<img src="https://secure.leadforensics.com/133892.png" alt="" style="display:none;">

To navigate your digital commerce business through the latest data protection regulations and guidelines, it’s important to understand the distinction between privacy and tracking requirements on the one hand and cookie and consent management on the other.  

The former is primarily concerned with what data is collected, how it is transmitted and where it is stored, which are all integral parts of the GDPR. This is at the center of the latest controversies surrounding the legality of Google Analytics in Europe. Inadequate protection of personal data by US-owned services has not yet been resolved with a new legal framework. 

Updated on: 02-2023

Cookie and consent management revolves around how you obtain consent, typically how your consent banner works. Obtaining consent is important for almost all types of cookies and how you do it is crucial for both ensuring compliance and a good UX – regardless what analytics solution you use.  

Many European DPAs have recently issued new or updated cookie guidelines to adapt and guarantee the e-Privacy Directive (ePD). Although these guidelines are not legally binding, they help clarify what could be considered non-compliant in individual cases by the DPAs.  

The purpose of this resource list is to summarize some of the most relevant cookie guidelines found in key European countries in terms of standards that either are stricter or that differ from some other DPAs. This will help give you a jump start in improving your banner’s compliance across markets and tailoring your banner to certain countries. 


General EU-wide cookie consent guidelines 

The e-Privacy Directive supplements the GDPR and is also known as the “cookie law”, because its requirements were what led to initial more widespread use of cookie banners. The European Data Protection Board (EDPB) issued harmonized guidelines on cookies and consent in 2020 in alignment with and to clarify both the GDPR and ePD. You can refer to these for any other country that hasn’t issued individual guidelines or as a general benchmark. 

Here are some general recommendations we have put together based on an analysis of the EDPB and national guidelines: 

  • It must be just as easy to say yes as to say no 
  • Consent must be given clearly, unambiguously, freely and actively 
  • Consent rules must be applied to the fullest extent 
  • The language used must be clear to the user 
  • Disclose who stores and retrieves cookies, the purpose of processing, the term of validity and whether they are shared with third parties 
  • Link to your privacy and cookie policies 
  • It must be easy for the user to withdraw their consent. Referring to a process in a policy is probably not considered easily accessible and understandable for the user 
  • Dark patterns can lead to a higher penalty because of deliberately misleading the user 
  • Designing your cookie banner as a cookie wall is not permitted by a number of DPAs 
  • Conditional consent is not permitted 
  • Pre-filled checkboxes do not constitute actively giving consent 
  • Clicking “I understand" does not constitute giving consent 
  • Do not set tracking cookies prior to obtaining explicit consent 
  • Do not deny access to your website if consent is not given 

The national DPA cookie guidelines are generally in agreement on many of the points in our recommendations above. But some are silent on certain aspects of how cookie banners should be presented while others have set out specific guidelines for exactly how your cookie banner must be implemented which we will summarize below. 

Selection of cookie banner guidelines by country 

Austria: It must be just as easy to accept as to decline, meaning that you cannot have accept in a first layer and decline only in a second or third layer. Austrian cookie guidelines 

Germany: Clear options to accept and to decline must be visible and all activities requiring consent must be displayed granularly. German cookie guidelines 

UK: “Reject/block” cannot be placed in a second layer if “agree/consent” is in the first layer of your banner. UK cookie guidelines 

Italy: An “X” must be placed in the upper-right corner of your consent banner to close the banner. This must only load technical cookies and block all others until consent is given. Italian cookie guidelines 

Spain: “By continuing browsing, you consent” is permitted in Spain but you cannot have both that and an “accept all” button, only one or the other. Spanish cookie guidelines 

Denmark: Equal opportunity must be provided to accept or reject cookies, which means you must not mislead users with button colors or sizes. Danish cookie guidelines 

Netherlands: Reject and accept (either buttons or links) must be displayed in an equally prominent manner. Dutch cookie guidelines 

France: Put “reject all”, “accept all” and “preferences” all in first layer. Or only “accept all” and “preferences” with either a “continue without accepting” x button or the possibility to just continue browsing and the cookie banner disappears by itself after a short time.  French cookie guidelines 

Norway: Cookies can be accepted or rejected via a browser setting but information about cookies and purposes of processing must still be clearly visible, and this practice may soon be prohibited to harmonize with EU law. Norwegian cookie guidelines 

Please note that these selected guidelines are generally not identical to other countries but are not necessarily only applicable to one country. 

It’s still not completely clear how European companies should handle American cloud solutions. As we mentioned in this blogpost on privacy shield, this issue will most likely be cleared up in the spring of 2023. Until then, you need to focus on TIA (Transfer Impact Assessment) and on having control over your data by having a personal data controller.  

Putting it all together 

Ensuring your cookie banner simultaneously meets as many of these guidelines as possible will help you comply with all the highest standards. You could also take the opportunity to utilize certain exemptions in markets such as Spain and Norway that are generally not allowed in the others. 

Our blog post shows you examples of compliant cookie banners to help you along the way. 

If you would like help putting all of this together to master compliance and UX in your cookie and consent management, contact a Columbus digital commerce expert for hands-on assistance and strategic advice. 

Want to know more about Google Analytics 4?
Let our Growth Team tell you more about GA4 in this webinar Ondemand 🧩



Discuss this post

Recommended posts

In today’s fast-paced E-commerce landscape, businesses need to remain agile and adaptable to stay ahead of the curve. The key to success lies in the ability to continuously evolve and tailor your online store to meet the ever-changing needs of your customers. This is where decoupling your SAP Commerce Cloud-based store and embracing a Storefront Framework’s composable commerce capabilities come into play. Embark on this thrilling journey and you will unveil the incredible potential of your online store and unlock a world of new possibilities. In this video, Dan Andersson gives you insights for how to evolve your SAP Commerce store with the power of the new storefront framework.
On March 1st Google will automatically move properties from Universal Analytics to Google Analytics 4. Why is this a problem? If you don’t prepare for this move, the adjustments and settings you have made outside of the basic settings will be lost and you will be left with new, unnecessary and messy properties. But there is a simple way to stop it.  Here's everything you need to know.
Increasing numbers of B2B companies are investing in customer portals where they can offer the customer a personalised buying experience that includes digital assistance and information. But there are still companies that take orders via telephone or email and close new deals using salespeople out in the field.
What your customers don’t have enough of is more time. So it’s no surprise that online self-service is increasing in popularity. With a customer portal, you can increase sales, offer new services and simultaneously streamline and reduce costs for customer service. Being able to offer your customers a portal is starting to become a hygiene factor, particularly today where your customers have more options, more products to choose between, more information facilitating the buying decision and an increased range of channels for handling aftermarket issues.
The digital transformation has changed our purchasing behaviour. Because modern consumers collect information, compare and weigh up the advantages and disadvantages by themselves before making a buying decision, they have often come a long way in the purchase process before approaching a supplier. To create business opportunities and gain repeat custom, you need to achieve an experience that extends across and is the same in all channels. This is particularly clear in the B2B sector. To succeed here, it's best to start at the other end and collect information about your customers to achieve a 360-degree view.
right-arrow share search phone phone-filled menu filter envelope envelope-filled close checkmark caret-down arrow-up arrow-right arrow-left arrow-down