9 most common mistakes while implementing cookie banners that you must avoid
Common mistakes while implementing cookie banners that might cost you dearly!
- Cookies set on a user’s system without prior consent
When you visit a website, you are presented with a cookie banner, which allows you to select which kind of cookies you want the website to place on your device. If you look closely, though, you’ll notice that 20-25 cookies have already been set without you giving consent. Cookies, with the exception of those that are strictly essential, should be disabled until you have provided your approval.
- Pre-ticked check boxes
You load a website with a consent banner. However, all of the category check boxes have been pre-checked. This is not permitted under various privacy laws. A user / visitor must offer express consent i.e. opt-in under regulations like GDPR.
- Implied consent
Does cookie banner on your website reads as “By visiting this website you agree to our use of cookies” .
Well that is certainly a violation of major privacy regulations out there. Primarily because it is merely a notice and not a free consent.
- Cookie Wall
A cookie wall is a “take it or leave it”-scenario that a website sets up for users so that it can ensure to activate all cookies and trackers and get as much data as possible, even if it is against the user’s wishes. According to the Dutch, British and French DPA cookie walls are not allowed and it is considered a shady practice in the rest of Europe. On May 4, 2020, the European Data Protection Board (EDPB) released new guidelines that clarify the legality of cookie walls and what constitutes a valid consent. Cookie walls work by making access to a service conditional on the consent of users to process their personal data, and the EDPB states in their guidelines that this does not constitute valid consent.
“Access to services and functionalities must not be made conditional on the consent of a user to the storing, or gaining of access to information already stored, in the terminal equipment of a user” (EDPB guidelines 05/2020, page 11)
- Unable to withdraw consent
You’re on a website, and cookies are disabled unless you provide your approval. Hey, even the banner is attractive! But, after a while, you want to alter your mind, but there is no means to do so, let alone revoke your agreement totally. According to the GDPR, you should be able to revoke your permission as simply as you gave it.
- No Consent Logs
Any consent must be documented, and all tracking of personal data, including by embedded third-party services, must be documented, as well as the countries to which data is transported.
- Out of date Cookie Declaration
On average, 1/3rd of all cookies on a website are updated regularly. As you are obligated to notify your visitors about your cookies, which are effective at the time a user is accessing your website, a cookie declaration created in the previous month could be outdated.
- Expecting a user to delete cookies at their end
Many websites direct you to numerous websites that explain how to delete cookies from your browser. However, you shouldn’t have to because the website is in charge of placing cookies on your device and has a means to erase them. Thus, the website should have a mechanism to restrict or block cookies as per a user’s consent.
- What is the Cookie Consent Banner?
You are walking a tight rope if you have no clue about this!
Next Steps
You must put a proper Consent Management Platform in place for addressing some out of many issues as pointed out above. Ayottaz can help you implement a qualified Consent Management Solution depending upon the privacy regulations that apply to your business.
