Click to open contact form.
Your Global Partners in the Business of Innovation

EDPB Issues Do’s and Don’ts Regarding Cookies

Client Updates / January 30, 2023

Written by Haim Ravia and Dotan Hammer

The European Data Protection Board (EDPB) has published a draft document that explains the common view of the EU data protection authorities on the ‘do’ and ‘don’t’ rules for the use of cookies. The document was compiled by a dedicated task force of the national data protection authorities in EU member states that handle the hundreds of complaints filed by NOYB against websites claimed to violate the rules on cookies.

Among the rules presented in the document –

  • Most regulators believe that a button to decline cookies should be displayed next to the button accepting the use of cookies. The following two buttons will not suffice – one for accepting the use of cookies and the other for selecting particular cookies approved by the user.
  • All the regulators believe that the practice of presenting the various categories of the purposes of using cookies while they are pre-ticked for consent violates the GDPR and the ePrivacy directive.
  • The option to decline cookies should not be obscured. One example is when the decline option is a link in a textual description, while the accept option appears in a prominent button. Another example is when the degree of color contrast between the decline button and its text is so minimal that it becomes difficult to understand what the button is about. On the other hand, the regulators agreed that there is no justification for dictating specific instructions to website operators regarding the design of the colors in the decline and accept buttons. Each case must be examined on its own merits to ensure that the options are clear and not misleading or manipulative.
  • Website owners must allow users to easily return to the cookie consent menu at any time to change their selection and even withdraw their consent to the use of cookies.

The document emphasizes that it does not comprehensively describe all the rules that apply to placing cookies on websites but only presents selected issues that came up in the regulators’ enforcement action.

Click here to read the European Data Protection Board’s full report.

MEDIA HIGHLIGHTS