Ranny Waston

User Data Privacy Minefield: How GDPR cookie consent impacts your web privacy?

Cookie Law, passed in 2009, got a new administration after GDPR. The Court of Justice of the European Union in the Planet 49 case eliminated active consent (GDPR standard). Successive to the judgment, Data Protection authorities of Spain, Germany, and others prosecute actions against websites that do not have a GDPR cookie consent.

Under GDPR and ePrivacy, you must grant their consent before you install cookies on the computer. However, the cookie law applies not only to cookies but to any other type of technology that administers information on a user’s device, i.e., device fingerprinting, unique identifiers, and more. In layman’s language, cookies are akin to trackers. Moreover, the Cookie Law covers your website or browser environment and technology apps on smartphones, TVs, and other devices.

What should cookie consent include?

The procedure of collecting cookie consent includes explicit and coherent informing the user of the cookies you run on your sites. Furthermore, the consent includes the user’s entitlement to grant or refuse consent and how they exercise that right.

The cookie consent should be informed, explicit, and offered via a clear opt inactivity. Your GDPR cookie consent must:

exhibit a visible cookie banner at the user’s first visit.

provide a link in the banner for a more detailed cookie policy.

block all non-exempt cookies and scripts from being extended until after consent is received.

Collect consent via a crystal clear opt-in action.

Regarding the refusal of consent, the law states that users should be offered the possibility to refuse their consent. Furthermore, concerning withdrawing or refusing consent, you must provide:

Information on how users can retrieve consent and the action required to do so

a means by which the user accept or decline cookies

This mechanism may not have to be entertained directly by you. However, in some cases under member state law, you should examine browser settings to be an acceptable meaning of withdrawing consent.

How often is the consent collection and banner re-shown?

After showing the cookie banner at the user’s first visit, you don’t have to repeat showing the banner at every visit of the user. However, you should review the banner at substantial intervals.

It would be best to consider several reasons and circumstances that can trigger the need to ask visitors to “re-consent” and consequently resurface the banner.

For instance, when you are operating a new non-exempt third-party cookie. In such circumstances, you require fresh consent previously collected from the user and apply only to the third parties that you declare at the time of collection.

To aid with the requirement, the cookie consent will allow you to refresh the collection at each cookie policy update easily.

The Cookie Law does not exclusively require the records of consent retained in most cases. However, cookies do personal process data. Therefore, you should meet the record-keeping requirements stemming from the GDPR. The Data Protection Authorities throughout the EU have synced their cookie and tracker controls to GDPR requirements.

This post is tagged in:
  • Love
    • Save
    More posts from Ranny Waston
    Add a blog to Bloglovin’
    Enter the full blog address (e.g. https://www.fashionsquad.com)
    Contact support
    We're working on your request. This will take just a minute...