Skip to main content

On-demand webinar coming soon...

Blog

GDPR compliance means cookie notices must change

November 30, 2016

N/A

You’re probably one of those people who ticked the cookie law box ages ago and hasn’t thought about it since.

The game has changed and it’s now time to revisit your position. The ePrivacy Directive, which gave us the cookie law, is currently undergoing a revision, but the real issue now is the EU GDPR. It may be 2018 before it is enforced, but it’s now being enforced by law and has already tightened up the rules as well as increased penalties for non-compliance.

While there may be some time before GDPR is officially in effect, it’s important to begin thinking about the changes an organization will need to make now, especially those with multiple websites.

OneTrust recently attended the PDP 16th Annual Data Protection Compliance conference in London, where a leading UK barrister discussed the topic of cookie compliance.

With that, here are the some of the top issues for cookie consent that the GDPR raises:

Cookies can be personal data. The GDPR explicitly states that online identifiers, even if they are pseudonymous or if they do not directly identify an individual, will be considered personal data if there is potential for an individual to be identified or singled out. Any persistent cookie that is unique to the device by virtue of its attributes or stored values fits the criteria for personal data. This is the basis for cookie consent being about GDPR compliance now, as well as the existing cookie laws.

Implied consent is no longer going to be compliant. There are several reasons for this, primarily due to the GDPR requiring users to make an “affirmative action” to signal their consent. Simply visiting a site for the first time would not qualify, so loading up your landing pages with cookies in the hope people won’t opt out will no longer suffice.

Advice to adjust browser settings won’t be enough. The GDPR says it must be as easy to withdraw consent as it would be to give it. Telling people to block cookies if they don’t consent would not meet this criterion. This method is difficult, ineffective against non-cookie-based tracking, and doesn’t provide enough granularity of choice.

“By using this site, you accept cookies” statements will not be compliant. If there is no genuine and free choice, then there is no valid consent. People who don’t consent can’t suffer detriment, which means you have to provide some service to those who don’t accept those terms.

Sites will need an always available opt out. Even after getting valid consent, there must be a way for people to change their minds. Again, this comes down to the requirement that withdrawing consent must be as easy as providing it.

Soft opt in is likely the best consent model. Organizations may want to start giving site visitors an opportunity to act before cookies are set on a first site visit. If the site has offered fair notice, continuing to browse can in most circumstances be valid consent via affirmative action, but be sure to note the above bullet about implementing a persistent opt out route. This, however, may not be sufficient for sites that contain health-related content, or other sites where the browsing history may reveal sensitive personal data about the visitor. Those particular cases may require explicit consent.

You need a response to Do Not Track browser requests. A DNT:1 signal is a valid browser setting that communicates a visitor’s preference.  It could also be interpreted by regulators as an exercise of the right to object to profiling.

Consent will need to be specific to different cookie purposes. Sites that use different types of cookies with different processing purposes will need valid consent mechanisms for each purpose, e.g. granular levels of control with separate consents for tracking and analytics cookies.

Most sites right now would fail on many of these criteria, and with the high risks associated with GDPR non-compliance (fines of up to 4% of annual returns,) most organizations won’t want to fail even once. If this describes you, it’s time to take action.


You may also like

Webinar

Consent & Preferences

3 predictions for the impacts of 3rd party cookie deprecation

Stay ahead of the curve! Gain insights into the impacts of third-party cookie deprecation & actionable strategies for marketing success. Register now!

March 26, 2024

Learn more

Webinar

Consent & Preferences

The unified consent strategy every marketer needs in 2024

Join us to master Unified Consent! Seamlessly integrate preferences across your tech stack, drive customer satisfaction, and boost revenue. Register today!

March 19, 2024

Learn more

Webinar

Cookie Consent

Elevate your data strategy: From cookies to universal consent & preferences

Transform your customer relationships. From cookie consent to holistic customer profiles, unlock universal preferences. 

February 22, 2024

Learn more

Report

Consent & Preferences

The state of data privacy and trust in marketing 2023

Navigate the intersection of data, privacy, & trust with OneTrust. Explore report insights on responsible data use, legal compliance, & building customer trust.

January 22, 2024

Learn more

Infographic

Consent & Preferences

Unify consented data across your tech stack

How does consented data help the rest of your tech stack level up? And what does this mean for your customers? Find out the answers and more with this infographic.

January 11, 2024

Learn more

Webinar

Consent & Preferences

Permission-based Personalization: The Power of a Centralized Record of Consent

Join us to explore the power of consent record centralization and its impact on elevating customer personalization while respecting privacy.

December 18, 2023

Learn more

Infographic

Consent & Preferences

The consent and preferences roadmap

How can your organization get started with consent and preferences? What are the first steps to take? Download our infographic to learn more.

December 11, 2023

Learn more

eBook

Consent & Preferences

The basics of consent and preferences

When it comes to consent and preferences, what are the basic points that your organization needs to keep in mind? Download the eBook to learn more.

December 11, 2023

Learn more

Webinar

Consent & Preferences

Compliant omni-channel automation: How to be a responsible marketer?

Join this webinar and learn how to create a compliant privacy-first marketing program that respects customer consent across multiple channels.

October 12, 2023

Learn more

Resource Kit

Consent & Preferences

AdTech and consent toolkit 2023

Master TCF 2.2 & Google CMP requirements with our AdTech and Consent Toolkit 2023. Stay compliant and succeed in the privacy-first advertising landscape.

October 10, 2023

Learn more

Infographic

Consent & Preferences

How OneTrust integrates with Snowflake

When it comes to personalized marketing campaigns, email lists, or any other activation, make sure you’re staying compliant with all applicable privacy regulations.

October 09, 2023

Learn more

Resource Kit

Consent & Preferences

The IAB TCF 2.2 mastery toolkit

Master IAB TCF 2.2: Gain insights, navigate changes, and empower your organization with our resource kit. Download now!

October 05, 2023

Learn more

Resource Kit

Consent & Preferences

The Google CMP requirements toolkit

Master Google's CMP Standards: Stay compliant and excel in the evolving ad landscape. Download our Google CMP Requirements Toolkit now!

September 27, 2023

Learn more

Webinar

Consent & Preferences

Adobe + OneTrust: How to market responsibly with consent-based experiences

Join Adobe and OneTrust as we discuss best practices for deploying consent-based marketing campaigns and privacy-first experiences.

August 29, 2023

Learn more

Webinar

Cookie Consent

Trust matters: Building consumer confidence in a cookieless world

Join us and learn how to build consumer trust and drive marketing ROI without relying on third-party cookies.

August 01, 2023

Learn more

Webinar

Consent & Preferences

Consent-based advertising: Connecting with customers in a privacy-centric world

Get the insights you need to launch privacy-first advertising campaigns and build strong customer relationships based on trust.

July 28, 2023

Learn more

Checklist

Consent & Preferences

The marketer's first-party data checklist

Download our in-depth first-party data checklist and begin building privacy-first marketing strategy that builds trust and keeps your organization compliant.

July 11, 2023

Learn more

Infographic

Consent & Preferences

Navigating Google's new CMP requirements

Adapt to Google's June 2023 CMP requirements with this infographic and confidently engage your audience while staying compliant.

June 20, 2023

Learn more

eBook

Consent & Preferences

The ultimate guide to consent and preferences for marketers

Download this eBook and learn how marketers can apply consent and preference principles to build a relationship with their audience built on trust.

June 02, 2023

Learn more

Video

Consent & Preferences

The strongest consumer relationships are built on first-party data, not third-party cookies

Request a OneTrust Consent & Preferences demo video and learn how to unlock the potential of first-party data and establish a relationship with your customers based on trust.

June 02, 2023

Learn more

Infographic

Cookie Consent

5 GDPR-compliant cookie banner guidelines from the EDPB

Download our infographic to learn more about how to operationalize the EDPB’s GDPR-compliant cookie guidelines and keep your organization compliant.

March 02, 2023

Learn more

eBook

Consent & Preferences

The ultimate guide to consent and preferences in the healthcare sector

Download the guide to learn more about how to use consent and preferences to elevate patient and customer experiences in the healthcare sector.

February 15, 2023

Learn more

eBook

Cookie Consent

Your Playbook for a Cookieless World eBook

Download this ebook to learn why third-party cookies are deprecating, what solutions are available, and how to put privacy and consumer trust first.

February 09, 2023

Learn more

Infographic

Cookie Consent

10 tips to master cookie consent

Download our infographic and learn how to create a Consent Management Platform that meets compliance requirements, maximizes opt-ins, and builds trust. 

September 12, 2022

Learn more

Webinar

Consent & Preferences

Fireside chat: A modern marketer’s approach to privacy & data

Learn the challenges and opportunities marketers face to deliver personalized experiences while remaining compliant with global privacy requirements.

September 08, 2022

Learn more

White Paper

Cookie Consent

Succeeding in a privacy-first world with Alex Cash

In this white paper, discover strategies for data collection to further business goals and how to prioritize data while ensuring the best customer experience.

August 03, 2022

Learn more

Infographic

Cookie Consent

The ultimate cookies handbook for privacy professionals eBook

Download this guide to learn available lawful bases for tracking technologies, the future of the ePrivacy Regulation, CCPA and CPRA requirements, and more!

August 01, 2022

Learn more

Webinar

Cookie Consent

Powering game-changing experiences Ahead of a cookieless world

Watch this webinar with mParticle and OneTrust to gain guidance for preparing for a cookieless world and opportunities to future-proof your database.

June 26, 2022

Learn more

Webinar

Consent & Preferences

How to drive enhanced marketing & CX campaigns through trusted data use

Join Oracle & OneTrust to learn how to drive enhanced, privacy-centric personalization in marketing & CX campaigns through trusted data use.

June 14, 2022

Learn more

Webinar

Consent & Preferences

Data distribution: Integrating consent & preferences into MarTech & business systems

Watch this webinar to learn how to boost your integrated marketing performance with consent & preferences in CRMs, CDPs & marketing automation systems.

April 29, 2022

Learn more

Webinar

Cookie Consent

How marketers can adapt to a post-cookie world with OneTrust's Alex Cash

Learn how marketers can get ahead of a post-cookie world from Alex Cash, Director of Strategy, OneTrust & ExchangeWire's CEO Ciaran O'Kane.

April 06, 2022

Learn more

Webinar

Consent & Preferences

Consent governance: moving from chaos to control via data intelligence

Learn how to set up a strong consent governance strategy to achieve privacy-first data capture, distribution and activation.

April 04, 2022

Learn more

Webinar

Cookie Consent

How to prepare for the crumble of third-party cookies

Learn everything you need to know to prepare for the deprecation of third-party cookies from eMarketer & OneTrust in this on-demand webinar.

March 30, 2022

Learn more

Webinar

Consent & Preferences

Web, mobile, ctv: enhancing consumer trust in the omni-channel world

Learn how to leverage consent and preference management and cement consumer trust in your data protection practices.

March 28, 2022

Learn more

Webinar

Consent & Preferences

OTT and CTV Liftoff: A deep dive into delivering personalized experiences to streamers

Learn how to incorporate consent and privacy strategies to deliver personalized experiences to streamers on OTT applications & CTV platforms.

March 06, 2022

Learn more

Webinar

Consent & Preferences

Prioritizing data transparency: A critical ingredient in trust, loyalty and ROI

Learn how can you prioritize data transparency and share openly with consumers in order to build trust, gain loyalty and improve ROI.

January 02, 2022

Learn more

Webinar

Cookie Consent

The crumble of third-party cookies: How to prepare in 2022

Learn how your organization can leverage smart preference management to overcome the deprecation of third-party cookies.

January 02, 2022

Learn more

Webinar

Consent & Preferences

Google consent mode & OneTrust CMP

Learn the benefits of using Google Consent Mode with the OneTrust CMP (Cookie Consent) to balance compliance and marketing objectives.

October 27, 2021

Learn more

Webinar

Consent & Preferences

Navigating a complex framework: IAB TCF 2.0 upgrade checklist

Watch this webinar where we cover the complexity the IAB TCF 2.0 framework and providing a checklist to help you navigate your migration.

July 21, 2021

Learn more

Webinar

Consent & Preferences

IAB TCF 2.0 deep dive: Overview, terminology, resources

Watch this webinar for a deep dive into the IAB TCF framework and what's new in the second version.. 

July 21, 2021

Learn more