dots dots dots

Do I need a cookie pop-up on my website in Australia?


Globally, a cookie consent pop-up is considered best practice on the majority of websites. Unless your website is very small and only information-based, cookie consent pop-ups or banners can offer transparency around the way your website stores customer information.

Nearly all websites have cookies which are small pieces of data stored in your web browser. They were named after ‘fortune cookies’ which traditionally hold small pieces of paper with written, albeit unlikely, predictions of the future.

In the web world, this data allows a website to remember certain bits of information so everyone can browse the internet seamlessly. Whenever someone visits a site, these ‘cookies’ of information can remember things such as what the person left in their shopping cart, their user name or an action they may have taken on the site. Cookies allow users to browse, shop and watch without needing to login every time they visit a site. This saves a lot of time and hassle, but, because cookies technically record personal data, privacy laws have generated the need for visitors to consent to website cookies before entering.

At the time of writing, we don’t recommend that Australian businesses install a cookie consent pop-up unless they are actively conducting business within Europe. The interruption to the user experience can be alleviated by a good privacy policy linked from your footer.

Are cookie consent pop-ups required by law in Australia?

While Australia’s Privacy Act as defined in the Privacy Act 1988 (Cth) doesn’t directly specify that every website needs a cookie consent option, your website privacy policy must inform all users of any processing, collecting or sharing of personal information. This includes cookies.

If you need more convincing, the EU has two important laws regarding cookie consent: the ePrivacy Directive and the General Data Protection Regulation (GDPR). The ePrivacy Directive requires the consent of users for cookies that gather personal information and track user behaviours. The GDPR is data protection legislation with strict rules on how a website requests and obtains consent. Consent must be earned via clear and affirmative consent, so opt-out pop-ups aren’t allowed on EU sites. The EU is pretty serious when it comes to enforcing these laws, so failure to offer this to European audiences may result in your Australian site being blocked. 

What happens if visitors don’t accept website cookies?

Make sure you have an ‘ignore’ or ‘decline’ option on your site. If visitors choose not to accept cookies, then their site experience may be a little more sluggish, certain elements may not load properly and they will have to manually input their details each time they log in. Some Australian website owners don’t allow visitors to access their site without accepting cookies. While this is required in the EU, it isn’t necessary for Australian based sites.

Can website cookies be bad for business?

That depends on who is offering the cookies. If the cookie is being offered by you, the site owner, then they are first-party cookies and while may be regarded as annoying, are understood to be harmless. Each time someone visits your site, their preferences or login details will be stored so they don’t have to remember a million different user names and passwords. In this sense, first-party cookies can actually offer some security. With details stored online behind a password-protected system, users aren’t keeping all of their login information written down in a separate file or worse, on a piece of paper near the computer.

It’s third-party cookies that are considered to be the ‘bad’ cookies These are tracking cookies used by advertising networks most likely found on major global shopping and news sites. These companies can use third-party cookies to find out your location, purchase or order history and search results so they can build a profile and target you with specific ads. Marketers love them, but search engines and their parent companies are removing them to improve online privacy. Safari and Firefox have already banned the use of third-party cookies, while Chrome has promised to phase out third-party cookies by the end of 2022.

If you’re still unsure, consult an experienced legal team such as Coulter Legal. They can offer sound corporate and commercial advice regarding your website and privacy policy compliance.

Need a website with cookie consent?

If you’re a small to medium business looking for a dynamic website with built-in cookie consent banners or pop-ups, visit our Pixeld web services page or download our web packages brochure.

Posted in SEO