red line

Want to know how easy it is to perform a Cookie Privacy Audit?

Photo of cookies with coffee and a computer

2024 is a big year for privacy on the web, and many upcoming changes from popular web browsers will affect marketers’ ability to track and report on their visitors’ behaviors.

If you aren’t ready for this change, your analytics could be seriously affected. I will teach you how to check if your analytics are at risk of being lost when browsers tighten their privacy controls and tell you what you can do about it. We will do this by showing you how to perform a Cookie Audit. 
 

What is a cookie audit?

Simply put, a Cookie Audit is a document that lists the cookies used on your website and their purpose. It would identify whether the cookies are first-party (allowed) or third-party (not allowed) and provide other relevant and important information. 

Who should perform a cookie audit?

You should perform a cookie audit if you meet any of the following criteria.

  • Your business uses social media tracking pixels on your website
  • You do business in many states or countries like SaaS companies
  • You are doing business in a regulated market
  • Companies you do business with require it
  • You want to prioritize privacy and customer/user trust
  • You are striving for GDPR/CCPA Compliance 

What are common types of cookies?

  • Essential: These are usually first-party cookies necessary for your website to function properly. For example, you might want to remember if a visitor is signed in or has items in their shopping cart.
  • Analytics and customization: Solutions like Google Analytics, Hotjar, or other tools you use for analytics on your website. 
  • Social Networking: Commonly referred to as “pixel tags.” These “pixel tags” were mostly third-party (not allowed) and used for tracking from social media sites to your website and reporting on conversions.
  • Advertising: If you run PPC (Paid ads), there is usually a tracking tag you can install that will provide performance data for your campaigns. 

How to perform a Cookie Audit?

Performing a cookie audit requires you to look at all of the cookies installed on your website and make specific decisions about each one.

Step 1: Create a list of all of your cookies. Installing the Privacy Sandbox Analysis Tool as a Chrome Extension is the best way to get this list. 

Step 2: Run the Privacy Sandbox Analysis Tool against your website. Once installed, you can find it in your Developer Tools.

Step 3: Review and download the cookie report. You can download a CSV file and open it with Google Sheets or Microsoft Excel.

Step 4: Once you’ve downloaded the report, examine your use of First-Party and Third-Party Cookies. Step 4 is the most difficult and requires the most information. From the downloaded list, identify any issues you find and devise a solution for each issue.

 

In our report, we have identified the following items:

  1. First-party cookies were used for Google Analytics and HotJar. This is good, this company already upgraded to GA4 and has first-party cookies enabled for some of the tools they use.
  2. Third-party cookies were used for Bing.com, Google Ads, LinkedIn, Marketo (bizable) and Facebook. All of these issues should be fixed, if they can.

Step 5: Fix any issues that were identified in Step 4. Below, I’ve listed what we would do to bring the site back up to compliance.

  1. Bing: As of the time of this article, Bing only allows setting up “Consent Mode,” but they do not have a strictly first-party solution. You can learn more about Consent Mode by reading the linked article.
  2. Facebook: Setup, your pixel to use both first-party cookies.
  3. LinkedIn: Enable first-party cookies on a LinkedIn Insight Tag.
  4. Google Ads: Some tracking will not be possible due to browser restrictions but you should still enable “Allow first-party cookies.”
  5. Marketo: Marketo’s website states that some of the tracking information will not be available in the future. You should follow their instructions to make sure you are tracking as much as possible.

How frequently should you perform a cookie audit? 

Ideally, create a schedule for this and keep to it. Our recommendation is typically to do an audit at least once a quarter. If you are in a regulated industry or need to be extra careful with your privacy policy, consider a real-time monitoring service so that you are notifiied immediately if any of your cookies change.

Wrapup

The conversation about cookie management and privacy is not over. We are witnessing dialing back a wild-west approach to user privacy, and there will be bumps in the road. I’d love to tell you that all you had to do was perform this audit every now and then, and you were done, but in order to be compliant with GDPR/CCPA regulations, there is more work to do. A cookie audit is part of the process, but it is not the entire thing.
If you have questions on this topic, feel free to contact me and talk about it.