<img src="https://secure.leadforensics.com/133892.png" alt="" style="display:none;">

To navigate your digital commerce business through the latest data protection regulations and guidelines, it’s important to understand the distinction between privacy and tracking requirements on the one hand and cookie and consent management on the other.  

The former is primarily concerned with what data is collected, how it is transmitted and where it is stored, which are all integral parts of the GDPR. This is at the center of the latest controversies surrounding the legality of Google Analytics in Europe. Inadequate protection of personal data by US-owned services has not yet been resolved with a new legal framework. 

Updated on: 02-2023

Cookie and consent management revolves around how you obtain consent, typically how your consent banner works. Obtaining consent is important for almost all types of cookies and how you do it is crucial for both ensuring compliance and a good UX – regardless what analytics solution you use.  

Many European DPAs have recently issued new or updated cookie guidelines to adapt and guarantee the e-Privacy Directive (ePD). Although these guidelines are not legally binding, they help clarify what could be considered non-compliant in individual cases by the DPAs.  

The purpose of this resource list is to summarize some of the most relevant cookie guidelines found in key European countries in terms of standards that either are stricter or that differ from some other DPAs. This will help give you a jump start in improving your banner’s compliance across markets and tailoring your banner to certain countries. 


General EU-wide cookie consent guidelines 

The e-Privacy Directive supplements the GDPR and is also known as the “cookie law”, because its requirements were what led to initial more widespread use of cookie banners. The European Data Protection Board (EDPB) issued harmonized guidelines on cookies and consent in 2020 in alignment with and to clarify both the GDPR and ePD. You can refer to these for any other country that hasn’t issued individual guidelines or as a general benchmark. 

Here are some general recommendations we have put together based on an analysis of the EDPB and national guidelines: 

  • It must be just as easy to say yes as to say no 
  • Consent must be given clearly, unambiguously, freely and actively 
  • Consent rules must be applied to the fullest extent 
  • The language used must be clear to the user 
  • Disclose who stores and retrieves cookies, the purpose of processing, the term of validity and whether they are shared with third parties 
  • Link to your privacy and cookie policies 
  • It must be easy for the user to withdraw their consent. Referring to a process in a policy is probably not considered easily accessible and understandable for the user 
  • Dark patterns can lead to a higher penalty because of deliberately misleading the user 
  • Designing your cookie banner as a cookie wall is not permitted by a number of DPAs 
  • Conditional consent is not permitted 
  • Pre-filled checkboxes do not constitute actively giving consent 
  • Clicking “I understand" does not constitute giving consent 
  • Do not set tracking cookies prior to obtaining explicit consent 
  • Do not deny access to your website if consent is not given 

The national DPA cookie guidelines are generally in agreement on many of the points in our recommendations above. But some are silent on certain aspects of how cookie banners should be presented while others have set out specific guidelines for exactly how your cookie banner must be implemented which we will summarize below. 

Selection of cookie banner guidelines by country 

Austria: It must be just as easy to accept as to decline, meaning that you cannot have accept in a first layer and decline only in a second or third layer. Austrian cookie guidelines 

Germany: Clear options to accept and to decline must be visible and all activities requiring consent must be displayed granularly. German cookie guidelines 

UK: “Reject/block” cannot be placed in a second layer if “agree/consent” is in the first layer of your banner. UK cookie guidelines 

Italy: An “X” must be placed in the upper-right corner of your consent banner to close the banner. This must only load technical cookies and block all others until consent is given. Italian cookie guidelines 

Spain: “By continuing browsing, you consent” is permitted in Spain but you cannot have both that and an “accept all” button, only one or the other. Spanish cookie guidelines 

Denmark: Equal opportunity must be provided to accept or reject cookies, which means you must not mislead users with button colors or sizes. Danish cookie guidelines 

Netherlands: Reject and accept (either buttons or links) must be displayed in an equally prominent manner. Dutch cookie guidelines 

France: Put “reject all”, “accept all” and “preferences” all in first layer. Or only “accept all” and “preferences” with either a “continue without accepting” x button or the possibility to just continue browsing and the cookie banner disappears by itself after a short time.  French cookie guidelines 

Norway: Cookies can be accepted or rejected via a browser setting but information about cookies and purposes of processing must still be clearly visible, and this practice may soon be prohibited to harmonize with EU law. Norwegian cookie guidelines 

Please note that these selected guidelines are generally not identical to other countries but are not necessarily only applicable to one country. 

It’s still not completely clear how European companies should handle American cloud solutions. As we mentioned in this blogpost on privacy shield, this issue will most likely be cleared up in the spring of 2023. Until then, you need to focus on TIA (Transfer Impact Assessment) and on having control over your data by having a personal data controller.  

Putting it all together 

Ensuring your cookie banner simultaneously meets as many of these guidelines as possible will help you comply with all the highest standards. You could also take the opportunity to utilize certain exemptions in markets such as Spain and Norway that are generally not allowed in the others. 

Our blog post shows you examples of compliant cookie banners to help you along the way. 

If you would like help putting all of this together to master compliance and UX in your cookie and consent management, contact a Columbus digital commerce expert for hands-on assistance and strategic advice. 

Want to know more about Google Analytics 4?
Let our Growth Team tell you more about GA4 in this webinar Ondemand 🧩



Discuss this post

Recommended posts

In B2B, it’s particularly important to maximize customer lifetimes so you can grow and maintain competitiveness. E-commerce provides many ways to acquire, maintain and retain customers and to create opportunities for long-term relationships. By offering a good customer experience, working with loyalty incentives and adding aftermarket services, e-commerce can improve CLV – Customer Lifetime Value.
Modern consumers have changed their behavior over years and are most often doing extensive research before they approach a supplier. When they change their habits, you have to change. The key is to offer the same customer experience in all channels – so called unified commerce. Because modern consumers collect information, compare and weigh up the advantages and disadvantages by themselves before making a buying decision, they have often come a long way in the purchase process before approaching a supplier. To create business opportunities and gain repeat custom, you need to achieve an experience that extends across and is the same in all channels. This is particularly clear in the B2B sector. To succeed here, it's best to start at the other end and collect information about your customers to achieve a 360-degree view.
Excellent customer experience has emerged as the holy grail of success. Organizations across industries are realizing that delivering excellent customer experiences is no longer a choice; it's a necessity. But how can companies consistently improve their customer experiences and stay ahead of the curve? The answer lies in the strategic use of Experimentation. In this blog, we will explore the potential of Experimentation concept in driving exceptional customer experiences and how it can contribute to the transformation of businesses.
Day three of Shoptalk Europe 2023 focused on outstanding retail experiences, digital and omnichannel, grocery workshops, the future of brands, and supply chain innovations. The day was packed with informative sessions and discussions that provided valuable insights into the latest trends and technologies in the retail and e-commerce industry.
Day two of Shoptalk Europe 2023 focused on exploring emerging retail technologies, innovative supply chain solutions, and the future of retail organization. The day started with some keynotes and continued with four different tracks. Here’s a breakdown of some of the key insights from the day.
right-arrow share search phone phone-filled menu filter envelope envelope-filled close checkmark caret-down arrow-up arrow-right arrow-left arrow-down