What is required?
According to GDPR Article 7.3 and Article 29 Data Protection Working Party (WP29)'s updated Guidelines on transparency under Regulation 2016/679 (wp260rev.01) it has to be as easy for the website user to withdraw a consent as it was to give it in the first place. It should be clear to the website user - at the time when the user is asked for consent regarding the use of his personal data - that the consent can be withdrawn at any time.
How can I implement it?
1. The Cookie Declaration
(Please see What is the Cookie Declaration (cookie policy) and what is included in it? for instructions on how to implement the Cookie Declaration on your website).
The possibility for the website user to withdraw - and/or change - a consent is automatically included in the standard template for the Cookie Declaration. This can be implemented as a separate page on your website or it can be embedded into an existing Privacy Policy or similar. You can see an example of the standard Cookie Declaration implemented as a separate page here: https://www.cookiebot.com/goto/cookie-declaration/
If you have correctly followed the last part of step 3 in our 3-step installation guide and implemented the Cookie Declaration, then the user will be able to see his current consent (what categories of cookies consent has been given for), change his consent or completely withdraw his consent.
An example of this from Cookiebot’s own website is shown below:
Please see our introduction to the Cookie Declaration What is the Cookie Declaration (cookie policy) and what is included in it?
2. Using the Cookiebot API
If you do not wish to make use of the Cookie Declaration, then you must provide alternative ways for the user to easily – as easily as it was given – withdraw their consent.
This can be done using the Cookiebot API and you can insert the JavaScript functions "Cookiebot.renew()" or “Cookiebot.withdraw()” which will renew or withdraw a consent by showing the cookie consent dialog to the user:
<a href="javascript: Cookiebot.renew()">Change your consent</a>
<a href="javascript: Cookiebot.withdraw()">Revoke your consent</a>
3. Deleting cookies
As an alternative, the user can always change or withdraw a cookie consent simply by deleting all cookies for your domain or by deleting the two specific cookies "CookieConsent" and "CookieConsentBulkTicket".
Read our blog post: Cookie consent | How do I comply with the GDPR?
Last updated: 28 May 2018
Comments
2 comments
After clicking the 'Withdraw your consent' button and removing all cookies, when I open the CookieBot modal my toggle's are still switched to enabled. How can I use the Withdraw your Consent button to set values in Local Storage that will set the toggles to a disabled state?
You see, it is stated: "it has to be as easy for the website user to withdraw a consent as it was to give it in the first place."
Now, let's look at the process. The banner pop-up, the user sets choices and allows cookies. Period.
Now, to revoke the consent, the user must think how to do it, perhaps will check our privacy policy, if that is done and there is a note in a privacy policy, the user finds the link to cookie declaration and only then it can change its choices. Alternatively, the user will clear browsing data.
The question is: Is it as easy as giving a consent. In my opinion, it is not. What I suggest is that there is some floating widget of a cookiebot banner to streamline the process. Can it be done? I know one can place a link in the footer of the website but I guess a widget is nicer. In case of wordpress how do you in fact place the script for Cookie Declaration to appear again since it should work from the plugin settings?
Please sign in to leave a comment.