What is required?
According to GDPR Article 7.3 and Article 29 Data Protection Working Party (WP29)'s updated Guidelines on transparency under Regulation 2016/679 (wp260rev.01) it has to be as easy for the website user to withdraw a consent as it was to give it in the first place. It should be clear to the website user - at the time when the user is asked for consent regarding the use of his personal data - that the consent can be withdrawn at any time.
How can I implement it?
1. The Cookiebot CMP Privacy trigger
The Cookiebot CMP Privacy trigger functions as a shortcut to the users' consent state information on your website. Showing a mini version of the cookie banner, it enables users to easily check or update their consent. This is in line with demands for more transparency and providing users control of their own data, as is required by various privacy legislations such as GDPR.
Find out more about the Privacy trigger and how you can easily implement this function: The Cookiebot CMP Privacy trigger.
2. The Cookie Declaration
The possibility for the website user to withdraw - and/or change - a consent is automatically included in the standard template for the Cookie Declaration. This can be implemented as a separate page on your website or it can be embedded into an existing Privacy Policy or similar. You can see an example of the standard Cookie Declaration implemented as a separate page here: https://www.cookiebot.com/goto/cookie-declaration/
If you have correctly followed the last part of step 3 in our 3-step installation guide and implemented the Cookie Declaration, then the user will be able to see his current consent (what categories of cookies consent has been given for), change his consent or completely withdraw his consent.
An example of this from our own website is shown below:
Please see our introduction to the Cookie Declaration What is the Cookie Declaration (cookie policy) and what is included in it?
3. Using the Cookiebot CMP SDK
If you do not wish to make use of the Cookie Declaration, then you must provide alternative ways for the user to easily – as easily as it was given – withdraw their consent.
This can be done using the Cookiebot CMP SDK and you can insert the JavaScript functions "Cookiebot.renew()" or “Cookiebot.withdraw()” which will renew or withdraw a consent by showing the cookie consent dialog to the user:
<a href="javascript: Cookiebot.renew()">Change your consent</a>
<a href="javascript: Cookiebot.withdraw()">Revoke your consent</a>
If you are implementing a withdrawal option for CCPA/CPRA, it should specifically state the text “Do not share or sell my information":
<a onclick="window.Cookiebot.show()" href="#">Do not sell or share my personal information</a>
4. Deleting cookies from the browser
As an alternative, the user can always change or withdraw a cookie consent simply by deleting all cookies for your domain or by deleting the two specific cookies that remember the consent state: "CookieConsent" and "CookieConsentBulkSetting".
Read our blog post: Cookie consent | How do I comply with the GDPR?
Comments
0 comments
Please sign in to leave a comment.