GDPR Cookie Consent: What’s next in the Data Protection Regulation?

GDPR Cookie Consent

Cookie consent is one of the cornerstones of the EU’s GDPR. The Court of Justice of the European Union in the Planet 49 case eliminated active consent (GDPR standard). Consent must be freely given, specific, informed and unambiguous. Inappropriate pressure or influence affects the outcome of the choice, the consent invalid. In doing so, the legal liabilities can create an imbalance between the controller and the data subject into consideration. 

Successive to the judgment, Data Protection authorities of Spain, Germany, and others prosecute actions against websites that do not have a gdpr cookie consent. 

The purpose of GDPR regulation is to provide individuals with more control over their own data and to manage how the data is collected, processed and used. 

Under GDPR and ePrivacy, you must grant consent before you install cookies on your computer. 

While GDPR is based in the EU, this new regulation impacts businesses around the world. Therefore, if you sell to or do business with prospects in the EU, this article is what you need to understand how data collection regulation impacts your marketing plans. 

What should cookie consent include? 

The procedure of collecting cookie consent explicitly informs the user of the cookies you run on your sites. Furthermore, the consent includes the user’s entitlement to grant or refuse consent and how they exercise that right. 

Cookie consent should be informed, explicit, and offered via a clear opt inactivity. Your GDPR cookie consent must: 

  • exhibit a visible cookie banner at the user’s first visit. 
  • provide a link in the banner for a more detailed cookie policy. 
  • block all non-exempt cookies and scripts from being extended until after consent is received. 
  • Collect consent via a crystal clear opt-in action. 

Regarding the refusal of consent, the law states that users should be allowed to refuse their consent. Furthermore, concerning withdrawing or refusing consent, you must provide:

  • Information on how users can retrieve consent and the action required to do so 
  • A means by which the user accept or decline cookies 

You may not directly entertain the consent mechanism however, in some cases you should examine browser settings to be an acceptable meaning of withdrawing consent.   

How often are Consent collections and banners re-shown?

After showing the cookie banner at the user’s first visit, you don’t have to repeat showing the banner at every visit of the user. However, you should review the banner at substantial intervals. 

  • It would be best to consider several reasons and circumstances that can trigger the need to ask visitors to “re-consent” and consequently resurface the banner. 
  • For instance, if you manage a non-exempt party cookie, you require fresh consent previously collected from the user to apply only to third parties that you declare at the time of collection. 
  • For assistance with the requirement, the cookie consent will allow you to update cookie policy collection easily. 


GDPR is the first major milestone on the journey to rebuilding consumer trust for transparent delivery around data collection and use, but it most certainly is not the last. By internalizing cookie consent now, companies can insulate themselves from future upheavals and keep disruption to a minimum. 

Cookie consent is not a silver bullet when it comes to the processing of personal information. Therefore, choose consent as the last option before processing personal data.