What is ‘prior consent’ and how do I implement it?

What exactly is ‘prior consent’?

Under the EU GDPR, you must get a consent from your website users before you set any cookies that contain personal data other than those that are strictly necessary for the website to function. This means you have to hold back all those cookies and online trackers containing personal data that are not strictly necessary, until the user agrees to them by giving an appropriate consent. And if the user does not want for his/her personal data to be used that way and doesn’t give a consent, then you need to continue holding back everything but strictly necessary cookies.

The EU ePrivacy Directive (ePR) is even more far-reaching than the GDPR when it comes to prior consent. The ePR states that you need to give your users clear and comprehensive information about the purpose of your cookies and online trackers and get their consent before setting any kind of cookies other than those strictly necessary. In terms of the use of cookies and online tracking, this means that for anything other than strictly necessary cookies (i.e. preference cookies, statistics cookies and marketing cookies), the user must give a consent before you can set those cookies.

How does Cookiebot help me ensure ‘prior consent’ on my website?

If correctly implemented, Cookiebot works like an on/off switch between the cookies and trackers in use on your website and the website users. If the user has not given a consent (yet), no cookies other than those strictly necessary are being set. This is very important because it gives you as the website owner full control of what cookies are being set – also cookies by third party providers that can otherwise be very difficult to control. As soon as the user gives the appropriate consent, the accepted cookies are being set immediately without any experienced delay.

You can set this up automatically by following our three step installation guide here: www.cookiebot.com/goto/help

You may also choose to implement prior consent manually on your website. Technically this is done by changing the attributes of the cookie-setting script tags on your website – see step 4 in our installation guide here: https://cookiebot.com/goto/manual-implementation All cookies and online trackers in use on your website are identified by the Cookiebot scanner and included in the monthly scan report. This report also contains information about the exact location of the cookies/scripts on your website, so you can quickly find them and do the needed mark-up. Each scan report contains information about any new cookies since the last scan, so you can edit their attributes without having to go through all the cookies each time.

What should I do to implement ‘prior consent’ on my website?

You may achieve automatic blocking of Cookies until prior consent has been given simply by implementing Cookiebot as described in our 3 step guide here: https://cookiebot.com/goto/help/

For manual implementation of 'prior consent' please see step 4 of our installation guide.

Other Cookiebot implementation guides that include instructions on how to enable ‘prior consent’:

• Google Tag Manager deployment
• Wordpress guides and articles
• Cookiebot and Squarespace
• Wix installation
• Adobe Dynamic Tag Management deployment
• Joomla installation
• Prestashop installation
• Drupal installation
• New: Implement Google Analytics using Gtag (Global Site Tag)
• Controlling Google Analytics Universal with Cookiebot
• AdWords Remarketing Tag cookie consent

How can I check if I have correctly implemented ‘prior consent’?

Many of the cookies and online trackers in use on a website cannot (easily) be seen in the browser. See What kinds of cookies and tracking technologies does Cookiebot find? for more information on this.

It is, however, possible to do a quick check that will give an indication of whether you have correctly implemented ‘prior consent’:

1. Open a new private/incognito browser window. This is very important because otherwise you may be carrying over cookies from another session
2. Open your browser’s web inspector/web console/developer and go to the area listing cookies
3. Enter your website’s URL
4. In the cookie consent banner that appears, choose not to allow any cookies other than those strictly necessary
5. Click around on your website and check if any cookies – other than the strictly necessary ones – are being set on your browser (i.e. appear on the cookie list in the web console). You can check your Cookiebot scan report (available under ‘Reports’ on your Cookiebot account) or the ‘Cookies’ page on your Cookiebot account to see what cookies are necessary and what cookies belong to the statistics, preferences and marketing categories
6. If you can see cookies being set that do not match your consent given in the cookie consent banner – e.g. if you are seeing marketing cookies even if you chose only to allow strictly necessary cookies, then it is good indicator that you have not yet correctly – or fully – implemented prior consent
7. You can also try to change your consent and allow all types of cookies. Check again to see what cookies and trackers are then being set.
8. Remember that this method is no guarantee that prior consent is correctly implemented. For this you need to make sure that all the cookies and trackers identified in the latest scan report have been correctly marked up as described in step 4 of our 4-step manual installation guide or the implementation guides listed in the Cookiebot support area. Unclassified cookies should also be marked up. If in doubt about their category, you can mark them up as marketing cookies to be on the safe side.