What exactly is ‘prior consent’?
Under the EU GDPR, you must get a consent from your website users before you set any cookies that contain personal data other than those that are strictly necessary for the website to function. This means you have to hold back all those cookies and online trackers containing personal data that are not strictly necessary, until the user agrees to them by giving an appropriate consent. And if the user does not want for his/her personal data to be used that way and doesn’t give a consent, then you need to continue holding back everything but strictly necessary cookies.
How does Cookiebot help me ensure ‘prior consent’ on my website?
If correctly implemented, Cookiebot works like an on/off switch between the cookies and trackers in use on your website and the website users. If the user has not given a consent (yet), no cookies other than those strictly necessary are being set. This is very important because it gives you as the website owner full control of what cookies are being set – also cookies by third party providers that can otherwise be very difficult to control. As soon as the user gives the appropriate consent, the accepted cookies are being set immediately without any experienced delay.
Technically this is done by changing the attributes of the cookie-setting script tags on your website – see step 3 in our installation guide here: www.cookiebot.com/goto/help All cookies and online trackers in use on your website are identified by the Cookiebot scanner and included in the monthly scan report. This report also contains information about the exact location of the cookies/scripts on your website, so you can quickly find them and do the needed mark-up. Each scan report contains information about any new cookies since the last scan, so you can edit their attributes without having to go through all the cookies each time.
What should I do to implement ‘prior consent’ on my website?
For general implementation of 'prior consent' please see step 3 of our installation guide. https://www.cookiebot.com/goto/help
Other Cookiebot implementation guides that include instructions on how to enable ‘prior consent’:
How can I check if I have correctly implemented ‘prior consent’?
Many of the cookies and online trackers in use on a website cannot (easily) be seen in the browser. See Why does your scanner find cookies and trackers that I cannot myself find on my website? Where do they come from? for more information on this.
It is, however, possible to do a quick check that will give an indication of whether you have correctly implemented ‘prior consent’:
1. Open a new private/incognito browser window. This is very important because otherwise you may be carrying over cookies from another session
2. Open your browser’s web inspector/web console/developer and go to the area listing cookies
3. Enter your website’s URL
4. In the cookie consent banner that appears, choose not to allow any cookies other than those strictly necessary
5. Click around on your website and check if any cookies – other than the strictly necessary ones – are being set on your browser (i.e. appear on the cookie list in the web console). You can check your Cookiebot scan report (available under ‘Reports’ on your Cookiebot account) or the ‘Cookies’ page on your Cookiebot account to see what cookies are necessary and what cookies belong to the statistics, preferences and marketing categories
6. If you can see cookies being set that do not match your consent given in the cookie consent banner – e.g. if you are seeing marketing cookies even if you chose only to allow strictly necessary cookies, then it is good indicator that you have not yet correctly – or fully – implemented prior consent
7. You can also try to change your consent and allow all types of cookies. Check again to see what cookies and trackers are then being set.
8. Remember that this method is no guarantee that prior consent is correctly implemented. For this you need to make sure that all the cookies and trackers identified in the latest scan report have been correctly marked up as described in step 3 of our 3-step installation guide or the implementation guides listed in the Cookiebot support area. Unclassified cookies should also be marked up. If in doubt about their category, you can mark them up as marketing cookies to be on the safe side.
An example of doing a quick cookie inspection in the Safari browser's web inspector - only strictly necessary cookies being set after consent for 'necessary' only has been given:
Last updated: 18 May 2018