Think you are GDPR compliant with a free cookie consent banner? Think again.

Think you are GDPR compliant with a free cookie consent banner? Think again.


Free cookie consent solutions share one common feature. They are not very compliant. This could leave your company website in disarray, should the Data Protection Authorities ask for consent logs from each and every one of your website visitors.

When the GDPR effectively entered into force in May 2018, many companies were in a hurry to get a cookie banner on their website in order to comply with the new data protection regulations.

Many ended up choosing to implement a free banner on their website based on the belief that visitors are only to be informed of the website’s use of cookies and processing of personal information.

But according to the GDPR, that’s far from enough.

Why isn’t my free cookie banner compliant with the GDPR?

There are a ton of free cookie banners available on the internet. For example, if you have a WordPress site, there are many free GDPR plugins available to install making you “compliant” in an instant. Also, privacy-tech companies provide free basic solutions if you only have one domain and a short list of subpages.

But common to all are, they are not very compliant. Why? Because they do not collect visitors’ consent, store consent logs (for inspection), provide opt-out options or retain cookies before consent. And consent before processing (of data) is a cornerstone in the GDPR.

So, in essence, what free banners give you is false security.


Free cookie consent banner GDPR

But why is it necessary to collect consents?

Take a look at which cookies your website uses. Most likely you’ll find cookies from Google Analytics, YouTube, Facebook, Hotjar or perhaps from Doubleclick, Addthis, Googleadservice or many other third-party services implemented on your website in one way or another.

These cookies collect and process your visitors’ personal information (IP-addresses, Geolocation, online identifiers etc.) which is used for directing more personalized ads to them.

If a cookie collects and processes personal information about the internet user, then the user must give his or her explicit consent before your website can store the cookie in the user’s browser.

The GDPR clearly states:

Consent should be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the data subject's agreement to the processing of personal data relating to him or her

and

Silence, pre-ticked boxes or inactivity should not therefore constitute consent.

GDPR – Recital 32

Consent should be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the data subject's agreement to the processing of personal data relating to him or her, such as by a written statement, including by electronic means, or an oral statement. This could include ticking a box when visiting an internet website, choosing technical settings for information society services or another statement or conduct which clearly indicates in this context the data subject's acceptance of the proposed processing of his or her personal data. Silence, pre-ticked boxes or inactivity should not therefore constitute consent. Consent should cover all processing activities carried out for the same purpose or purposes. When the processing has multiple purposes, consent should be given for all of them. If the data subject's consent is to be given following a request by electronic means, the request must be clear, concise and not unnecessarily disruptive to the use of the service for which it is provided.

As seen, consent is imperative to comply with the GDPR. It has to be informed and freely given. This also specifies that cookie walls and data for access are not valid under the GDPR. Users have to be given a choice to reject cookies.

Then what? How does your website become compliant?

Requirements for a professional cookie consent solution

To effectively comply with the GDPR on your company website you must:

  • Inform your visitors of cookies.

A proper cookie consent pop-up banner informs the website’s users of cookies. In the cookie banner itself should be a link to the website’s cookie policy, where the purpose of your cookies is properly described.

Pro Cookie consent banner GDPR

  • Collect a freely given cookie consent.

Consent must be freely given! Silence, pre-ticked boxes and inactivity is not considered consent under the GDPR. Give your users the option of rejecting cookies that collect and process their personal information.

  • Retain cookies before consent is obtained.

As consent must be obtained before cookies can collect and process information, you must actively prevent your website from setting cookies before you get an accept from the user. This requires that you block cookie JavaScripts from being executed before the consent has been given by the user.

Privacy controls GDPR Cookie consent

  • Keep consent logs if subject to inspection. If you or your company is subject to inspection by the national Data Protection Authority, they will ask that you provide documentation for each and every consent your users have given – also those who have declined. Be on the safe side, store them all securely.

Sounds complicated? But it’s not.

Go pro with Cookie Information’s Consent Solution

With Cookie Information’s Consent Solution, you can get a completely GDPR compliant cookie solution for your website. It is easy, it is professional, it is secure.

With our Consent Solution, you’ll get:

  • Cookie consent pop-up banner (collects cookie consents)
  • Privacy controls (cookie opt-out option)
  • Cookie policy (detailed cookie purpose and privacy policy)
  • Log and basic reporting (stores consents if subject to inspection by DPA)
  • Monthly scans of your website for cookies
  • Knowledge base (Overview of all cookies)
  • SDK implementation (retain cookies before consent)

The consent pop-up banner is displayed to the user upon the first visit to the website. The pop-up banner informs the visitor about the use of cookies and asks for a consent to store cookies in the browser. Privacy Controls also allow the user to reject various cookie purposes (e.g. statistic, marketing). With the cookie policy the user can get an overview of cookies on your site.

Each users’ consent log is stored for 5 years as required by law. With our Consent Solution the user can always change his or her consent or completely redraw the consent.

The solution scans your website and all its subpages for cookies and provides this information in tabular format in the cookie policy.

Cookie Information also maintains a global Knowledge Base with expert knowledge about first and third-party cookies.

With the Consent Solution, you also get SDK (Software Development Kit) implementation. You can block cookie JavaScript from being executed before a consent has been given.

Start a free 30-day trial and try it out today

Simply go to cookieinformation.com and register your name and website and we will guide you from there.

Registration cookie consent colution gdpr eprivacy

The Consent Solution works on all CMS systems. If you have WordPress, you can simply install the Consent Solution plugin and register, and there you go. Or you can insert a short code snippet in your website’s <head>.

Link: Guide to most popular CMS systems

If you have any problems along the way, we are here to guide you to become GDPR compliant on your website. 

Links:

Cookie Information’s Consent Solution documentation

https://cookieinformation.com/images/docs/Produktblad_ConsentSolution_EN.pdf

 


About Cookie Information

Cookie Information is a Privacy Tech Company specialized in developing software that helps you and your company ensure that your websites and mobile apps are GDPR & ePrivacy compliant. Cookie Information provides solutions globally, and we help more than 1.000 companies and handle more than 6 billion consents each year.
Visit Cookie Information