Skip to main content

Why is not GDPR compliant?



  • Hi gdpr,

    We do not set other than strictly necessary cookies before the user has consented. However, if the user continues to use the website without explicitly hitting the "OK"-button on the consent banner - for example by scrolling or navigating - an implied consent is submitted with the pre-defined setting in the banner, which per default is accept of preference and statistic cookies, but not marketing cookies. It is important to understand that preference and statistic cookies are not governed under the GDPR, as they do not process personal data, whereas the marketing category requieres explicit opt-in, as these types of cookies are governed under GDPR. When submitting an implied consent as described, the marketing category is not pre-ticked and therefor the user does not opt-in to marketing cookies when submitting implied consent. Preference and statistic cookies are governed under the ePrivacy Directive which allows implied consent as long as you inform the visitor that a continued use of the website constitutes consent.

    You can read more about how to configure Cookiebot for GDPR-compliance when using implied/active consent here: What type of cookie consent banner should I use (to be GDPR compliant)?


  • Diego

    Hi, we think Cookiebot doesn't comply with the GDPR:

    Unclassified cookies: during the process of updating cookies made by Cookiebot, the tool may not recognize the classification of certain cookies. These cookies are called "unclassified cookies" by Cookiebot. Once a month, the provider sends a report to our company with the detail of the update of the cookies of the month. It is at that time, once a month, when the corresponding department of our company can manually classify the unclassified cookies that have been detected.

    Non-compliance with the GDPR: As a priori, these cookies are not classified and the tool does not recognize them, it instalss them automatically in the devices of the users without their consent because it is not known if they may be necessary until manually classified by our company's department.

    Could anybody solve my questions?

    Thanks in advance!

  • Brian Mørkeberg Lundkvist

    Hi Diego

    While we do send out scan reports once a month, scans can be started anytime ad-hoc at no extra cost or can be configured to be scheduled to run daily at a premium. 

    Meta-data for cookies, including description and categorization can be created and updated at any time.

    We suggest that you always keep an eye on your unclassified cookies and that you make sure to categorize them as soon as possible. We would also recommend always ordering a new scan whenever making changes to your website involving adding new technology, third party plugins or other addons. Likewise when changing settings in existing plugins or addons.


Please sign in to leave a comment.