5 GDPR-compliant cookie banner guidelines from the EDPB

Resource Consent and Preferences Cookie Consent

On January 18, 2023, the European Data Protection Board (EDPB) published five GDPR-compliant cookie guidelines that companies need to follow in order to honor user privacy. This was in response to complaints raised by NOYB, a non-profit focused on the digital privacy rights of consumers. Under the GDPR, businesses must follow these steps.

  • Prior to receiving consent, they must provide “accurate and specific” information as to what data is being collected and why
  • Receive consent in order to store any cookies other than those which are deemed “strictly necessary” for operations
  • In the case of a user not providing consent to other cookies, ensure regular access to their services
  • After obtaining consent, store and document this consent data
  • Make withdrawing consent as easy as giving it in the first place

The EDPB’s guidelines focus on how companies need to implement their cookie banners to make sure they are compliant with GDPR requirements on cookies.


These guidelines include the following:


1. Display a reject button on the first layer

2. No pre-ticked boxes

3. No deceptive button colors or contrasts

4. Avoid language around “legitimate interest”

5. Provide a “withdraw consent” option


Download the infographic to learn more about how to operationalize these guidelines and keep your organization GDPR-compliant in its cookie banner implementation.

Get Resource

Note: All fields marked with * are required

I’d like email updates on local events, news, resources and products to stay connected with the OneTrust community. Unsubscribe at any time.

I’d like a solution expert to provide product information or show me a custom demo of the OneTrust platform

How would you like us to contact you?

Privacy Notice

You can learn more about how we handle your personal data and your rights by reviewing our privacy notice.

Onetrust All Rights Reserved