Adlex Solicitors

UK internet and domain name lawyers

0207 317 8404   Email us now

Request Callback

Home  ›  What We Do  ›  Privacy and GDPR  ›  Cookies and GDPR

Cookie Laws and the GDPR

Here are some typical FAQs which we commonly encounter:

Does the GDPR cover cookies?

While the GDPR touches on cookies only in a “recital”, it’s generally felt that cookies are caught by the GDPR. The use of cookies is also covered by the UK Privacy and Electronic Communications Regulations.

What are the GDPR principles relevant to cookie consent?

  1. Consent requires a positive, unambiguous step.
  2. Users must be very clear what they are consenting to.
  3. Consent must be given before cookies are placed (except those which are “strictly necessary”).
  4. It must be easy for users to opt out of different kinds of cookies at any time.
  5. User consents must be recorded.

What should the cookie consent notice say?

There are many different kinds of cookie consent models. Generally, speaking the cookie choices should be spelt out clearly in the message but this can be “layered” if necessary. That said, the more specific your notice, the better.

The initial notice should also include both an acceptance button (e.g. “OK”, “I’m fine with this.”, “I accept” etc.) and an equally prominent rejection button (for non-essential cookies). If the cookie types aren’t included within the notice, you also need a  separate information button (e.g. “Information and Settings”, “Cookie Preferences”, “More Info”). The information button should lead to a location (often a second banner or pop up and/or a link to the cookies section of the privacy policy) where the user can get more detailed information about the different kinds of cookies on your site and opt out.

What about cookie consent tools?

If not already done, you may want to talk to your web developer about using a suitable GDPR-compliant cookie consent tool. Google lists some suggested tools on www.cookiechoices.org. The Information Commissioner’s Office itself uses “Cookie Control”, so that might not be a bad place to start.

The advantage of these tools is that they can help you to present the cookie information and options in a prominent, clear and comprehensible way to your users – the kind of thing which the GDPR likes to hear!

What does Google have to say about cookies?

Note that users of Google services (eg analytics / ads) must also comply with Google’s EU user consent policy at https://www.google.com/about/company/user-consent-policy.html including the need to obtain and record users’ consent to the use of cookies and to personalisation of ads. See also: