The free cookie banner issue
When the GDPR effectively entered into force in May 2018, many companies were in a hurry to get a free cookie banner on their website in order to comply with the new data protection regulations.
But according to the GDPR, that’s far from enough.
Why isn’t my free cookie banner compliant with the GDPR?
There are a ton of free cookie banners available on the internet. For example, if you have a WordPress site, there are many free GDPR plugins available to install making you “compliant” in an instant.
Also, privacy-tech companies provide free basic solutions if you only have one domain and a short list of subpages.
But common to all are, they are not very compliant. Why? Because they do not collect visitors’ consent, store consent logs (for inspection), provide opt-out options, or retain cookies before consent. And consent before processing (of data) is a cornerstone in the GDPR.
So, in essence, what free cookie banners give you is false security.
Why is it necessary to collect consents?
Take a look at which cookies your website uses. Most likely you’ll find cookies from Google Analytics, YouTube, Facebook, or Hotjar. Or perhaps from Doubleclick, Addthis, Googleadservice or many other third-party services implemented on your website in one way or another.
These cookies collect and process your visitors’ personal information (IP-addresses, Geolocation, online identifiers etc.), which is used for directing more personalized ads to them.
If a cookie collects and processes personal information about the internet user, then the user must give his or her explicit consent before your website can store the cookie in the user’s browser.
The GDPR clearly states:
Consent should be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the data subject’s agreement to the processing of personal data relating to him or her
Silence, pre-ticked boxes, or inactivity should not, therefore, constitute consent.
Consent should be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the data subject’s agreement to the processing of personal data relating to him or her, such as by a written statement, including by electronic means, or an oral statement. This could include ticking a box when visiting an internet website, choosing technical settings for information society services or another statement or conduct which clearly indicates in this context the data subject’s acceptance of the proposed processing of his or her personal data. Silence, pre-ticked boxes or inactivity should not therefore constitute consent. Consent should cover all processing activities carried out for the same purpose or purposes. When the processing has multiple purposes, consent should be given for all of them. If the data subject’s consent is to be given following a request by electronic means, the request must be clear, concise and not unnecessarily disruptive to the use of the service for which it is provided.
As seen, consent is imperative to comply with the GDPR. It has to be informed and freely given.
This also specifies that cookie walls and data for access are not valid under the GDPR. Users have to be given a choice to reject cookies.
Free cookie banners do not offer that option.
Then what? How does your website become compliant?
Requirements for a professional cookie banner and consent solution
Consent must be freely given! Silence, pre-ticked boxes and inactivity is not considered consent under the GDPR. Give your users the option of rejecting cookies that collect and process their personal information.
If you or your company is subject to inspection by the national Data Protection Authority, they will ask that you provide documentation for each and every consent your users have given – also those who have declined. Be on the safe side, store them all securely.
Sounds complicated? But it’s not.
Go pro with Cookie Information’s Consent Solution
With Cookie Information’s Consent Solution, you can get a completely GDPR compliant cookie solution for your website. It is easy, professional, and secure.
With our Consent Solution, you’ll get:
- Cookie consent pop-up banner (collects cookie consents)
- Privacy controls (cookie opt-out option)
- Log and basic reporting (stores consents if subject to inspection by DPA)
- Monthly scans of your website for cookies
- Knowledge base (Overview of all cookies)
- SDK implementation (retain cookies before consent)
Each users’ consent log is stored for 5 years as required by law. With our Consent Solution the user can always change his or her consent or completely withdraw the consent.
Cookie Information also maintains a global Knowledge Base with expert knowledge about first and third-party cookies.
No more free cookie banners, become GDPR compliant today with a pro cookie banner.