What is required?
According to GDPR Article 7.3 and Article 29 Data Protection Working Party (WP29)'s updated Guidelines on transparency under Regulation 2016/679 (wp260rev.01) it has to be as easy for the website user to withdraw a consent as it was to give it in the first place. It should be clear to the website user - at the time when the user is asked for consent regarding the use of his personal data - that the consent can be withdrawn at any time.
How can I implement it?
1. The Cookiebot CMP Widget
The Cookiebot CMP widget functions as a shortcut to the users' consent state information on your website. Showing a mini version of the cookie banner, it enables users to easily check or update their consent. This is in line with demands for more transparency and providing users control of their own data, as is required by various privacy legislations such as GDPR.
Find out more about the widget and how you can easily implement this function: The Cookiebot CMP widget.
2. The Cookie Declaration
The possibility for the website user to withdraw - and/or change - a consent is automatically included in the standard template for the Cookie Declaration. This can be implemented as a separate page on your website or it can be embedded into an existing Privacy Policy or similar. You can see an example of the standard Cookie Declaration implemented as a separate page here: https://www.cookiebot.com/goto/cookie-declaration/
If you have correctly followed the last part of step 3 in our 3-step installation guide and implemented the Cookie Declaration, then the user will be able to see his current consent (what categories of cookies consent has been given for), change his consent or completely withdraw his consent.
An example of this from our own website is shown below:
Please see our introduction to the Cookie Declaration What is the Cookie Declaration (cookie policy) and what is included in it?
3. Using the Cookiebot CMP API
If you do not wish to make use of the Cookie Declaration, then you must provide alternative ways for the user to easily – as easily as it was given – withdraw their consent.
This can be done using the Cookiebot CMP API and you can insert the JavaScript functions "Cookiebot.renew()" or “Cookiebot.withdraw()” which will renew or withdraw a consent by showing the cookie consent dialog to the user:
<a href="javascript: Cookiebot.renew()">Change your consent</a>
<a href="javascript: Cookiebot.withdraw()">Revoke your consent</a>
4. Deleting cookies from the browser
As an alternative, the user can always change or withdraw a cookie consent simply by deleting all cookies for your domain or by deleting the two specific cookies that remember the consent state: "CookieConsent" and "CookieConsentBulkTicket".
Read our blog post: Cookie consent | How do I comply with the GDPR?
Comments
3 comments
After clicking the 'Withdraw your consent' button and removing all cookies, when I open the CookieBot modal my toggle's are still switched to enabled. How can I use the Withdraw your Consent button to set values in Local Storage that will set the toggles to a disabled state?
You see, it is stated: "it has to be as easy for the website user to withdraw a consent as it was to give it in the first place."
Now, let's look at the process. The banner pop-up, the user sets choices and allows cookies. Period.
Now, to revoke the consent, the user must think how to do it, perhaps will check our privacy policy, if that is done and there is a note in a privacy policy, the user finds the link to cookie declaration and only then it can change its choices. Alternatively, the user will clear browsing data.
The question is: Is it as easy as giving a consent. In my opinion, it is not. What I suggest is that there is some floating widget of a cookiebot banner to streamline the process. Can it be done? I know one can place a link in the footer of the website but I guess a widget is nicer. In case of wordpress how do you in fact place the script for Cookie Declaration to appear again since it should work from the plugin settings?
I agree with Peter. The current implementation is not fully GDPR compliant. It is not as easy to withdraw consent as it was to give it in the first place. I know I can set-up a link at the bottom of the page with the following code <a href="javascript: Cookiebot.renew()">Cookie Settings</a> and use CSS to fix it to the bottom of the page - but this should be implemented by default by CookieBot. Is it possible to add this as a feature request?
Thanks
Frank
Please sign in to leave a comment.