Can organisations use implied consent for cookies on their website?

Can organisations use implied consent for cookies on their website?

This is a question anyone with a website asks, the answer is a very clear – NO.

Since the ePrivacy Directive and the current draft of the new ePrivacy Regulation have adopted the same meaning for consent as defined in the GDPR, explicit consent is required before placing any non-essential cookies on an website users device.  It is also clear that sufficient information about the purpose of the cookie and category must be provided to the website user so they can make an informed decision whether to consent to the category of cookie or not.

The guidance the Irish DPC published explains the use of implied consent as:

You may not obtain consent by ‘implication’ to set cookies. This means that wording in your cookie banner or notice which inform users that, by their continued use of your website – either through clicking, using or scrolling it – that you will assume their consent to set cookies, is not permissible. 

Similarly, cookie banners that pop up when a user lands on a website and which subsequently disappear when a user scrolls, without any further engagement by the user with the banner or with information about cookies, are not compliant with the law. 

You cannot assume that a user who merely scrolls a page or clicks an element on the page has seen and read the information in a cookie banner, unless you can demonstrate clearly that they have engaged with the information and given their unambiguous consent to the setting of cookies and the purposes of the processing.

To read the full guidance click here.

CookieScan will automatically scan you site and categories any identified cookies the site uses.  The pop-up and cookie notice created will provide the site user with all the information about the cookie so they can provide explicit and informed consent.

CookieScan records the consent provided by the site users for the site owners (data controller) in case it is ever needed by the data controller, if a complaint is made against them for the use of cookies.

CookieScan is the site owners complete cookie management solution and can be relied on to keep the site GDPR and ePrivacy cookie compliant.

Ensure your website is PECR and ePrivacy compliant

Create a FREE CookieScan account today and start managing your cookie consent.

Get Started