There are two kinds of cookies: session cookies and persistent cookies. Session cookies are temporary and merely necessary for website functionality. Once the browser is closed, there is no more activity or data tracked. Persistent cookies actually track the user’s activities even after the user has left the site or closed the browser. Those sites that use persistent cookies require a cookie consent notice under the GDPR.
Employers can reduce risk by limiting employee access to sites that are necessary to accomplish a business purpose, and have been verified to be legitimate. Employers may require that employees who are prompted with a cookie consent do not simply accept and move forward. The company may request the employee review the privacy link to determine what is being tracked, stored and used and compare that against information the company will not allow an employee to consent to without company authorization.
For those sites that provide a mechanism to manage cookies, employees should be directed on how to use those features. Alternatively, the company can use a spam filter or cookie blocking software to block cookies. The downside can be that this could interfere with cookies that are necessary for the efficient use of the site.
The bottom line is that employers should not ignore this recent uptick in cookie notices and should review and revise security policies and protocols accordingly. Failure to do so runs the risk that the dark side may end up with your cookies.