How to collect valid cookie consents – here’s a quick overview!
Collect GDPR compliant cookie consent [checklist]
- Block cookies before you get consent
- Offer an easy way for your user to decline cookies
- Inform your users of cookies
- Respect their privacy choices
- Provide an easy way to change or withdraw consent
- Store their consents for 5 years
Get a free compliance check at Cookie information
Why do you need to collect valid consent for cookies?
And according to the GDPR, you must collect your users’ consent to cookies in order to be GDPR compliant.
Here are 6 key learnings you can use to begin collecting valid consent to cookies and to meet the requirements for GDPR compliance.
1. Block cookies until your user has given consent
This part is essential for complying with the ePrivacy Directive (the “cookie law”) and the GDPR.
Choose a Consent Management Platform (CMP) for your website, which controls the execution of scripts that set cookies.
2. Provide your visitor with the option to decline cookies (and tracking)
Important: If you choose a Consent Pop-up design that displays privacy controls that allows your visitors to opt-in and opt-out on a purpose level, the settings must not be pre-selected to accept cookies (see EU case against Planet49).
3. Inform your users of cookies and tracking
- Who owns the cookies (e.g., Google, Facebook, Amazon, etc.)?
- What is the purpose of data collection (e.g., marketing, statistics, etc.)?
- When does the cookie expire (how long is it stored in the visitor’s browser)?
4. Respect and remember your users' privacy choices
Choose a consent solution that supports easy implementation of privacy settings and gives you full control over cookies.
5. Provide an easy way to withdraw or change the consent
Look for a consent solution, which provides you and your user with an easy opt-out of cookies.
6. Log and store all your users' consent
Your consent solution should, by default, collect and store all your users’ consent, even for those who decline cookies.