Cookie Laws and the GDPR
Here are some typical FAQs which we commonly encounter:
Does the GDPR cover cookies?
What are the GDPR principles relevant to cookie consent?
- Consent requires a positive, unambiguous step.
- Users must be very clear what they are consenting to.
- Consent must be given before cookies are placed (except those which are “strictly necessary”).
- It must be easy for users to opt out of different kinds of cookies at any time.
- User consents must be recorded.
What should the cookie consent notice say?
There are many different kinds of cookie consent models. Generally, speaking the cookie choices should be spelt out clearly in the message but this can be “layered” if necessary. That said, the more specific your notice, the better.
What about cookie consent tools?
If not already done, you may want to talk to your web developer about using a suitable GDPR-compliant cookie consent tool. Google lists some suggested tools on www.cookiechoices.org. The Information Commissioner’s Office itself uses “Cookie Control”, so that might not be a bad place to start.
The advantage of these tools is that they can help you to present the cookie information and options in a prominent, clear and comprehensible way to your users – the kind of thing which the GDPR likes to hear!
What does Google have to say about cookies?
- https://www.google.com/about/company/user-consent-policy-help.html (useful guidance).
- www.cookiechoices.org (Google’s cookie advice website).