What is required?
According to GDPR Article 7.3 and Article 29 Data Protection Working Party (WP29)'s updated Guidelines on transparency under Regulation 2016/679 (wp260rev.01) it has to be as easy for the website user to withdraw a consent as it was to give it in the first place. It should be clear to the website user - at the time when the user is asked for consent regarding the use of his personal data - that the consent can be withdrawn at any time.
How can I implement it?
1. The Cookie Declaration
(Please see What is the Cookie Declaration (cookie policy) and what is included in it? for instructions on how to implement the Cookie Declaration on your website).
The possibility for the website user to withdraw - and/or change - a consent is automatically included in the standard template for the Cookie Declaration. This can be implemented as a separate page on your website or it can be embedded into an existing Privacy Policy or similar. You can see an example of the standard Cookie Declaration implemented as a separate page here: https://www.cookiebot.com/goto/cookie-declaration/
If you have correctly followed the last part of step 3 in our 3-step installation guide and implemented the Cookie Declaration, then the user will be able to see his current consent (what categories of cookies consent has been given for), change his consent or completely withdraw his consent.
An example of this from Cookiebot’s own website is shown below:
Please see our introduction to the Cookie Declaration What is the Cookie Declaration (cookie policy) and what is included in it?
2. Using the Cookiebot API
If you do not wish to make use of the Cookie Declaration, then you must provide alternative ways for the user to easily – as easily as it was given – withdraw their consent.
This can be done using the Cookiebot API and you can insert the JavaScript functions "Cookiebot.renew()" or “Cookiebot.withdraw()” which will renew or withdraw a consent by showing the cookie consent dialog to the user:
<a href="javascript: Cookiebot.renew()">Change your consent</a>
<a href="javascript: Cookiebot.withdraw()">Revoke your consent</a>
3. Deleting cookies
As an alternative, the user can always change or withdraw a cookie consent simply by deleting all cookies for your domain or by deleting the two specific cookies "CookieConsent" and "CookieConsentBulkTicket".
Read our blog post: Cookie consent | How do I comply with the GDPR?
Last updated: 28 May 2018
Comments
1 comment
After clicking the 'Withdraw your consent' button and removing all cookies, when I open the CookieBot modal my toggle's are still switched to enabled. How can I use the Withdraw your Consent button to set values in Local Storage that will set the toggles to a disabled state?
Please sign in to leave a comment.