Is it GDPR compliant to have all 4 checkboxes in the banner pre-ticked?

Follow

Comments

4 comments

  • Avatar
    Paola Salviato

    If we keep using necessary cookies even without an explicit consent, just like you do, are we GDPR-compliant or not?

    0
    Comment actions Permalink
  • Avatar
    Søren Kjær

    "We have reached out to the Article 29 Data Protection Working Party for a clarification on how this will be interpreted under GDPR after 25 May 2018. We are still awaiting their answer and will inform all registered Cookiebot users when we receive a reply. We have also reached out to other relevant institutions to push for clarification. In addition, the lawyers of some of our large enterprise customers are also reaching out to relevant parties in search of clarification."

    Any news regarding this matter?

    Thank you for your time and effort to seek clarification.

    0
    Comment actions Permalink
  • Avatar
    Duncan Philps-Tate

    As of 09 August 2019, the UK Information Commissioner (ICO.org.uk) is explicit that pre-ticked cookie boxes as in your banner are not compliant with UK regulations (PECR) which are the relevant part of the rules for this. That applies even if a separate "OK" button needs to be clicked, as the pre-ticking and absence of an explicit rejection counts as "nudging" or pressuring people into proceeding. That does not meet the consent requirements of the GDPR.

    Can you comment on this please?

    PS: I am considering using Cookiebot but until you convince me on this, I cannot accept that you are compliant in other respects.

    PPS: I would agree that the requirements for cookie consent and GDPR are a total mess with a high proportion of large companies not properly meeting them.

    0
    Comment actions Permalink
  • Avatar
    Kasper Grønning Høg

    See the updated part of the article.

    The Article 29 Data Protection Working Party (WP29) has recently finalized and issued an updated Guidelines on consent under Regulation 2016/679 (wp259rev.01). In these guidelines they clearly state that the use of pre-ticked checkboxes (for cookie categories containing personal data) is not allowed under GDPR. They also state that consents obtained prior to 25 May 2018 by the use of pre-ticked checkboxes will not be valid after 25 May 2018. While we still believe that the Cookiebot solution – when implemented correctly – provides the required Privacy by Design, as long as we have no formal clarification, we do not want to run any unnecessary risks and especially not on your behalf.  

    0
    Comment actions Permalink

Please sign in to leave a comment.