So, you’re following GDPR protocol and you installed a cookie notice for your website. Maybe it’s a simple one or perhaps it’s one of those drop-downs showcasing options for a user to choose. Whatever type of notice you use, if you want to have a fully accessible website, you’ll want to reconsider your notice’s placement.
GDPR…Cookies…?
Everyone operating a website that attracts international traffic needs to know how the GDPR and cookies are connected.
The General Data Protection Regulations was instigated by the European Union. Its purpose is to help give consumers control over how their personal information is stored, used, and distributed. GDPR covers every website operating within the European Union (EU). You’re still required to conform to the regulations if you’re operating outside the EU. If found guilty of not obeying the rules, you will face a large fine if prosecuted.
GDPR Recital 30 states:
“Natural persons may be associated with online identifiers provided by their devices, applications, tools and protocols, such as internet protocol addresses, cookie identifiers or other identifiers […] when combined with unique identifiers and other information received by the servers, may be used to create profiles of the natural persons and identify them.”
Cookies are considered unique identifiers since they can be used independently or combined with other data to identify an individual. Because of this, cookies are subject to the seven principles of processing personal data:
- Personal data must be processed lawfully, fairly, and transparently.
- Personal data must be collected and processed only for specific and legitimate purposes.
- Data collection should be minimized (only collect what is necessary for your stated purposes).
- Accuracy of personal data should be ensured, and timely efforts should be made to rectify incorrect data. (Or comply with other data management requests).
- Data should only be stored as long as necessary to fulfill its designated purpose.
- Appropriate security measures need to be in place when processing data to prevent data breaches.
- Organizations must take responsibility and be accountable for the data they collect by maintaining records of consent.
It’s all about the right to choose.
Users have the right to choose what cookies are stored on their device and whether they want to allow one or all of them. This requires a clearly marked and accessible way of blocking or accepting the cookies. Without this function, or simply presenting users with a button marked “Ok” or “Allow All,” you do not meet the General Data Protection Regulations. It’s important to consider all user experiences, but how does a Cookies notice cause some people difficulty when viewing a website?
Where is your cookie notice?
A screen reader is a tool that helps people with difficulties seeing to access and interact with digital content, like websites. The main users of screen readers are people who are blind or have very limited vision. When a screen reader starts interacting with a web page, it usually focuses on the first element on the page such as the header, and from there, the user moves from the left to the right side of the screen until the focus moves to the next line of the page. This works similarly to how a document would appear in a word processing application.
Is it at the bottom?
Any Cookies Notice that is displayed at the bottom of a web page will not be announced to the screen reader user until they have read through the entire page. By this time, the user may have navigated to another section of the site. This can result in the user never being presented with the option of accepting or blocking your site’s cookies and all the implications that come with it.
Pop-up Notices
Similarly, popup windows will not receive the focus of a screen reader even when the user reaches the end of the web page. This makes it even more difficult for the user to control the use of cookies. Popup windows will of course function differently by design and some can attract the focus of the screen reader immediately upon it being presented but you should never take this as being true across every device or screen reader.
Where should it be placed?
Lets start from the top
A screen reader will usually interact with a cookie notice placed at the top of the page, before the logo, navigation, and body of the page. This is great as a user can decide on their cookie preferences before progressing further into the site.
Overlays
When a user sets their screen reader to read from top to bottom, and a site has placed its cookie notice in an overlay, a screen reader will only read the content of the overlay. This forces the user to address the notice in order to move forward on the site.
If a user doesn’t have the opportunity to accept the site’s cookies(whether is be because the notice is buried at the bottom or in a popup window), doing different actions, such as placing items into a shopping cart, would more than likely result in an error.
Cookie notices and Accessibility
Many decisions are centered on design, but it is critical to consider the importance of accessibility. Incorporate conscious design and consider the user experience for all users.