What is GDPR cookie consent?
GDPR cookie consent is given by users giving their consent to your website’s cookies. Cookies are authorized to be activated and collected through personal data, when customers visit your website. A GDPR-compliant cookie consent should be divided in options. Indeed, users should be able to choose some cookies over others and not be forced to simply accept or reject them all. Which is unfortunately not the case in many websites.
Cookie consent is one of the cornerstones of the General Data Protection Regulation (GDPR). This is how websites ensure the lawful processing of their users’ personal data.
Personal data is broadly defined by the GDPR as any information relating to an individual. This can be either directly, indirectly or by reference to an identifier, such as an IP address. It is therefore collected, stored and shared through cookies that track users on websites.
The GDPR establishes the legal basis for the collection and processing of personal data. Although cookies are only mentioned once in the GDPR, consent to cookies is still the cornerstone of compliance for websites whose users are located in the EU.
Consenting to cookies
The GDPR requires a website to collect personal data from users only after they have given their explicit consent for a specific purpose of use.
Websites must comply with the following GDPR requirements in relation to cookie consent:
- Prior explicit consent must be obtained before any cookies are activated.
- Consent must be granular, users should be able to enable some cookies and not others and should not be required to consent to all or none.
- Consent should be voluntary, it should not be forced.
- Consent should be as easy to withdraw as it is to give.
- Consents should be kept securely as legal documents.
- Consents should be renewed annually.
Typically, cookie compliance with the GDPR is achieved on websites through cookie banners, which allow users to select and accept the activation of certain cookies instead of others when visiting the website.
Types of cookies
According to the GDPR, cookies are divided into four categories:
- Necessary cookies, which are specific to your website. These are session-specific cookies that last only as long as the user visits your website.
- Cookies that only last for the duration of the session, the time the user is on your website, and only last for the duration of the session.
- Statistical cookies that come from third-party services, such as analytics software implemented on your website.
- Marketing cookies, which almost always come from third-party technology or advertising companies to advertise to your users or collect personal information from them for additional marketing purposes.
By Tendry Randriamparany
If you enjoyed this article, please check out this website to know more about cookie consent and read my article about the opportunity of Halloween for brands.
