The SHiNE Team: Answering Your Toughest Questions
Communicating with members online is more important today than ever. We're all focused on the big stuff: the CEO's blog updates, the latest energy savings tips, and making sure the bill-pay button works flawlessly.
But running a co-op website—a trusted space where you collect critical Personally Identifiable Information (PII) for things like Youth Tour applications or bill payment—comes with complex, non-content related tasks and legal responsibilities.
Today's update is to provide you with best-practice recommendations. Let's get right to two of our most-asked questions: What cookies are on my current website? What are some privacy policy templates or tips?
This Month's Topic: Cookie Usage for Electric Cooperatives
Cookie Policy History: The European Standard
The need for cookie compliance originated in Europe. To view the original directive, please visit: https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32002L0058. Which was later backed up by GDPR consent requirements (https://gdpr.eu/gdpr-consent-requirements/).
How does this impact your cooperative?
Cooperatives are not for profit, handle service sign-up and bill-pay for local members and do not sell data globally, so the situation is different.
In the U.S., there is no single federal "Cookie Law" like Europe's. Instead, compliance is driven by state-level consumer privacy laws, which focus less on the opt-in for cookies and more on transparency and the right to opt-out of data sale or sharing. It’s best to contact your legal team for more information on this topic.
Next Steps: Do I need a cookie pop-up or Privacy Policy?
Is a pop-up required? No, not by default. But a clear, conspicuous Privacy Policy is essential.
The requirement for a cookie pop-up depends on what your website does with member data beyond providing service.
- Essential/Necessary Cookies (e.g., to keep a user logged in or to ensure security) are generally exempt from consent laws.
- Analytics, Marketing, or Third-Party Cookies (e.g., Google Analytics, social media widgets, embedded videos) collect PII and bring you under the purview of privacy laws.
If you use any tracking beyond essential functionality, you need a rock-solid privacy policy at a minimum.
1. Inform Users with a Strong Policy
- Requirement: A clear privacy policy link must be present and obvious (typically in the footer) on your website.
- Content: The policy must clearly state what PII is collected (including through cookies), how it’s used, and whether it’s shared.
- Legal: You should work with legal counsel to ensure your policy meets all applicable state-level requirements (*VERY IMPORTANT*).
2. Know Your SHiNE Cookies
A clear privacy policy that discloses the use of cookies is still the best practice for legal compliance and consumer trust.
SHiNE Website Cookies:
For maximum transparency, below you will find the most common cookies present on SHiNE-powered websites. Review this list to ensure your policy accurately reflects your usage.
Cookies can vary site to site. To scan your website, there are many free tools like Cookie Script, which will give you a comprehensive report in just a few seconds.
Tip: If you don't have embedded social feeds or YouTube videos, you can remove those references from your policy.
Essential Cookies:
- CSRF Token -- Helps prevent Cross-Site Request Forgery (CSRF) attacks using JavaScript. It is a first party cookie with unique value. It expires in 1 year or until a user submits a form.
- reCAPTCHA -- Used to track and analyze user behavior to distinguish humans from bots or automated software.
- Cloudflare -- Cloudflare places the cookie on end-user devices that access customer sites protected by Bot Management or Bot Fight Mode.
Analytics Cookies:
- Google Analytics -- uses cookies to collect and track user activity throughout the website, things like time-on-page, clicks to download, and other event metrics are captured.
- Powr.io -- the social feed on your homepage also collects Google Analytics types of data.
Performance Cookies:
- YouTube -- to detect new features and to track the users’ sessions for YouTube content and to store the user's cookie consent state for the current domain.
Unclassified Cookies:
- CleanTalk -- used for anti-spam services and to determine if a site visitor is a real person or a bot.
Final Thoughts & The SHiNE Solution
Your electric co-op's best defense is pure transparency and a focus on data minimization, rather than worrying about EU-style cookie policies.
Develop a solid, easy-to-find Privacy Policy that clearly addresses your cookie usage.
For those who want to offer members more control, we provide an optional cookie opt-out privacy policy pop-up on all SHiNE websites that provides a transparent notification of cookie usage.
Remember, to work with your legal counsel on what your privacy policy should say based on your state and local laws. This is the most important step, because there is no one size fits all template solution.
If you have a SHiNE website and would like this great feature, please send our support team a request at support@shine.coop.
Read more articles
- Log in to post comments
