What is prior consent to cookies?

Blog

Oliver Fich

29/07/2020

The GDPR requires getting valid consent before your website uses cookies. Here's how to block cookies prior to obtaining consent.

In the wake of the GDPR, many websites have installed cookie pop-up banners on their site. These banners inform visitors of cookies. So far, so good.

However, most of these banners do not comply with the GDPR and therefore risk fines!

Why?

Because cookies typically start tracking before valid consent is obtained.

The cookie banners therefore serve no legal purpose other than to inform of cookies.

Can it be solved?

Of course, it can. Here we explain prior consent to cookies.

What is prior consent?

The GDPR and the European ePrivacy Directive require getting an explicit consent before using cookies (prior consent) other than those necessary for the website to work properly.

This is explicitly stated in the General Data Protection Regulation Article 6(1)(a): Processing of personal data is only lawful if you obtain the user’s consent.

But why do cookies require consent?

Because many cookies collect and process your visitors’ personal information to build online profiles for marketing purposes.

To process personal data, you need a consent. And according to Recital 32 of the GDPR, silence, pre-ticked boxes or inactivity does not count as consent.

Let’s show you what prior consent is.

Example of prior consent

Not a GDPR cookie compliant website:

A user visits your website. Your cookie pop-up banner informs the user that your site uses cookies. There is a huge ’agree’ button (consent), but not a ’disagree’ or ’reject’ button.

But most importantly, even before the user does anything, cookies from Google Analytics, Facebook Pixel, YouTube, Doubleclick, Adform etc. are already tracking the user across your site harvesting personal data from cookies.

GDPR cookie compliant website:

When the user visits your website, scripts in your source code are preventing all your cookies from being set before the user has given an explicit consent to them.

They do not track, collect or process anything before he or she clicks the button to allow it. If the user declines cookies, they are not set.

Do you need to block cookies before you get consent from your user?

Yes, if you use cookies on your site that track, collect and process your users’ personal data, then you need to ask for a consent. It is not enough only to state in your cookie banner that you use cookies and expect users to agree. And your website’s cookies may not be placed prior to consent. How will I know if my cookies collect and process personal information? Get a free cookie compliance check

How do I collect consent before setting cookies?

Cookie Information has developed a toolkit – Cookie Control SDK.

It works like this: a script is set around every single cookie setting script in your source code.

Our solution secures that cookie setting scripts from third-party tracking AdTech companies are first executed, when the user has clicked the ‘agree’ button in the cookie consent pop-up banner.

Thus, cookies are held back prior to consent.

The SDK (Software Development Kit) is an integrated part of your Consent Solution and can be easily be installed with Google Tag Manager, Tealium or in the source code itself.

Here’s a free guide to installing Cookie Control SDK with Cookie Information’s Consent Solution.

How can I get Cookie Control SDK?

Book a meeting with one of our compliance experts – or get in touch with your project manager at Cookie Information. We’re ready to help you collect consent prior to setting cookies and thus becoming GDPR compliant.

Cookie control? Get it here

Learn more about how Cookie Information can help your business comply with current international privacy laws.