Some of the key takeaways of the Updated Guide are set out below:
- Valid consent:
For consent to be valid, it must be freely granted and informed. The option to “continue browsing”, user click, scrolling, navigation, or any such similar behavior do not constitute valid forms of consent. Consent is deemed to be valid only where the user has made a clear affirmative and unequivocal action. Consent must be given for each specific purpose to ensure granularity.
- Transparency requirement:
The information about cookies provided at the time of requesting the user’s consent must be sufficiently complete to allow users to understand its purpose and use. The information must be provided in a concise, transparent, and intelligible manner using clear and simple language. The use of phrases that confuse or distort the clarity of the message should be avoided.
- Layered information format:
- Accessibility and visibility of cookies:
The information about cookies must be easily accessible. The accessibility and visibility can be enhanced in several ways:
- By increasing the link size to the information or using a source different to distinguish that link from the normal text of the website,
2. By positioning the link in areas that capture the attention of users or where an average user expects to find it,
3. By using descriptive and intuitive names for the link,
4. By boxing, underlining, or using other techniques to highlight the importance of the link.
- Easy withdrawal of consent:
- Cookie walls:
- the user must be properly informed about it,
- alternative access to the service must be offered to the user without requiring to accept the cookies,
- the services of both alternatives offered to the user must be genuinely equivalent, and
- the alternatives must be offered by the publisher and not by any other entity.
- Consent of minors:
In the case of children under 14 years of age, website publishers must make reasonable efforts to verify that the consent for the processing of personal data is given by the holder of parental authority or guardianship, taking into account the available technology and the circumstances of the treatment.
- Renewal of consent:
The validity of consent provided by a user for the use of a certain cookie must not have a duration longer than 24 months. During this time, the selection made by the user must be preserved so that the user is not asked to provide consent every single time he or she visits the page in question unless the purpose of cookies is changed.
Website publishers and third parties managing the cookies can define their relationships through contractual arrangements. However, the administrative liability against non-compliance with the cookie consent requirements cannot be contractually transferred to the other party. Therefore, both website publishers and third parties acting as processors must fulfill their respective obligations.
How SECURITI.ai can help?
SECURITI.ai’s Cookie Consent Banner Solution enables companies to build cookie consent banners in accordance with the applicable legal requirements with cookie auto-blocking, periodic scanning, and preference center features. SECURITI.ai’s Universal Consent Management Solution captures consent and automates revocation fulfillment.
Ask for a DEMO today to understand how SECURITI.ai can help you comply with the consent requirements of GDPR, e-Privacy Directive, Spanish Data Protection Authority’s Guidance, and a whole host of other global privacy laws and regulations, with ease.
Originally published at https://securiti.ai on November 10, 2020.