Jon Ballard: There are fines and penalties for all of these. In Utah, the fine for opting out of cookies is $7,500 per violation. Evan Facinger: Hey everybody, welcome to the Foremost Media Marketing Chat podcast. I'm Evan Facinger, and with me as usual is Jon Ballard. Jon, how's it going today? Jon Ballard: Hey, good Evan, how are you? Evan Facinger: I'm doing well, thank you. I'm excited, as always, to talk about today's topic. It's one that I feel like goes around quite a bit depending on, of course, the state that you live in and a lot of other factors that we'll get into, but it's specifically around privacy consent laws, right? And that's something you're pretty familiar with, right? Jon Ballard: I'm learning more every day. It's so hard to understand this stuff. You think you almost need to be an attorney, which we are not, to be clear. So, if you have questions about how this affects your business specifically, we're going to talk pretty generally today, you should definitely contact an attorney in your state. Evan Facinger: Yes, that is an official disclaimer to consult with a professional attorney with any specific questions. This is not legal advice. But you did mention how all of the complexities around this, and I think that's a good thing to note, is that also these are changing. Right? We're recording this June 2024, right after the Google leak for their algorithm, which of course will be an upcoming topic too, just to provide a little bit of context because these laws are changing quite a bit. Jon Ballard: Yeah, it's kind of funny that a website development company or search engine marketing company would be talking about privacy, but um, it definitely affects the websites and our customers' websites. So I think that's important to note. This is a law that affects everybody, even if you're not a huge company or even if you're not doing business in Europe, things are changing quickly. Evan Facinger: For sure, and I think let's start with discussing what a cookie is. Did you want to take that, Jon? Jon Ballard: Well, before we get to that, maybe we should talk a little bit about the states that are jumping on board because everybody's kind of heard of GDPR, which is the European Privacy Act, right? And that one's probably the most restrictive to date, right? That one covers cookies, it covers privacy, the right to request your data. So any company that's doing business in the UK or Europe, um, EU definitely needs to comply with that. But what's kind of new that a lot of people haven't heard of is California now has a protection act, Virginia has one, Colorado has one, Connecticut has one. So states around the country are starting to implement these which now are affecting businesses doing business in the US. So here in Wisconsin, if I do business with California consumers, I am falling under the Consumer Privacy Act for California. So I think it's important to talk about what these laws kind of cover. We're not going to go into details on each one, but kind of the gist of it and when you say cookie consent, that's probably the biggest one that's affecting websites. So yeah, tell me what your definition of cookie consent is, Evan. Evan Facinger: Well, I think first it's good to talk about what a cookie is right because that's what comes up quite a bit. That's what we focus on, like you said, we're a web development company, we're working with a lot of US, some European-based companies as well, and a lot of these different types of privacy laws are geared towards cookies just because of what a cookie is and when you start to take a look at it, it's just a file, right? I mean, it's a text-based file stored on your device, and what that allows is to track the information right about your activity. So cookies are important, right? There are a lot. Some people maybe turn them off, but then you're not using the website's functionality and personalization and a lot of good things that come from cookies. So while we're talking about the potential privacy impact of them, I don't think it's fair to say all cookies are bad and avoid all cookies because they do serve a lot of good with the website and its functionality for it. But they also do represent those different privacy concerns. So having them on your site is a lot of times essential but when you start talking about privacy and the different states, they do have different implications. You mentioned GDPR, that was the one that really got all of this started, right? So part of that is consenting to the cookies that are on the site. In response to a lot of those different privacy laws that did come out of the GDPR in the EU, also some of the state ones that you mentioned as well, it's informing website visitors about the cookies that are on the sites, how they're used, how they're obtained, how they're managed, right? All of those things are put in that cookie consent so that the user can say yes to allow them, reject them, say no, this website cannot use cookies for me, and then also even to include some cookies, not all do you not include the marketing cookies, but you do include some of the more critical, I guess we'll say, cookies that are on the site. That's what we talk about when we begin to discuss the cookie consent management. It's what is stored, what cookies are being used, documenting that, and then allowing the user to opt in or decline all of those cookies. Jon Ballard: Yeah, and it's fair to say that most modern websites and CMS systems use cookies. It controls how you log in and everything like you said. So if you don't think you have cookies on your website, you probably do already. So let's talk a little bit about the kind of nature of these laws, especially California, Virginia, some of those. A lot of them were kind of written with the intent of dealing with bigger companies that buy and sell information, user information, right, which a lot of our customers don't fall into, like your manufacturing company or something, that's not what you do. But a lot of there's text in there that talks specifically to like cookie consent like we're saying. So why is cookie consent important? There are fines and penalties that all of these have. For example, in Utah, the fine for failure to allow people to opt out of cookies is $7,500 per violation. So if you have a bunch of visitors to your website, that could be a pretty steep fine, same with California and a lot of those are all similar in size of that. So if you're not doing this, it's definitely something you should consider. Evan Facinger: Yeah, I agree, and I think part of the issue that I see a lot of times, and you touched on it a little bit around the US right specifically, is that there are a lot of ways companies are trying to find reasons why they don't need to have the cookie consent software right or that option for it versus just leaning into it. And I just don't agree with that approach because is it required for every single company? No, it's not. You mentioned that right, if you look at the laws, a lot of them at least that are in place right now, specifically the California one, it's not even an opt-in right. You don't have to consent to say yes for cookies, you just have to allow them the ability to opt out of cookies, right? And that's where the fines and everything else come in. Plus, it's how much information do you get from data, from selling the data, I should say, from your visitors? What size are you, a $25,000,000+ company? How much are you doing? Like, there's just all these different loopholes, we'll call them for reasons why somebody may say, "Oh, that doesn't apply to me. I don't need to have that." And while technically that may be correct, and again, consult the lawyer, see how the laws have changed, go back to that disclaimer, it's just not future-proofing your website, it's also just not taking consideration into the actual privacy that you want to give your visitors and also the expectations that website visitors have right now. It is more normal to have those cookie consent systems in place. Users expect them, there's not really that negative user experience that I think used to be some of the pushback on it. It's almost a positive now, right, because you're showing you care about the users. So I just think it goes beyond trying to avoid a lawsuit for now, right? But it's future-proofing because, obviously, the case where it's going, you mentioned the different states that already have one, there are new ones coming, and there are also discussions around a federal law that would require all states to have that. So it's where the future is. Jon Ballard: Yeah, the one thing that I think was interesting is when GDPR came out, all the companies that were dealing with Europeans or had business in Europe were scrambling, and a lot of that cookie consent stuff isn't even compliant. It just says, "This website uses cookies. Do you agree?" And if you say yes, you go on. If you say no, it says, "Well, then don't use the website," right? Um, so that's kind of the early version of those cookie consents. Nowadays, there's a lot better technology out there where two things: It actually lets you use the website if you say no, and it blocks the cookies. But secondly, it gives you audit support. So that if you do get audited by GDPR or Utah or any of these states that are doing this, you've got a record of the IPs that actually opted out of this. So you're protecting yourself from that as well, which is something that you definitely should consider if you're going to deal with this issue. Evan Facinger: Yeah, and it's very site-specific, I think, is the other thing to point out too, because like you said earlier, if you're using a modern content management system, yeah, you've got some cookies in there already. Also, what are the other things that your site is doing? If you're doing e-commerce and you're selling products, you're probably collecting a lot of personal data from the browsing history, payment information, even service providers like if you're offering business services, consulting, marketing like us for example, a lot of times they're tracking user behavior to see how that's going on your websites. What else do you have on there that's other third-party cookies? Which yes, Google has put a date that they're going to get rid of the third-party cookies, but there's just a lot of information I don't think everyone is fully taking into consideration sometimes when they look at the different functionality of their site, the different tools that they're using, and out they're tracking the different users. Jon Ballard: Yeah, conversion tracking for campaigns and stuff like that is stuff we do every day which involves cookies. So it's definitely something that is affecting, I would say, most websites out there unless it's a pretty static basic information website. So the other thing that I thought was interesting that I think a lot of people overlook is how up-to-date is your privacy policy, cookie policy on the website? Does it reflect modern times? Is it accurate? Does it disclose what you're actually doing on the site? And that's important too, not just the opt-out statement but kind of the policies behind how you're using these statements. Evan Facinger: Yeah, exactly. That's all a part of these privacy laws. I know we're focusing a lot on the cookie consent, but there is certainly more to it than just that. So let's say you want to make sure that your site is not only compliant now but you're wanting to future-proof your site, what are the steps that you should take? Jon Ballard: Well, I think the easy thing is there are solutions out there like that we provide that can easily kind of make your site compliant for all these different states and GDPR as well. And it's not expensive technology. And I guess if you hear one thing from this podcast, is you should pay attention to this. I don't want to get a call from any of our customers saying, "Hey, you never told me about this. Now I'm in trouble or I've got problems." It's not something that I think you should just let slide until you get legal problems or have a problem with it. It's something that you should deal with now, like you said, future-proofing the site. Evan Facinger: Exactly right. So what are your data practices? Start there. What cookies do you have on your website? Why are they on there? Sometimes you don't need them all on there too. Are you still using the software? Are you actually paying attention to it? There are performance questions and things like that. So we always take a look at "What is the data?" and then going with a consent management tool, of course, those are things that we help out with for our customers. We can get it set up, installed, like you said, then updating your privacy policy, making sure that it is up-to-date, it explains the cookie policy, and then just monitoring it, right? Are you adding new software, removing software? Just make sure that it's up-to-date and also evolves with the privacy laws, which is another thing that you mentioned that I think is important to discuss. Is that when you're using a cookie consent management tool, their business is in keeping everything up-to-date with the privacy laws and the changes there. So that is something that makes your life easier, just knowing that you have the system in place, and that's something we do quite a bit. Jon Ballard: Yeah, I would also say maybe even look at the data that you're collecting. Is it really necessary? Is it relevant? What are we doing with this data? Maybe we can get rid of some of it as well. Evan Facinger: Well, I think that covers it pretty well. My stance, just to push on it a little bit here because I think it's important, is the laws are changing, but I think it's wrong to just look at what the laws are now and what they might be in the next couple of months. I know that there's some that are starting in July for Oregon, for example, but that doesn't matter. I don't think you need to wait until something happens, like you mentioned. It's what users expect. It's the right thing to do. This is what websites are going to do. So why fight it? Why look for the loopholes? Embrace it, get it set up now, and have one less thing to worry about. Jon Ballard: And I would say too, if you think you're compliant when you had an old cookie consent form on your website when GDPR first hit, the technology has changed vastly, and it's not what it used to be. Most of those older ones are still not really where they should be. So definitely have us take a look. We'd be happy to do a free audit. Most of these laws require you to keep records, which a lot of the old cookie consent forms don't. They just say yes or no. So get with the times and have us take a look, get it, do an audit, and make sure that you're still compliant and that you're going to be future-proofing your website like you said. Just a little pre-planning can go a long way to keeping you out of trouble and keeping you in good graces and looking good on the internet. Evan Facinger: Definitely. And if you want to stay proactive with your website or your digital marketing, make sure to like and subscribe to this podcast. We are releasing them regularly now, and it would mean quite a bit for us if you did like and subscribe or send some feedback. We always love to read it. If you want to cover a certain topic or want to discuss a certain topic, just reach out to us, and we'd love to have you. Jon Ballard: Yeah, I'm really excited in our next podcast. I think we need to dive into this Google leak. It's got a lot of big ramifications for search engine optimization and SEO. It’ll be interesting to learn a little bit more about that. We're still diving through it. There's a lot to unpack there, but definitely interesting. So stay tuned, and we'll do that one soon. Zach Baierl: Thanks for listening to the Foremost Media Marketing Chat podcast. If you want to stay on top of your marketing game, make sure to like and subscribe so you never miss an episode. For more episodes, show transcripts, and marketing insights, go to foremostmedia.com