5 Privacy Trends for 2025: What to Watch For
Heraclitus said that “The only constant in life is change,” but...
Read NowGet an overview of the simple, all-in-one data privacy platform
Manage consent for data privacy laws in 50+ countries
Streamline and automate the DSAR workflow
Efficiently manage assessment workflows using custom or pre-built templates
Streamline consent, utilize non-cookie data, and enhance customer trust
Automate and visualize data store discovery and classification
Ensure your customers’ data is in good hands
Key Features & Integrations
Discover how Osano supports CPRA compliance
Learn about the CCPA and how Osano can help
Achieve compliance with one of the world’s most comprehensive data privacy laws
Key resources on all things data privacy
Expert insights on all things privacy
Key resources to further your data privacy education
Meet some of the 5,000+ leaders using Osano to transform their privacy programs
A guide to data privacy in the U.S.
What's the latest from Osano?
Data privacy is complex but you're not alone
Join our weekly newsletter with over 35,000 subscribers
Global experts share insights and compelling personal stories about the critical importance of data privacy
Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start a privacy program
Upcoming webinars and in-person events designed for privacy professionals
The Osano story
Become an Osanian and help us build the future of privacy!
We’re eager to hear from you
What are browser cookies, and why are they important when it comes to today’s data privacy practices? How can managing them ensure you’re building trust with your potential customers? Find the answers to questions like these and more below.
A browser or internet cookie is like a tiny piece of glitter that attaches itself to you when you visit a website. It helps the website remember who you are and what you did there, such as what items you added to your shopping cart or what preferences you set.
Like real glitter, though, it can get messy and hard to get rid of, almost like it’s multiplying. And while some cookies are harmless and useful, others can track your online behavior and share it with third parties.
There are several different ways to categorize cookies, but there are three primary types that are pertinent to data privacy laws:
A session cookie is temporary — it’s “destroyed” as soon as you leave a webpage or close a browser. These types of cookies allow a website to remember a visitor as they move between pages in a website. For example, adding an item to a cart while you’re on the website. Clicking away from the cart doesn’t completely empty the cart, which wouldn’t be possible without a session cookie.
A persistent cookie, on the other hand, is a “stored” cookie. It’s stored on your computer even after you’ve closed your browser, keeping track of your preferences and other information. When you log in to a website and check the button to “Remember this computer,” you’re permitting a persistent cookie so you don’t have to type your username every single time you log in.
Necessary, or essential, cookies might sound self-explanatory, but they’re essentially cookies that are needed for the website to operate its most basic functions. They include logging in, adding items to a cart, billing, etc.
Non-essential cookies, sometimes called “effective” cookies, are those that are not needed for the website to function. These break down into further categories, such as analytics (used to collect data that measures behaviors en masse) and marketing or targeting (used to enable advertisers to show relevant ads to visitors).
A first-party cookie is exactly what it sounds like “first-party.” The cookie is created by the website you’re currently visiting, saving your preferences for that same website. The best example is saving your shopping cart so that when you come back, you remember what you were attempting to buy.
Third-party cookies are created by different websites than the one you’re currently visiting. The biggest examples here are ads — a brand wants to advertise its product, so it adds a code from an ad network to its website. That code then plops a cookie onto your browser from the brand’s website. The cookie, although on the brand’s website, is coming from a third-party.
These resources will help you get started on your cookie journey.
A great spot to start if you were today years old when you realized we're not talking about the kind with chocolate chips.
Learn moreYou'll need to know which cookies and scripts are tracking what data in order to maintain compliance under most data privacy laws.
Learn moreHow cookies are used, which cookie laws are important to follow and how organizations like yours are managing cookie compliance.
Learn moreWhen we talk about data privacy in the context of cookies, we’re typically talking about third-party cookies. First-party cookies usually aren’t an issue because they’re used by the website to improve the user experience.
Third-party cookies, especially in the context of targeting and, to an extent, analytics, is the biggest topic at hand. It all stems from consent: Is it okay to collect someone’s data and share it with others if you don’t have their okay?
Most data privacy laws, like the General Data Protection Regulation (GDPR) and the California Privacy Rights Act (CPRA), say “No.” These laws, among many others, require some form of consent, whether that’s opt in or opt out.
Opt-in consent is consent that requires users to take an action that grants businesses permission to collect and use their data. The action could be clicking a button, checking a box, or something else that is a proactive step. In other words, websites cannot collect or use someone’s data without them agreeing to it first.
Opt-out consent is when a user must clearly say “No” to data collection in order for a business to stop collecting and using data. This means that businesses can assume consent until they receive notice from a consumer otherwise. Businesses, however, are required to clearly inform consumers about data collection, which is why websites that use an opt-out model for consent have cookie notices on their sites. And opting out must be easy to do for consumers.
Without some form of consent management, there would be no way to track a users’ opt-in or opt-out response or even if or when they change their response. Consent management is the practice of requesting, recording, and acting upon a user’s preferences when it comes to collecting their data.
Whether and what types of cookies users consent to must be recorded, and your company must act upon their response. You also need to do it in a way that ensures you’re compliant with that person’s local regulations and stores it for verifiable proof of consent. Plus, with Global Privacy Controls, consent management must also take into consideration browser-based consent so that you’re not tracking someone’s data when they’ve already opted out of data collection via their browser.
These blogs dive a little deeper into data privacy and cookie compliance.
You may be familiar with the terms, but are you aware of their function within the context of data privacy and compliance?
Learn moreFind an approach to collecting and working with data that respects consumers' right to privacy.
Learn moreCookie compliance is often the first target for data privacy regulators. Here's an overview on what you need to do to become compliant.
Learn moreCookie Banners are pop-ups that show the first time you visit a website, letting you know about the website’s use of cookies, asking for your consent, or both. These banners are a core concept in consent management, and they typically take the form of a notice that can either go away on its own or goes away once you take an action, such as either accepting or rejecting cookies.
Cookie banners will have different language and terms depending on the applicable law (which is based on the jurisdiction of the user, typically depending on their geolocation). Some may ask a user to select which cookies they consent to, and some may include a link to a cookie notice.
Before diving into cookie notices, it’s important to take a moment to address consent optimization. Consent optimization is a tricky subject — it would be easy to attempt to design your cookie banners in such a way that a user wants to click yes. This would include making your “accept” button stand out more than your “reject” button, pre-ticking boxes, and requiring multiple steps so it’s harder for users to deny consent.
But all these approaches are known as “Dark Patterns,” which are design choices that are meant to manipulate users to provide consent, which is often unlawful and could cost you the trust of your users. If you must optimize anything, focus on making your language clear, transparent, and in plain language.
Cookie notices inform users about the usage and storage of cookies on their browsers and computers. Notices will usually explain that the company or website uses cookies to improve its site experience, implement personalization, remember user preferences, and more.
Cookie notices might also include options for visitors to accept or deny all cookies, reject non-essential cookies, or customize their preferences based on a list of cookie categories provided. It may also link out to the company’s cookie policy or privacy policy, which will further break down the cookie types, functions, and data retention policy.
Ensure your cookie banner aligns with regulatory requirements.
Learn moreAsking for consent doesn't mean you have to lose out on valuable marketing data.
Learn moreThe what and why of cookie notices and how you can use yours to increase user experience and trust.
Learn moreWhen it comes to managing the cookies that are currently being tracked on your website or introducing new ones, it’s important to implement a cookie governance process so you always know what is being tracked and who is doing the tracking. Here are our recommended steps:
Discover actionable tips straight from our team of legal and privacy experts through our blogs, webinars, eBooks, guides, and more.
Learn why organizations that invest in data privacy gain a return of up to $2.70 for every dollar spent.
Download NowLattice uses Osano to eliminate operational complexity, align marketing and compliance teams, and fulfill its promise of being a privacy-first organization.
Read NowDownload our checklist to learn what your first steps should be, regardless of which law applies to your organization.
Download NowWith Osano, building, managing, and scaling your privacy program becomes simple. Schedule a demo or try a free 30-day trial today.
Need Help Getting There?
Book a Demo With Our TeamEvaluate vendors. When your business wants to add a new cookie, you need to evaluate the vendor the cookie is associated with. Is this a reputable vendor you want to have on your website? A product like Vendor Privacy Risk Management can help give you insights into potential vendors. During this time, you can also create a Privacy Impact Assessment (PIA).
Once you’re ready for the new cookie, or while you’re evaluating your existing cookies during ongoing maintenance, you need to confirm the cookie type, business purpose, retention policy (how long will this cookie retain data?), and what data is or will be processed. During this time, you can add the cookie or script to a staging environment.
After confirming functionality, add the cookie or script to your production environment and add any classification work to your consent management platform.
Once your users are being tracked by the new cookie or script, it’s important to update your cookie notices and disclosures and your privacy policies.
Monitor and address any data concerns stemming from the data collected with annual vendor relationship evaluations and real-time monitoring of security concerns.
These five repeatable steps will help you keep track of the cookies that are currently on your site, ensuring your organization is compliant while building trust with your customers and prospects over time.
But cookie governance is just one part of the privacy program journey. To build a program dedicated to operational excellence without losing track of your progress with cookie governance, download the Osano Privacy Program Maturity Model.
Go beyond Cookies 101 with Consent Management built for your company.