Is this what a fully compliant cookie consent tool looks like?
The vast majority of websites now have some form of cookie consent tool on them. The Information Commissioner’s Office have frequently implied, that the majority of these are not fit for purpose.
The main reason is most cookie consent tools do not seek specific consent for non-essential cookies. They lump them in with all types and do not give the user the ability to individually choose which they consent to before they are loaded. Many don’t even offer an option to remove consent — they simply inform the user of the use of cookies (86% according to one German study).
The ICO is clear that this is not ok:
The user must take a clear and positive action to give their consent to non-essential cookies — continuing to use your website does not constitute valid consent.
and
You must ensure that any non-essential cookies are not placed on your landing page — and similarly that any non-essential scripts or other technologies do not run until the user has given their consent.
[Taken from the ICO’s ‘What are the rules on cookies and similar technologies?’]
They also make it clear, that Google Analytics, does not fall into the category of an essential cookie:
A fully compliant cookie manager
This has led us to design a prototype for what we think is a fully compliant cookie tool. It uses the principles that:
- People can individually choose which cookies they want to allow
- No cookies are loaded until consent is given
- People can accept or block all non-essential cookies
- The difference between necessary and optional cookies is explained in language that people understand
You can see a clickable prototype here (the individual interactions don’t work, but hopefully you get the idea)
We’d love to hear what you think and what challenges you can see about implementing this on your website.
Get in touch on email — james@williamjoseph.co.uk or on Twitter @gadsby