In this guide you can read more about:
The ePrivacy Directive is a minimum set of rules that apply across Europe. This means that local guidelines and rulings may also apply depending on which country your user is located in. These rules are generally enforced by data authorities, e.g. CNIL (in France), ICO (in the UK), and Datatilsynet (in Denmark). You can read more: about the cookie laws and cookie authorities in Europe in this article.
The ePrivacy Directive is where you find the cookie rules and:
GDPR regulates what the rules and requirements are for obtaining a lawful consent. Because IP addresses are regarded as personal data the GDPR is applicable.
Don’t hide the page on your website. You have to make sure that your users can find it - and find it easily - otherwise your cookie setup won’t be compliant.
Although the general focus here is on data as a whole, how a company treats a website visitors cookies is a visible way of seeing how a company treats its data more generally.
Read more about website legal requirements
The description of what a cookie is, needs to be followed by why, how and what you use them for, e.g., “Cookies are used to enable certain features such as logging in to our website, to track site usage via analytics, and to store your user settings.”
You need to include a description of the different types of cookies you have on your website and how you use them, including but not limited to:
You need to include information about:
Many authorities, including the ICO and the Danish authorities, recommend that policies be split into sections that can be “unfolded” making it easier for the user to read and understand the content of the policy. A wall of text should be avoided.
One way of keeping track of consents and the evidence you need is through a consent management solution that tracks your cookie consents.
With Openli you can collect and document consent for all cookies used on your site. Our solution detects which cookies you use and collects compliant consents for those. With Openli you get a full audit trail, so you can prove consents to a data authority if you need to.