Cookie Consent
About twenty years ago, in 2002, numerous prompts appeared stating, "This site uses cookies," which needed to be accepted with an "Ok." This was due to the introduction of the ePrivacy Directive, commonly known as the EU Cookie Law.
After the implementation of GDPR on May 25, 2018, it was established that such notifications were no longer sufficient for collecting personal data.
In May 2020, the EU released the EDPB guidelines on valid consent, which state that:
- A user continuing to scroll and use the website does not equate to giving "ok" to collect personal data.
- Pre-filled checkboxes are not compliant with GDPR; users must actively choose which cookies to utilize (except for the so-called functional/necessary cookies required for the website to function).
- You cannot require users to accept cookies to continue; the website must function even without personal data.
This aligns with the rules we discussed in the article "A Guide to GDPR," which states that all individuals in the EU:
- have the right to know what data is collected and stored
- have the right to know why data is collected and stored
- must actively give their consent for the collection of this data
- have the right to edit their data
- have the right to export the data stored about them
- have the right to delete data stored about them permanently
What is considered personal data?
Personal data includes names, photos, email addresses, bank information, and IP addresses that can be used to identify an individual, either alone or in combination.
What types of cookies are there?
- Necessary cookies (also known as functional cookies, which are needed for the website's functionality)
- Statistics cookies (anonymized statistics that cannot be linked to a specific individual)
- Marketing cookies (cookies that collect personal data and share it with third parties)
Necessary cookies are "ok" to use without notifying the visitor and are essential for many websites to function as intended (as the name suggests).
However, statistics and marketing cookies require active consent from the visitor.
We can help you!
We have worked with GDPR and "cookie consent" in numerous projects where we have built a technical solution that meets the required standards while providing users a pleasant experience.
We have also undertaken projects where we chose to use solutions for statistics and other purposes that do not require cookies. An example is republic.se, where we do not store any personal data at all, even though we have a statistical service connected. We opted for a service that focuses on personal privacy, which is also a way to solve the problem!
Sources
- Processing of personal data in the provision of online services
- Guidelines 2/2019 on the processing of personal data under Article 6(1)(b) GDPR in the context of the provision of online services to data subjects
- Cookie consent | How do I comply with the GDPR cookie consent requirements?
- EDPB guidelines: cookies, consent and compliance
- EU cookie law - a right to privacy
- Hand in the cookie jar - consent when using cookies