How to retain cookies until you get consent!

How to retain cookies until you get consent!

If you have a website, you are obliged by law to prevent tracking cookies from being stored in your users’ browser until they have given their explicit consent. Here we present three simple ways to retain cookies until you get a cookie consent.

#GDPR #cookie #consent

Most websites use cookies. Cookies can help your website recognize your users and give them a good user experience. In fact, it is cookies that keep your users logged in; remember their language preferences, or the items they put in the shopping cart. But cookies can also be used to compile statistics on visitors’ behavior and to profile your users for marketing purposes. When cookies are intended for statistical or marketing purposes, processing of personal data will generally take place.

Read more about cookies: What is a cookie?

Therefore, most websites have pop-up cookie banners. These inform you that the website uses cookies. Here you have to decide whether you want cookies to be stored in your browser or not. But on many websites, it makes no difference whether you approve or reject, cookies are stored anyway.

However, all websites must ensure they do not store cookies that process personal data (tracking cookies) until the user has given their explicit consent.

What does the law say?

Many people think that all cookies fall under the rules in the ePrivacy Directive of 2002 (revised 2011). It states, that if websites want to store information (cookies) on a user’s terminal equipment (computers, smartphones, tablets), the user must be properly informed of the storage. In this case, it is enough just to inform your users that cookies are being stored.

ePrivacy Directive 2009/136/EC

(66) Third parties may wish to store information on the equipment of a user, or gain access to information already stored, for a number of purposes (..) It is therefore of paramount importance that users be provided with clear and comprehensive information when engaging in any activity which could result in such storage or gaining of access.


Link: European Parliament and councils’ ePrivacy Directive

This changes with the General Data Protection Regulation (GDPR) from 2018. It clearly states, that if a website uses cookies which collect and process personal data - such as marketing cookies - the website is required to collect the user’s explicit consent to allow for the storage of cookies. That is, the user must make an active, affirmative action to give consent.

In essence this means, that silence, pre-ticked fields or inactivity do not constitute consent to the GDPR!

General Data Protection Regulation – GDPR (EU) 2016/679 Recital 32

Consent should be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the data subject's agreement to the processing of personal data relating to him or her. This could include ticking a box when visiting an internet website.


Thus, consent must be a voluntary, specific, informed and unambiguous statement by the user that personal data concerning the user can be processed by third parties.

Please note that consent is not required for strictly necessary/technical cookies. These can be user validation cookies, authentication cookies or electronic shopping carts.

Link: General Data Protection Regulation 2018 (GDPR)

If your website uses cookies for marketing and statistical purposes, e.g. cookies set by Analytics, YouTube, Facebook, Doubleclick, you should be aware of the requirements to obtain an explicit consent.

Are you in doubt which cookies collect and process your visitors’ personal information? Be on the safe side. Here we present three simple solutions to prevent all cookies being set until you have obtained a valid cookie consent.

The easy way: Don't have any cookies on your site! – Tracking free zone

Zero tracking cookies? It's a tracking free zone

Just avoid having tracking cookies on your site – entirely. Create a tracking free zone where personal information about your visitors is not collected by third parties, and where your website only uses technically necessary cookies. Then you do not have to figure out which cookies process personal information and therefore require explicit consent. As such, you also avoid cookies being set before you obtain a valid consent.

However, this is difficult because you are cut off from functions that you may want to use commercially. Most website owners like to have cool widgets on their site like newsletter sign-up forms, Google Maps integration, or being able to analyze visitor behavior with Google Analytics. This is completely understandable. These add-ons make the website more dynamic and may help your company get a better overview of your customers promoting sales.

The hard way: Code it all yourself!

Retain tracking cookies? Code it all yourself

Are you a qualified backend developer and do you have loads of time, you can, in principal, code it all yourself. Identify all scripts on your site that set cookies, write a script that blocks cookies from being set until your user has given an explicit consent and implement it in your website’s source code – voilà. Far from all developers have the necessary time to build these kinds of in-house solutions. One thing is to develop the scripts necessary; another thing is to keep track of the millions of cookies that exist. A company's web developer has many tasks, and this should not be one of them. But what then?

The right way: Cookie Information’s SDK

With Cookie Information's SDK you can prevent cookies from being stored

The right solution for your business is already here. Cookie Information has developed a Software Development Kit (SDK) for its Consent Solution customers. The SDK is applicable on any CMS system and will ensure that your website does not store cookies in the user’s browser until the user has given his or her explicit consent. When doing so, your website can reach the ultimate goal of GDPR compliance regarding cookies.

Link: Cookie Information's consent solution

Cookies Information’s SDK works like this: it creates a “ring” around each script in the source code that sets cookies. The SDK scans the cookie banner to find whether the visitor has given consent to cookies – or only to some categories of cookies (functional, statistical or marketing). With this knowledge the SDK can retain cookies and ensure that they are not stored in the user’s browser unless the user has given an explicit consent to it.

In addition to the legal aspects of the GDPR recital 32 and part 66 of the ePrivacy Directive, retaining cookies also concerns your visitors’ right to online privacy.

Respecting online privacy creates trust among your visitors. If you are not in control of which third parties track your visitors, it may create distrust among your customers. Third-party collection of your customers data may also result in their later exposure to advertising from competing products and services.

The SDK solution from Cookie Information is free to use when you are a Consent Solution customer. And best of all: you can implement it yourself. Read our guide and get started.

Link: How to implement SDK? A complete Introduction to SDK (English)

However, if you would like to avoid entering your website’s engine room, we can take care of everything for you.

Contact us today to get started with Cookie Information’s SDK. With our solution you will comply completely with GDPR rules for privacy and cookies.

Moreover, your customers will also get the impression that you respect their right to online privacy and that will be a competitive advantage for your business.


About Cookie Information

Cookie Information is a Privacy Tech Company specialized in developing software that helps you and your company ensure that your websites and mobile apps are GDPR & ePrivacy compliant. Cookie Information provides solutions globally, and we help more than 1.000 companies and handle more than 6 billion consents each year.
Visit Cookie Information