According to the General Data Protection Regulation (GDPR), the requirements for consent are quite clear:
“the data subject (the internet user) has to provide a freely given consent in order for the data controller (the website) to begin collecting and processing his or her personal data“.
This is regardless whether the data are collected by the website’s own cookies (first party) or by other services (third-party cookies).
A valid consent is a freely given, specific, informed and unambiguous indication by your website’s user that you may store cookies onto his or her device (computer/tablet/smartphone).
Link: What is the GDPR?
According to the ePrivacy Directive (the European Cookie Law), you are required to obtain your users’ consent for using cookies (i.e. placing cookies on their devices).
However, since most cookies collect users’ personal data for processing, the rules for consent in the GDPR apply:
Examples of third-party services which place tracking cookies (and therefore require valid consent):
Looking at the definition in the GDPR, we have a list of identifiers:
Looking specifically at online identifiers, Recital 30 of the GDPR provides us with this non-exhaustive list:
These are identifiers which refer to information related to a persons tools, applications or devices like computers, smartphones or tablets. Also, any information that can identify a specific device, such a fingerprinting, are also classified as online identifiers.
“But they are not my cookies!” Here’s why the GDPR apply to you.
The GDPR applies to any website or app which collect and/or process EU citizens personal data. This is regardless of the website being located within or outside of the EU.
It is the website owner, administrator or the company’s Data Protection Officer (DPO) who is responsible for making sure the site complies with the GDPR in relation to the data cookies collect and process.
The website is the “data controller” and is therefore responsible for collecting valid consent to cookies and data processing.
This, even though the cookies are not owned by the company, but are third-party cookies e.g. Google Analytics, Facebook Pixel, YouTube or Addthis. The third-party services are the data processors.
Is your current cookie pop-up doing all that? Have a free compliance check.
We can help you reach the level of GDPR compliance you desire. We are a global privacy-tech company offering privacy solutions to both public and private sector.
Our Consent Solution is used by more than 1500 clients and yearly we collect 15 billion consents.
Become GDPR compliant today!
Try our Consent Solution with its professional cookie consent pop-up for free – 30 days!