Cookie Consent GDPR
How do you comply with the GDPR if you want to (continue to) use (marketing) cookies?
Privacy and cookies and the GDPR
In order to better protect the privacy of website visitors, obtaining permission changes. The way your website visitor is informed changes with the arrival of the GDPR.
The changes that have the greatest influence, for website owners and marketeers, is in “being able to provide a correct opt-in and opt-out mechanism and to record the consent of the website visitor”.
Cookie Consent GDPR | Consent manager
|GDPR regulations||CookieFirst||Cookie Wall||Cookie pop-up|
|Full insight into tracking technologies on your website.|
|Details cookie info in accessible form.|
|Explicit permission to place different types of cookies (opt-in).|
|Registration of the given, modified or deleted consent.|
|Cookies may only be placed after choice (except for necessary cookies) types of cookies by the user.|
|Provide insight into information that your website shares with third parties and where that data is shared in the world.|
|GDPR Solution||CookieFirst||Cookie Wall||Cookie pop-up|
|Scan all known tracking technologies.|
|Consent registration and Log.|
|Automatic up-to-date cookie statement. Can be integrated with privacy statement.|
|Monthly reporting of cookies, cookie changes and consents log.|
Why is this different from “cookie walls” or “cookie pop-ups”?
The differences compared to cookie walls and cookie pop-ups do not seem to be big at first sight. If you hold them against the GDPR, you will see that the difference lies in the way you inform and obtain permission. Clicking on an “opt-in” box or “OK” button, or choosing “settings” in a menu is no longer sufficient.
A website should remain accessible and should not place cookies until the user has indicated his preferences and consent.
This is how, in combination with the above type of cookie walls and pop-ups, it has indeed been set up by many websites. In the light of the GDPR, you will have to be more transparent in providing information, simplicity and registering consent and withdrawing it.
“You will have to inform in advance in a concise, transparent, understandable, easily accessible way and tell in a simple form about the cookies and their details that you use on your website. In addition, consent must be as easily modified or removed as you have given it (opt-in/opt-out).” It is no longer sufficient to indicate in your privacy statement or cookie statement what types of trackers you use and how a user deletes cookies in the browser. This has everything to do with the previously mentioned opt-out requirements of the GDPR. If you need to be able to remove or modify your permission as easily as you have given it, then the same cookie banner will need to provide this. A cookie wall does not provide for this, according to the opinion of the Authority for Personal Data.
Cookie Consent GDPR | Registration of consent
The obtained permission/change/deletion must be registered according to the GDPR. In a log you anonymously register the given permission or changes. The log file allows you to find out how you got the permission. This is also a requirement of the GDPR. More about opt-out in the permission section below.
The upcoming e-Privacy regulations will deal with this later, won’t they?
Yes and no. The ePrivacy regulations are not yet in place. The idea was to have it enter into force together with the GDPR on 25 May 2018. There is a proposal, but it has yet to be approved by all countries in the EU. It seems that the ePrivacy regulation is not yet in place. The ePrivacy regulations also refer to article 7 (“Conditions for consent”) of the GDPR. It is therefore an addition to the GDPR legislation.
In the upcoming ePrivacy legislation there are proposals to regulate privacy by means of browser settings. But that will be difficult to achieve since there is no incentive for browser manufacturers and the current browser technology cannot provide this.
Under the GDPR, therefore, consent will have to be given explicitly by means of a clear active act. (Article 7.1 of the GDPR). This must show that the data subject freely, specifically, informally and unambiguously consents to the processing of his (personal) data.
This means that an “opt-out” option (e.g. an already filled in check box) will not be a valid way to obtain consent. An “opt-in” is therefore necessary, also for cookies. As long as the visitor to the website has not explicitly given permission by means of an active action, cookies may not be placed. If different cookies or cookies are used for different purposes, separate permission must be given for each cookie/intended use.
Opt-in and opt-out
In simple language this means that pre-filled “check-boxes” do not suffice. The website user will have to tick the checkboxes: opt-in.
In addition, it must also be possible to amend or withdraw the consent at any time (opt-out).
Referring to the browser settings, as mentioned above, is not enough. Withdrawing permission must be as easy as giving it. This means that an “opt-out” button must be added to the pages of your website. (Or simple language a “delete/adjust my cookies” button.)
Website must remain accessible – Cookie consent GDPR
Marketing opportunities – better quality of opt-ins
With the new rules, online marketers have a big challenge when it comes to the use of marketing cookies. There will have to be a mechanism that meets all the requirements of the GDPR as described in this blog. However, it also creates opportunities. Cookies may also be used under the GDPR as long as you comply with the game rules.
Cookies change monthly
33% of all cookies and tracking technologies change every month. This gives you as a website owner a lot of work to inform your website visitors about the cookies on your website. And you have to check this every month and adjust it if necessary, also on the page with a privacy statement. Since the Cookie Consent GDPR requires you to be transparent in providing information, you want to be able to rely on an automated solution that scans your cookies on a monthly basis. On our CookieFirst website, the number of cookies in use is not that high, see our cookie declaration.
But we also see websites with 50, 100 and sometimes more than 250 cookies. Mapping and tracking all types of cookies, trackers, beacons, etc. and the associated cookie statement is very time-consuming. It is also something you can overcome with a good technical solution. In addition, you can also automatically create a cookie statement.
Cookie consent GDPR – Conclusion
Do you want to know how your website complies with the GDPR and how you can improve the quality of your opt-ins? Then try CookieFirst for free.