Why is it necessary to request cookie consent?
A company’s website is a key marketing and sales channel. It makes sense that we want to know who visits the website and what they do there. Additionally, we want to track every action from the moment a visitor arrives. This kind of tracking may not be harmful to the visitor, but if we put ourselves in their shoes, we would want to know what is being tracked and why, and who else is receiving that information. This is the core aim of GDPR—visitor awareness and consent. Therefore, it’s crucial to inform visitors about the use of cookies, provide access to details about the cookies being used, and offer the option to accept or decline them.
What are the key rules you need to follow? Here are the 5 most important requirements, illustrated with examples from websites developed by Nobel.
The five most important requirements
1. The website must provide a clear and easy way for visitors to decline all non-essential cookies.
Essential cookies are those required for the technical functioning of the website, such as cart cookies that store items in the visitor’s shopping cart or language preference cookies that remember the visitor’s language selection. These cookies don’t require user consent, as no personal data is being collected. However, all analytical and marketing cookies do require user consent.
One of the most common mistakes on websites is that they simply inform visitors about the use of cookies without actually asking for consent. Even if there’s a pop-up with buttons like “I understand” or “I agree,” but no option to decline, this is not a compliant solution.
2. Visitors must be able to review the cookies in use and selectively consent to specific ones.
It’s not enough to have just “Decline” or “Agree” buttons. Selective consent options are also necessary, but many websites overlook this. For example, a visitor might want to accept Google Maps cookies for using the map function but reject other analytical or marketing cookies.
3. It must be easy for visitors to change their consent.
A sharp-eyed visitor might notice that on many websites, the cookie pop-up disappears without a trace after a choice is made. However, GDPR stipulates that visitors must be able to withdraw their consent as easily as they initially gave it.
4. The website must include a proper cookie policy.
The cookie policy is a separate document or part of the privacy policy. It’s important to specify which cookies are being used and for what purposes. You can read more about this in our previous GDPR-related blog post: How to comply with GDPR and make your website’s privacy policy legal.
5. Ensure the solution actually works.
The fifth point is the most crucial. Requesting cookie consent means that no cookies should be loaded onto the visitor’s device before consent is given.
Despite this, it’s still common to see websites that offer buttons for consent or refusal, but the cookies are loaded onto the device before the visitor makes a choice. Even if the visitor clicks “Decline,” nothing happens, and the cookies are still active.
There are many plugins and tools available for adding cookie consent pop-ups to websites, but choosing the right one can be a challenge. Many solutions don’t meet the requirements at all, while others need proper configuration to work correctly.
At Nobel, we pay close attention to this small but important detail when developing websites. We implement cookie consent pop-ups that comply with legal requirements in terms of both functionality and technical performance. Additionally, we customize them to match the company’s branding, ensuring they fit seamlessly into the website.
Does your website have a compliant solution? Get in touch with Nobel Digital! We’ll conduct a quick audit of your website and, if necessary, configure and add a proper cookie consent pop-up.
Author: Vahur Mäe, Nobel Digital Web Services Product Manager
