Cookie Control – The Right to Choose

Cookie Control – The Right to Choose

Your Cookie policy should clearly define which cookies you are using on your website, by doing so you allow your visitor to identify what methods of data collection you are using and for what purpose. Along with this, as soon as a visitor arrives to your website it is necessary to immediately ‘inform of’ and ‘gain consent for’ the use of cookies.

Countdown To GDPR Compliance

 
 

THE GDPR DEADLINE HAS NOW PASSED.

TAKE ACTION NOW BEFORE YOU GET FINED.

GET HELP NOW

In Recital 32 we are given more details on this:

‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

Article 4 of the GDPR defines consent as follows:

Consent should be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the data subject’s agreement to the processing of personal data relating to him or her, such as by a written statement, including by electronic means, or an oral statement. This could include ticking a box when visiting an internet website, choosing technical settings for information society services or another statement or conduct which clearly indicates in this context the data subject’s acceptance of the proposed processing of his or her personal data. Silence, pre-ticked boxes or inactivity should not therefore constitute consent. Consent should cover all processing activities carried out for the same purpose or purposes. When the processing has multiple purposes, consent should be given for all of them. If the data subject’s consent is to be given following a request by electronic means, the request must be clear, concise and not unnecessarily disruptive to the use of the service for which it is provided.

For website owners these lines are very important “Silence, pre-ticked boxes or inactivity should not therefore constitute consent.” And “When the processing has multiple purposes, consent should be given for all of them.”

“Silence, pre-ticked boxes or inactivity should not therefore constitute consent.”

This means it is no longer acceptable to presume consent is given for use of cookies if the person simply ignores your cookie notice, they must take an affirmative action to consent, such as clicking on an “I consent button”. At the time of writing it would seem that it is also necessary for cookies to be turned off by default until such consent is gained, so and “opt in” as opposed to an “opt out” approach is required.

“When the processing has multiple purposes, consent should be given for all of them.”

This means that it is now necessary to gain consent for every way in which you gather and use the persons data, so consent for one type of cookie does not carry over and apply to consent for other types of cookies. I will cover consent further in a future article, so be sure to check back for that.

The GDPR does not stop there however, in Article 7(3) it goes on to state that consent once given should be as easy to withdraw as it was to give.

Article 7(3):

  1. The data subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Prior to giving consent, the data subject shall be informed thereof. It shall be as easy to withdraw as to give consent.”

For a website owner this means that the data subject must have the facility to turn off any cookies they previously consented to allowing. As industry comes to terms with this after the roll out of GDPR better methods of controlling this will emerge. For now it might be permissible to provide guidance on how to remove previous consent within your cookie policy and/or privacy policy.

Disclaimer: GDPR is a serious topic and can have financial & legal ramifications for business owners that do not correctly comply. As I am not a legal professional I make no claim that this article or subsequent articles definitively covers everything that website owners should know, as such I would highly recommend that you do further research on the topic and seek legal advice should you deem it necessary. You should not rely on the contents of this article as legal proof of anything and I accept no responsibility or liability for its accuracy.

Latest news

ready to improve your online presence?

Time to Get Your Website Working For You

YES I'm ready! let's Go!