Accept All vs. Reject All in cookie pop-ups - the buttons have to be equal

Stine Mangor Tornmark
Written by
Stine Mangor Tornmark
on
February 19, 2021

The legal landscape of cookie compliance changes rapidly and it can be a challenge to constantly stay up-to-date with the newest guidelines and directives. Additionally, there is a confusing jungle of different cookie solution providers out there. Especially for non-pros, it can be tough to identify which providers are compliant and what official requirements cookie consent design needs to adhere to.

Recently, the French Data Protection Authority (CNIL) sent out notices to 300 significantly large public and private organizations in France, reminding them of the new cookie guidelines and the need to adapt their cookie solutions.

In addition, CNIL also recently issued massive fines against Amazon and Google, and therefore, using big companies as a trustworthy example of compliant solutions can turn out as a pitfall for other organizations.

So what do you need to know to ensure your cookie solution compliance? Use this 6-step checklist to confidently identify the most important aspects your cookie solution needs to entail to become compliant:

  • Active consent: Unnecessary cookies cannot be pre-ticked, you cannot track your users before receiving their consent. Additionally, consent must be obtained for each cookie category separately - e.g. with a separate check box. Note: There is no need to ask for consent for every single cookie, the overall category is sufficient.
  • Explain the purpose: Give detailed information on how you use your cookies. “We use cookies on this website” banners aren’t enough.
  • Equal opportunities: You must ensure that you offer an equal opportunity to say “yes” and “no” to cookies. The commonly used “Accept All” and “Cookie Settings” buttons are NOT sufficient. If your cookie solution includes an “Accept All” button there must be a “Reject All” button on the same level and format, i.e., button size, colour, and location must be the same.
  • Withdraw consent: It must be just as easy to withdraw consent as it has been to give. You have to provide an easily accessible and understandable option for users to withdraw their consent, e.g., a guide.
  • Consent documentation: If somebody knocks on your door and asks about a specific consent, you have to be able to provide that exact documentation of the consent. It is important to have a hub where all your consents are stored and easily accessible for you.
  • Cookie Policy: No cookie widget is complete without its cookie policy as it is an important part of the legal requirements for your website. Here you can find out what has to be included.

As website users you probably know the struggle of not wanting to accept all cookies, however, not being ready to enter the complicated cookie settings adventures to finally reject them. Now you know, when opportunities to choose are intransparent and complicated the cookie solution might be illegal. After gaining these insights, do you also feel like scanning your website for compliance?

Compliant ✅

Openli founder team

Not compliant ❌

Openli founder team

Further reading

Openli Guides

Additional Sources:

https://www.datatilsynet.dk/Media/E/7/Quickguide.pdf
https://www.huntonprivacyblog.com/2021/02/04/cnil-calls-organizations-to-audit-their-sites-and-apps-for-cookie-compliance/
https://www.businessinsider.com/google-amazon-fined-163-million-by-france-cnil-cookie-tracking-2020-12?r=US&IR=T

Join our in-house legal & privacy community

Join one of the fastest growing legal communities in Europe. Learn, share, connect and meet inspiring legal professionals, leaders and experts all for free.
Openli community
Apply to join

Privacy Newsletter

Sign up for a regular dose of news and updates from the legal landscape.