Cookie consent must be a GDPR valid consent, Norwegian DPA declares

Cookie consent must be a GDPR valid consent, Norwegian DPA declares

Since the GDPR came into effect in May 2018, there has been uncertainty among website owners about how the requirements for GDPR consent should be interpreted.

In practice, this results in many websites trying hard to comply with the GDPR when using cookies, but in reality, they miss the goal by miles.

Why? Because many only have cookie pop-up banners that inform users of cookies with no possibility to decline cookies; with no collection of actual consents; and with no respect of prior consent (holding back cookies until consent is given).

This means that the vast majority of website owners must review how their site relates to GDPR and whether there is a need to upgrade their consent-gathering solution, the Norwegian DPA announces.

Link: Is my website GPDR compliant? Get a professional assessment [free]

For you as a website owner or data protection officer of a company website, your cookie consent solution must:

  • Document which cookies your site is using before any data collection and processing takes place.
  • Collect a freely given consent (with a clear option to “say no” to cookies).
  • Hold back cookies until consent is given (prior consent).
  • Provide your users with choices regarding the types of cookies the users consent to when using your site (e.g. functional, statistical, marketing).
  • Store users’ consent to cookies for up to 5 years (also if they decline).
  • Offer the possibility to change or withdraw consent (as easy as it was to give).

No consent to cookies through browser settings

In mid-March 2019, a statement was issued by the European Data Protection Board (EDPB), which states that consent for cookies must be a GDPR valid consent. That is, consent is no longer given through the browser settings.

Link: Opinion – interplay between ePrivacy Directive and GDPR

The recent statement by the EDPB confirms that the GDPR has raised the standard in the EEA countries for consent from the ePrivacy Directive.

Although the requirement for consent using cookies is stated in the ePrivacy Directive, the requirements for collecting a valid consent is written in the GDPR. And it is fairly clear on the aspect of a freely given consent, i.e. the user must be given a choice to reject cookies on a website.

Link: What is the GDPR – and how does it affect your website’s cookies?

Choosing the right cookie consent solution

There are many free cookie consent solutions on the market, many of which do nothing more than provide your website with a pop-up declaring that the website uses cookies.

Link: Most EU cookie ‘consent’ notices are meaningless or manipulative, study finds

This is not valid in respect to the GDPR!

To secure your visitors’ personal data from being processed by third-party vendors (oftentimes large AdTech companies) for marketing purposes, choose a solution which is ePrivacy and GDPR valid.

At Cookie Information we take privacy seriously. We make sure your website is completely ePrivacy and GDPR compliant with tailored solutions that fit your company’s needs.

See this video about our Cookie Consent Solution:

Become GDPR cookie compliant

Become GDPR cookie compliant today. Book a meeting with our compliance experts.

BOOK MEETING

Sources:

Link: Norwegian Data Protection Authority’s on cookies

Link: The General Data Protection Regulation (en)

About Cookie Information

Cookie Information is a Privacy Tech Company specialized in developing software that helps you and your company ensure that your websites and mobile apps are GDPR & ePrivacy compliant. Cookie Information provides solutions globally, and we help more than 1.000 companies and handle more than 6 billion consents each year.
Visit Cookie Information