Is a free cookie banner compliant?

Free cookie consent banners share one common feature. They are not very compliant.
Table of Contents

The free cookie banner issue

When the GDPR effectively entered into force in May 2018, many companies were in a hurry to get a free cookie banner on their website in order to comply with the new data protection regulations.

Many ended up choosing to implement a cookie banner on their website based on the belief that visitors are only to be informed of the website’s use of cookies and the processing of personal information.

But according to the GDPR, that’s far from enough.

Why isn’t my free cookie banner compliant with the GDPR?

There are a ton of free cookie banners available on the internet. For example, if you have a WordPress site, there are many free GDPR plugins available to install making you “compliant” in an instant. 

Also, privacy-tech companies provide free basic solutions if you only have one domain and a short list of subpages.

But common to all are, they are not very compliant. Why? Because they do not collect visitors’ consent, store consent logs (for inspection), provide opt-out options, or retain cookies before consent. And consent before processing (of data) is a cornerstone in the GDPR.

So, in essence, what free cookie banners give you is false security.


Why is it necessary to collect consents?

Take a look at which cookies your website uses. Most likely you’ll find cookies from Google Analytics, YouTube, Facebook, or Hotjar. Or perhaps from Doubleclick, Addthis, Googleadservice or many other third-party services implemented on your website in one way or another.

These cookies collect and process your visitors’ personal information (IP-addresses, Geolocation, online identifiers etc.), which is used for directing more personalized ads to them.

If a cookie collects and processes personal information about the internet user, then the user must give his or her explicit consent before your website can store the cookie in the user’s browser.

The GDPR clearly states:

Consent should be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the data subject’s agreement to the processing of personal data relating to him or her


Silence, pre-ticked boxes, or inactivity should not, therefore, constitute consent.

Link: Genereal Data Protection Regulation 2016/679

Consent should be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the data subject’s agreement to the processing of personal data relating to him or her, such as by a written statement, including by electronic means, or an oral statement. This could include ticking a box when visiting an internet website, choosing technical settings for information society services or another statement or conduct which clearly indicates in this context the data subject’s acceptance of the proposed processing of his or her personal data. Silence, pre-ticked boxes or inactivity should not therefore constitute consent. Consent should cover all processing activities carried out for the same purpose or purposes. When the processing has multiple purposes, consent should be given for all of them. If the data subject’s consent is to be given following a request by electronic means, the request must be clear, concise and not unnecessarily disruptive to the use of the service for which it is provided.

As seen, consent is imperative to comply with the GDPR. It has to be informed and freely given. 

This also specifies that cookie walls and data for access are not valid under the GDPR. Users have to be given a choice to reject cookies.

Free cookie banners do not offer that option. 

Then what? How does your website become compliant?

Requirements for a professional cookie banner and consent solution

Inform your visitors of cookies.

A proper cookie consent pop-up banner informs the website’s users of cookies. In the cookie banner itself should be a link to the website’s cookie policy, where the purpose of your cookies is properly described.

Consent must be freely given! Silence, pre-ticked boxes and inactivity is not considered consent under the GDPR. Give your users the option of rejecting cookies that collect and process their personal information.

As consent must be obtained before cookies can collect and process information, you must actively prevent your website from setting cookies before you get acceptance from the user. This requires that you block JavaScript cookies from being executed before consent has been given by the user.

If you or your company is subject to inspection by the national Data Protection Authority, they will ask that you provide documentation for each and every consent your users have given – also those who have declined. Be on the safe side, store them all securely.

Sounds complicated? But it’s not.

Go pro with Cookie Information’s Consent Solution

With Cookie Information’s Consent Solution, you can get a completely GDPR compliant cookie solution for your website. It is easy, professional, and secure.

With our Consent Solution, you’ll get:

  • Cookie consent pop-up banner (collects cookie consents)
  • Privacy controls (cookie opt-out option)
  • Cookie policy (detailed cookie purpose and privacy policy)
  • Log and basic reporting (stores consents if subject to inspection by DPA)
  • Monthly scans of your website for cookies
  • Knowledge base (Overview of all cookies)
  • SDK implementation (retain cookies before consent)

Link: Features you get with Cookie Information’s Consent Solution

The consent pop-up banner is displayed to the user upon the first visit to the website. The pop-up banner informs the visitor about the use of cookies and asks for consent to store cookies in the browser. 

Privacy Controls also allow the user to reject various cookie purposes (e.g. statistic, marketing). With the cookie policy the user can get an overview of cookies on your site.

Each users’ consent log is stored for 5 years as required by law. With our Consent Solution the user can always change his or her consent or completely withdraw the consent.

The solution scans your website and all its subpages for cookies and provides this information in tabular format in the cookie policy.

Cookie Information also maintains a global Knowledge Base with expert knowledge about first and third-party cookies.

With the Consent Solution, you also get SDK (Software Development Kit) implementation. You can block JavaScript cookies from being executed before a consent has been given.

No more free cookie banners, become GDPR compliant today with a pro cookie banner.