• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

Adlex Solicitors

UK internet and domain name lawyers

Call us now: 0207 317 8404   Email us now

Request Callback

We are operating normally during the COVID-19 crisis and are here to help

  • Home
  • What We Do
    • Website and App Terms & Conditions
    • Privacy and GDPR
      • Intro
      • Privacy Policies
      • Cookies and GDPR
    • Contracts
      • Intro
      • Website / App Design and Development Contracts
      • Web Hosting Contracts
      • White Label and Content Distribution Contracts
      • SEO Contracts
      • Internet Affiliate, Advertising and Marketing Contracts
    • Disputes
      • Intro
      • Domain Name Disputes and Cybersquatting
        • Introductory Guide to Domain Name Disputes
        • UDRP
        • Nominet’s DRS
        • Cybersquatting
        • Domain Name Hijacking
        • Domain Name Law
        • Domain Names and Trade Marks / Passing Off
        • Adlex’s Domain Name Legal Expertise
        • Free Legal Opinion
      • Online Copyright Infringement
      • Internet Trade Mark Infringement and Passing Off
    • Content Removal
      • Intro
      • Removal From Google Search Results
      • Removal From Facebook and Other Social Media
      • Removal From Websites
      • Internet Defamation
      • Right to be Forgotten
  • Who We Are
  • Testimonials
  • Blog
  • Contact Us
Home  ›  What We Do  ›  Privacy and GDPR  ›  Cookies and GDPR

Cookie Laws and the GDPR

Here are some typical FAQs which we commonly encounter:

Does the GDPR cover cookies?

While the GDPR touches on cookies only in a “recital”, it’s generally felt that cookies are caught by the GDPR.

What are the GDPR principles relevant to cookie consent?

  1. Consent requires a positive, unambiguous step.
  2. Users must be very clear what they are consenting to.
  3. Consent must be given before cookies are placed (except those which are “strictly necessary”).
  4. It must be easy for users to opt out of different kinds of cookies at any time.
  5. User consents must be recorded.

What should the cookie consent notice say?

There are many different kinds of cookie consent models. Many people think that under the GDPR it’s reasonable to proceed on the basis of “soft opt in”. This tells users that you will place cookies if they continue to use the site. Cookies are then only set if the user either clicks an “ok” (or similar) button or navigates to another page on the site. This notice must stay prominently in place until the user takes that further action. The cookie choices should be spelt out clearly in the message but this can be “layered”.

For example, the initial notice might say something like: “This site uses cookies, including to analyse traffic, for social sharing, to measure / personalise ads” (change as necessary). Or you might use something a bit more general eg: “Your cookie choices. We use cookies to make the site work better and give you the best user experience.” That said, the more specific your notice, the better. (See also Google’s suggested wording at www.cookiechoices.org.)

The initial notice should also include both an acceptance button (e.g. “OK”, “I’m fine with this.”, “I accept” etc) and a separate information button (e.g. “Information and Settings”, “Cookie Preferences”, “More Info”). The information button should lead to a location (often a second banner or pop up and/or a link to the cookies section of the privacy policy) where the user can get more detailed information about the different kinds of cookies on your site and opt out.

What about cookie consent tools?

If not already done, you may want to talk to your web developer about using a suitable GDPR-compliant cookie consent tool. Google lists some suggested tools on www.cookiechoices.org. The Information Commissioner’s Office itself uses “Cookie Control”, so that might not be a bad place to start.

The advantage of these tools is that they can help you to present the cookie information and options in a prominent, clear and comprehensible way to your users – the kind of thing which the GDPR likes to hear!

What does Google have to say about cookies?

Note that users of Google services (eg analytics / ads) must also comply with Google’s EU user consent policy at https://www.google.com/about/company/user-consent-policy.html including the need to obtain and record users’ consent to the use of cookies and to personalisation of ads. See also:

  • https://www.google.com/about/company/user-consent-policy-help.html (useful guidance).
  • www.cookiechoices.org (Google’s cookie advice website).

Primary Sidebar

  • Website and App Terms & Conditions
  • Privacy and GDPR
    • Intro
    • Privacy Policies
    • Cookies and GDPR
  • Contracts
    • Intro
    • Website / App Design and Development Contracts
    • Web Hosting Contracts
    • White Label and Content Distribution Contracts
    • SEO Contracts
    • Internet Affiliate, Advertising and Marketing Contracts
  • Disputes
    • Intro
    • Domain Name Disputes and Cybersquatting
      • Introductory Guide to Domain Name Disputes
      • UDRP
      • Nominet’s DRS
      • Cybersquatting
      • Domain Name Hijacking
      • Domain Name Law
      • Domain Names and Trade Marks / Passing Off
      • Adlex’s Domain Name Legal Expertise
      • Free Legal Opinion
    • Online Copyright Infringement
    • Internet Trade Mark Infringement and Passing Off
  • Content Removal
    • Intro
    • Removal From Google Search Results
    • Removal From Facebook and Other Social Media
    • Removal From Websites
    • Internet Defamation
    • Right to be Forgotten

Blog Categories

  • Domain Name Disputes
  • Internet Content Removal
  • Online Terms and Conditions
  • Privacy and GDPR

Twitter

  • Twitter

Recent Blog Posts

  • Moving Services Online to Beat Social Distancing
  • Guidance on Designing your Website / App for Children’s Privacy
  • Helping Google “Forget” – Removing Convictions from the Web
  • 10 Top Tips for Writing a Domain Dispute Complaint

How Adlex Solicitors Can Help You

For a free initial chat, call Adam of Adlex now on 0207 317 8404 or request a callback or email.

  • Home
  • Sitemap
  • Website Terms of Use
  • Privacy and Cookies Policy
  • Complaints

© Adlex Solicitors 2001 - 2022. Authorised and regulated by the Solicitors Regulation Authority (SRA number 344672).