Under the EU GDPR, you must get consent from website users before you set any cookies that contain personal data other than those that are strictly necessary for the website to function. This means you have to block cookies and online trackers containing personal data that are not strictly necessary, until the user agrees to them by giving appropriate consent. If the user does not want their personal data to be used that way and does not give consent, then you need to continue blocking everything but strictly necessary cookies.
The EU ePrivacy Directive (ePR) is even more far-reaching than the GDPR when it comes to prior consent. The ePR states that you need to give your users clear and comprehensive information about the purpose of your cookies and online trackers and get their consent before setting any kind of cookies other than those strictly necessary. In terms of the use of cookies and online tracking, this means that for anything other than strictly necessary cookies (that is, preference cookies, statistics cookies, and marketing cookies), the user must give consent before you can set those cookies.
How does Cookiebot help me ensure 'prior consent' on my website?
If correctly implemented, Cookiebot works like an on/off switch between the cookies and trackers in use on your website and the website users. If the user has not given consent yet, no cookies other than those strictly necessary are set. This is very important because it gives you as the website owner full control of what cookies are set, also cookies by third-party providers that can otherwise be very difficult to control. As soon as the user gives appropriate consent, the accepted cookies are set immediately without any experienced delay.
You can set this up automatically by following one of our installation guides here.
You may choose to implement prior consent in automatic or manual blocking mode. This is done by changing the attributes of the cookie-setting script tags on your website. You can find more information about it here: Blocking cookies.
All cookies and online trackers in use on your website are identified by the Cookiebot scanner and included in the monthly scan report. This report also contains information about the exact location of the cookies/scripts on your website, so you can quickly find them and do the needed mark-up. Each scan report contains information about any new cookies since the last scan, so you can edit their attributes without having to go through all the cookies each time.
What should I do to implement 'prior consent' on my website?
You can achieve automatic blocking of cookies until prior consent has been given by implementing Cookiebot in auto-blocking mode, as described here: Automatic cookie blocking
Otherwise, if you wish to use manual blocking mode for 'prior consent', see: Manual cookie blocking
How can I check if I have correctly implemented 'prior consent'?
Many of the cookies and online trackers in use on a website cannot easily be seen in the browser. See What kinds of cookies and tracking technologies does Cookiebot find? for more information on this.
It is, however, possible to do a quick check that will give an indication of whether you have correctly implemented 'prior consent':
- Open a new private or incognito browser window. This is very important because otherwise you may be carrying over cookies from another session
- Open your browser's web inspector, web console, or developer tools and go to the area listing cookies
- Enter your website's URL
- In the consent banner that appears, choose not to allow any cookies other than those strictly necessary
- Click around on your website and check if any cookies, other than the strictly necessary ones, are being set on your browser (that is, appear on the cookie list in the web console). You can check your Cookiebot scan report (available under 'Reports' on your Cookiebot account) or the 'Cookies' page on your Cookiebot account to see what cookies are necessary and what cookies belong to the statistics, preferences, and marketing categories
- If you can see cookies being set that do not match the consent given in the consent banner, for example, if you are seeing marketing cookies even if you chose only to allow strictly necessary cookies, then it is a good indicator that you have not yet correctly, or fully, implemented prior consent
- You can also try to change your consent and allow all types of cookies. Check again to see what cookies and trackers are then being set.
- Remember that this method is no guarantee that prior consent is correctly implemented. For this you need to make sure that all the cookies and trackers identified in the latest scan report have been correctly marked up as described in our guides. Unclassified cookies should also be marked up. If in doubt about their category, you can review the scan report for more details about each cookie.
Comments
0 comments
Please sign in to leave a comment.