just to avoid any legal issues in the future. You can find plugins online that will help you create an adequate cookie consent notice.

Key Takeaways

If your website sells goods or services to EU residents or monitors their behaviour, you will need their express consent to do so, according to the GDPR. You can gain their consent through a cookie consent pop-up when they enter your website. If you would like more information or help with your websites’ cookie usage and personal information, contact LegalVision’s IT lawyers on 0800 447 119 or fill out the form on this page.

Frequently Asked Questions

What are cookies?

Cookies are small data files that websites use to identify you. Cookies can track your website usage and store information, such as your username and password.

What is a cookie consent pop-up?

A cookie consent pop-up is a bar or banner that pops up when you enter a website. It will usually say something about the website’s cookie usage and will ask you to consent to this usage.

What is the GDPR?

The GDPR (General Data Protection Regulation) is an EU framework of laws designed to protect the privacy of EU residents. It can apply to businesses outside of the EU if they handle the personal information of anyone that lives in the EU.

Does my website need a cookie consent pop-up?

Through your website, if you either sell goods to EU residents or monitor their behaviour (as you would with tracking cookies), then you will likely need a cookie consent pop-up. This is to ensure you are meeting your obligations under the GDPR.

About LegalVision: LegalVision is a commercial law firm that provides businesses with affordable and ongoing legal assistance through our industry-first membership.

By becoming a member, you'll have an experienced legal team ready to answer your questions, draft and review your contracts, and resolve your disputes. All the legal assistance your business needs, for a low monthly fee.

Learn more about our membership

Need Legal Help? Submit an Enquiry

If you would like to get in touch with our team and learn more about how our membership can help your business, fill out the form below.

Our Awards

  • 2019 Top 25 Startups - LinkedIn
  • 2020 Innovation Award 2020 Excellence in Technology & Innovation Finalist – Australasian Law Awards
  • 2020 Employer of Choice Award 2020 Employer of Choice Winner – Australasian Lawyer
  • 2020 Financial Times Award 2021 Fastest Growing Law Firm - Financial Times APAC 500
  • 2021 Law Firm of the Year Award 2021 Law Firm of the Year - Australasian Law Awards
  • 2022 Law Firm of the Year Winner 2022 Law Firm of the Year - Australasian Law Awards