What should a cookie banner meet?
AVG and the ePrivacy Regulation
In most of the websites, you as a visitor had little choice when it comes to cookies. If you want to visit the website, you agree to the terms or not, whether you click on ‘agree’ or not – and the website places all cookies. With the advent of the GDPR and the ePrivacy Regulation, this is no longer allowed. Below are two cookie banners that are not AVG compliant. Why? I’ll explain later.
According to the GDPR and the ePrivacy Regulation, it is not allowed to place marketing cookies (also called tracking cookies) without the consent of the visitor. Websites are not allowed to place these marketing cookies until the visitor has given permission. At this point the cookie banners of RTL and Bol.com. What are they violating the privacy law with? To do this, we first need to know the requirements of a cookie banner.
A cookie banner that complies with the GDPR must:
📌 provide information about which cookies are used.
📌 indicate which personal data are processed and what happens with it.
📌 block all but necessary cookies until the visitor has given permission with an active action.
📌 Keep a complete documentation of all given consents.
📌 give visitors the opportunity to refuse non-necessary cookies and still use the website.
📌 give visitors the opportunity to withdraw their permission whenever they want.
Cookie banners that do not offer these functionalities are not AVG compliant. If you read the requirements correctly, you will see that the cookie banners of RTL and Marketingfacts do not meet all the requirements. As a visitor, you do not have the option to refuse non-necessary cookies and still use the website. To view their websites you have to agree to all cookies. So this is no longer allowed.