<img src="https://secure.leadforensics.com/133892.png" alt="" style="display:none;">

To navigate your digital commerce business through the latest data protection regulations and guidelines, it’s important to understand the distinction between privacy and tracking requirements on the one hand and cookie and consent management on the other.  

The former is primarily concerned with what data is collected, how it is transmitted and where it is stored, which are all integral parts of the GDPR. This is at the center of the latest controversies surrounding the legality of Google Analytics in Europe. Inadequate protection of personal data by US-owned services has not yet been resolved with a new legal framework. 

Updated on: 02-2023


Cookie and consent management revolves around how you obtain consent, typically how your consent banner works. Obtaining consent is important for almost all types of cookies and how you do it is crucial for both ensuring compliance and a good UX – regardless what analytics solution you use.  

Many European DPAs have recently issued new or updated cookie guidelines to adapt and guarantee the e-Privacy Directive (ePD). Although these guidelines are not legally binding, they help clarify what could be considered non-compliant in individual cases by the DPAs.  

The purpose of this resource list is to summarize some of the most relevant cookie guidelines found in key European countries in terms of standards that either are stricter or that differ from some other DPAs. This will help give you a jump start in improving your banner’s compliance across markets and tailoring your banner to certain countries. 

shutterstock_1329426674

General EU-wide cookie consent guidelines 

The e-Privacy Directive supplements the GDPR and is also known as the “cookie law”, because its requirements were what led to initial more widespread use of cookie banners. The European Data Protection Board (EDPB) issued harmonized guidelines on cookies and consent in 2020 in alignment with and to clarify both the GDPR and ePD. You can refer to these for any other country that hasn’t issued individual guidelines or as a general benchmark. 

Here are some general recommendations we have put together based on an analysis of the EDPB and national guidelines: 

  • It must be just as easy to say yes as to say no 
  • Consent must be given clearly, unambiguously, freely and actively 
  • Consent rules must be applied to the fullest extent 
  • The language used must be clear to the user 
  • Disclose who stores and retrieves cookies, the purpose of processing, the term of validity and whether they are shared with third parties 
  • Link to your privacy and cookie policies 
  • It must be easy for the user to withdraw their consent. Referring to a process in a policy is probably not considered easily accessible and understandable for the user 
  • Dark patterns can lead to a higher penalty because of deliberately misleading the user 
  • Designing your cookie banner as a cookie wall is not permitted by a number of DPAs 
  • Conditional consent is not permitted 
  • Pre-filled checkboxes do not constitute actively giving consent 
  • Clicking “I understand" does not constitute giving consent 
  • Do not set tracking cookies prior to obtaining explicit consent 
  • Do not deny access to your website if consent is not given 

The national DPA cookie guidelines are generally in agreement on many of the points in our recommendations above. But some are silent on certain aspects of how cookie banners should be presented while others have set out specific guidelines for exactly how your cookie banner must be implemented which we will summarize below. 

Selection of cookie banner guidelines by country 

Austria: It must be just as easy to accept as to decline, meaning that you cannot have accept in a first layer and decline only in a second or third layer. Austrian cookie guidelines 

Germany: Clear options to accept and to decline must be visible and all activities requiring consent must be displayed granularly. German cookie guidelines 

UK: “Reject/block” cannot be placed in a second layer if “agree/consent” is in the first layer of your banner. UK cookie guidelines 

Italy: An “X” must be placed in the upper-right corner of your consent banner to close the banner. This must only load technical cookies and block all others until consent is given. Italian cookie guidelines 

Spain: “By continuing browsing, you consent” is permitted in Spain but you cannot have both that and an “accept all” button, only one or the other. Spanish cookie guidelines 

Denmark: Equal opportunity must be provided to accept or reject cookies, which means you must not mislead users with button colors or sizes. Danish cookie guidelines 

Netherlands: Reject and accept (either buttons or links) must be displayed in an equally prominent manner. Dutch cookie guidelines 

France: Put “reject all”, “accept all” and “preferences” all in first layer. Or only “accept all” and “preferences” with either a “continue without accepting” x button or the possibility to just continue browsing and the cookie banner disappears by itself after a short time.  French cookie guidelines 

Norway: Cookies can be accepted or rejected via a browser setting but information about cookies and purposes of processing must still be clearly visible, and this practice may soon be prohibited to harmonize with EU law. Norwegian cookie guidelines 

Please note that these selected guidelines are generally not identical to other countries but are not necessarily only applicable to one country. 

It’s still not completely clear how European companies should handle American cloud solutions. As we mentioned in this blogpost on privacy shield, this issue will most likely be cleared up in the spring of 2023. Until then, you need to focus on TIA (Transfer Impact Assessment) and on having control over your data by having a personal data controller.  

Putting it all together 

Ensuring your cookie banner simultaneously meets as many of these guidelines as possible will help you comply with all the highest standards. You could also take the opportunity to utilize certain exemptions in markets such as Spain and Norway that are generally not allowed in the others. 

Our blog post shows you examples of compliant cookie banners to help you along the way. 

If you would like help putting all of this together to master compliance and UX in your cookie and consent management, contact a Columbus digital commerce expert for hands-on assistance and strategic advice. 


Want to know more about Google Analytics 4?
Let our Growth Team tell you more about GA4 in this webinar Ondemand 🧩

SEE WEBINAR ONDEMAND

Topics

Discuss this post

Recommended posts

Every business sector knows the impact of customer churn—how the steady stream of departing customers can erode profits and destabilize even the most robust revenue streams. But what if there was a way to gain insights into the future, to anticipate and alleviate this risk to your business's financial success?
Litium has just released its annual Nordic Digital Commerce in B2B report. As usual, it’s easy to digest yet comprehensive with >900 respondents. It’s the go-to source of information for benchmarking yourself and getting B2B inspiration throughout 2024.
A new prominent trend is emerging in B2B digital commerce: experience-led commerce. The focus has shifted from transactional exchanges to emphasis on the journey, the experience, and the relationships between leading businesses.The implication is clear – it's not just about the product or service anymore. It's about the entire experience.
While traditional E-commerce models focus on product listings and price points, experience-led commerce zooms in on the entire customer journey. It emphasizes personalized content, interactive platforms, and a seamless transition between discovery and purchase, ensuring that the consumer feels engaged and valued.
Globally, economic downturns ripple through various markets, and the retail industry is no exception. In this ever-evolving landscape, this sector encounters new challenges, and the Northern Europe narrative emerges as both unique and instructive. For example UK, Sweden, Norway, and Denmark, offer different insights into resilience, adaptability, and innovation in retail amidst an unforgiving economic landscape.
right-arrow share search phone phone-filled menu filter envelope envelope-filled close checkmark caret-down arrow-up arrow-right arrow-left arrow-down