SiteSCAN: keep your cookies under control

Keep your cookies under control

What is SiteSCAN?

It’s a free tool designed to help the public sector to comply with current regulations on the use of tracking cookies by their websites. New, stricter regulations on ‘cookie consent’ came into force in 2019 and very few websites are dealing adequately with the implications.

SiteSCAN provides you with a report on the cookies dropped onto a visitor’s web browser before consent is given as a result of going to your website.

You might want to look at the background information below about the current ‘cookie consent’ regulations, and about what you can expect to find in your report, first.

Otherwise, just choose the name of your council from the dropdown list below and you can download a report about your council homepage as a PDF. We can also send you reports on other webpages or dates free of charge by email (click on the ‘Order a report’ button under ‘What will the report tell me?’ below).

Please note: all UK county, metropolitan, unitary, district, and borough councils should be on the list. If your council is not there, fill in our contact form to let us know. We’re also happy to add other public sector organisations to the list – just get in touch.

Download your FREE report

Why do I need to check our website cookies?

Rules on the use of tracking cookies by website publishers were tightened up in 2019 and will continue to be scrutinised by regulators.

You can find out more about the current regulations on our Q&A page  but the key thing to bear in mind is that data privacy and ‘cookie control’ is not just about GDPR compliance.

Earlier this year the  Privacy and Electronic Communications Regulations (PECR or ‘E-privacy Directive’) came into force saying that NO ‘non-essential cookies’ should be dropped onto web browsers without first getting explicit prior permission from the user.

This includes anything that’s not part of the ‘plumbing’ of a website – including cookies used for analytics, customisation, functionality or performance. Most website publishers – including big brands and news organisations – are not yet fully compliant with this regulation. Are you?

Websites without advertising are still at risk of non-compliance

At CAN we run an advertising network for local government organisations, including more than 50 local councils. Companies like ours have to be particularly vigilant when it comes to regulations governing the use of cookies as – in order to deliver ads tailored to individual interests – we have to collect a small amount of what’s considered ‘Personally Identifiable Information (PII)’ data from tracking cookies.

However, although current regulations are very concerned with consent around PII, when it comes to tracking cookies, the most recent guidance makes no distinction between advertising cookies and any other ‘non-essential’ cookies – like those used for analytics or social media, which most councils use.

In fact, there are cases – such as with Google’s ‘Doubleclick’ – when a cookie that could potentially be used for advertising is loaded as part of a suite of analytics tools, even though no ads are running on the website.

What will the report tell me?

Your SiteSCAN report will list all the tracking cookies served to visitors when they go onto your website, before they give their consent for them. These will be categorised so you can easily identify which ones are ‘non-essential’. It will also provide information on the vendors who originated these cookies.

If you’d like further reports – on other council website pages or at a later date (for example, once you’ve taken action to solve any compliance issues) – we can provide these free of charge too. Just click on the button below and provide your name and council email address. Your report(s) will then be emailed to you.

How do do I interpret the results?

Questions you should ask about your SiteSCAN report:

  1. Has the report found any ‘non-essential’ cookies served before consent was given by the user?
  2. Does the council web/digital team recognise these cookies and know what they are being used for?

If you find non-essential cookies listed on your SiteSCAN report, it means you have an issue with non-compliance as only those categorised as ‘essential’ are allowed under the GDPR and E-privacy Directive.

The key to compliance is having an adequate data consent management solution on your website that will withhold all non-essential cookies until consent is given by the user.

If your web/digital team says these cookies are present for legitimate reasons (collection of analytics, for example) consult your data consent management provider to find a solution. You will need to dig deeper if you can’t recognise the cookies – and perhaps seek expert advice.

If you haven’t got an adequate consent tool in place, ensure you choose one that is IAB-approved. The IAB Europe Transparency and Consent Framework (TCF) was established by the Internet Advertising Bureau (IAB) to ensure all parties in the digital advertising chain comply with regulations when accessing and/or storing tracking cookies on a user’s device.

The most well-used consent tools on the internet such as Cookiebot and Quantcast are IAB-approved. You can find out more on the IAB Europe website.

The IAB also maintains a list of trusted adtech vendors. If your digital/web team does not recognise cookies listed on the SiteSCAN report, it is worth checking them against the IAB-approved vendor list and querying with the vendor if they’re not on there.

Thanks to our ‘Gold Partner’ Synergi Tech for their work on developing SiteSCAN which has been adapted from a widely used Open Source solution.

Find out more about the IAB-standard consent tool used on the CAN advertising network here.