On January 18, 2023, the European Data Protection Board (EDPB) published five GDPR-compliant cookie guidelines that companies need to follow in order to honor user privacy. This was in response to complaints raised by NOYB, a non-profit focused on the digital privacy rights of consumers. Under the GDPR, businesses must follow these steps.
- Prior to receiving consent, they must provide “accurate and specific” information as to what data is being collected and why
- Receive consent in order to store any cookies other than those which are deemed “strictly necessary” for operations
- In the case of a user not providing consent to other cookies, ensure regular access to their services
- After obtaining consent, store and document this consent data
- Make withdrawing consent as easy as giving it in the first place
The EDPB’s guidelines focus on how companies need to implement their cookie banners to make sure they are compliant with GDPR requirements on cookies.
These guidelines include the following:
- Display a reject button on the first layer
- No pre-ticked boxes
- No deceptive button colors or contrasts
- Avoid language around “legitimate interest”
- Provide a “withdraw consent” option
Download the infographic to learn more about how to operationalize these guidelines and keep your organization GDPR-compliant in its cookie banner implementation.