Is it GDPR compliant to have all 4 checkboxes in the banner pre-ticked?




  • Avatar
    Paola Salviato

    If we keep using necessary cookies even without an explicit consent, just like you do, are we GDPR-compliant or not?

  • Avatar
    Søren Kjær

    "We have reached out to the Article 29 Data Protection Working Party for a clarification on how this will be interpreted under GDPR after 25 May 2018. We are still awaiting their answer and will inform all registered Cookiebot users when we receive a reply. We have also reached out to other relevant institutions to push for clarification. In addition, the lawyers of some of our large enterprise customers are also reaching out to relevant parties in search of clarification."

    Any news regarding this matter?

    Thank you for your time and effort to seek clarification.

  • Avatar
    Duncan Philps-Tate

    As of 09 August 2019, the UK Information Commissioner ( is explicit that pre-ticked cookie boxes as in your banner are not compliant with UK regulations (PECR) which are the relevant part of the rules for this. That applies even if a separate "OK" button needs to be clicked, as the pre-ticking and absence of an explicit rejection counts as "nudging" or pressuring people into proceeding. That does not meet the consent requirements of the GDPR.

    Can you comment on this please?

    PS: I am considering using Cookiebot but until you convince me on this, I cannot accept that you are compliant in other respects.

    PPS: I would agree that the requirements for cookie consent and GDPR are a total mess with a high proportion of large companies not properly meeting them.

Please sign in to leave a comment.