How to make a website compliant with Europe law

07. 10. 2022

5 min

Europe is a country that puts citizens and their privacy first.

Large corporations collect data about their users daily, without their knowledge. Because of these examples, there is quite a lot of European legislation that we must follow when creating websites and applications.

Privacy is dead, and social media holds the smoking gun.

Protection of personal data

europe GDPR

One of the most high-profile requirements was the GDPR (General Data Protection Regulation) adopted in 2016, which changed a lot of things in the field of personal data collection and processing. The order increased the transparency of personal data's use and collection, transmission and use.

The GDPR requires every developer of web applications/sites to draw up a privacy policy in which data is collected about who collects personal data (it can be a natural or legal person), what data is collected and how it is obtained. It is necessary to be aware that the amount of collected personal data must be limited to a minimum, which means that we must not collect more data “in case we need it sometime in the future”. It is also necessary to provide a contact whom the visitor/user can contact in case he wants to exercise his rights under the GDPR. At the same time, it is necessary to specify the user's rights.

The document in which we describe this is called the privacy policy.

Cookies

Cookies are very popular for storing data in user sessions, and services for website visit analytics are very popular on websites.

The European directive on electronic privacy (ePrivacy) requires the companies to offer the user, in the case of using cookies for analytics, and marketing, the option of choosing if they agree to the use of services.

In practice, this usually means. When visitors visit the page, the website must display a banner about the use of cookies and options to agree or not.

If the visitor/user refuses to use cookies, it is necessary to ensure that the cookies aren't installed.

This rule does not apply to functional cookies (e.g., cookies that store login information)

But this directive applies not only to cookies but to all technologies that enable storage on the computer and re-recognition of users, including possible storage in the browser's local storage (LocalStorage, SessionStorage).

Because of this European law, every website must have a document called a cookie policy, which must contain what a cookie is, why it is used and the categorization of each cookie on the website. What this means, is that it is necessary to list all the cookies that are on the website and describe why they are used and how long they are kept.

Privacy is not something that I'm entitled to, it's an absolute prerequisite.

business

Google Analytics yes, or no?

Many companies/organizations use Google Analytics to track user behaviour (me included).

But, can I even use it? The answer is not clear.

The European countries of Austria, France, and Italy have already banned the use of Google Analytics on websites, as Google collects a huge amount of data on user behaviour with Google Analytics and uses it for its own needs - targeted advertising.

However, there are quite a few alternatives with which we can collect analytical data about visits to our websites.

Some of them are:

Data image

All these alternatives try to be and collect as little data about visitors as possible, but still, try to get enough data for analysis.

If you ever check a website, you will find that many websites do not follow European directives.

I hope I have shown you how much is required for a website to follow European legislation.

All these rules apply in the European Union and to companies outside the European Union if they collect data about EU citizens.

The article is informative, I am not a lawyer. Consult a lawyer/lawyer for exact determinations.