This update is about making consent easier for visitors to give and for you to manage. Website owners, developers, agencies, and compliance teams all interact with consent in different ways, and this refresh aligns the public-facing banner and the admin-facing configurator.

The result is a clearer experience for visitors and a smoother setup behind the scenes.

If you’re already using iubenda, everything you rely on is still there. The change is in how it looks, how it feels, and how easy it is to configure.

A clearer banner for visitors

The new banner layout is cleaner, more structured, and easier to navigate.

It’s organized into three clear sections (header, body, and footer), with tabs that separate the notice from consent preferences. This helps make consent easier to understand and use, especially on mobile.

Purpose categories are shown with clear, pill-style indicators for Marketing, Functionality, Measurement, and Experience. Branding has also been refined, with logo colors that automatically adapt to your chosen theme.

Accessibility was a core focus. The new banner is designed to meet AAA contrast standards and improves touch targets and scrolling behavior, making it easier to interact across devices.

A configurator that’s easier to work with

The configurator has been redesigned to match the new banner, both visually and functionally.

As you customize settings, a live preview updates in real time. Color options are streamlined, settings are easier to navigate, and visual feedback is clearer as you make changes.

Each editable section also includes accessibility feedback to help you understand how design choices affect readability and contrast as you configure the banner.

Color customization is simpler now, too. Choose a primary color, and the banner automatically generates a balanced color scheme. All existing positioning and sizing options remain available.

A note on banner branding

For new websites created with the updated Privacy Controls & Cookie Solution, iubenda branding is visible by default and can be disabled from the Essential plan and above.

What hasn’t changed

All existing functionality remains intact. Integrations like TCF and Google Consent Mode continue to work as before. Pricing and plan features stay the same. Existing configurations are preserved.

What to expect 

New users started seeing the redesigned banner and configurator in December. Since then, we’ve been gradually expanding availability.

Selected users can switch existing websites to the new design via a manual toggle in the configurator, with gradual rollout to all users. Before any automatic migrations begin, we’ll first collect feedback from new users using the updated Cookie Solution to ensure everything runs smoothly. Automatic migrations will then roll out throughout 2026, starting with free websites in multiple phases.

All users will be notified well in advance via email before any changes take place, giving them ample time to review the update and prepare accordingly.

This phased approach helps us roll out improvements safely, without disrupting live sites. This update reflects how we think about consent: clear, accessible, and practical for real teams managing real websites. We’re excited for you to explore what’s new.

The post The redesigned cookie banner and configurator appeared first on Compliance Solutions for Websites, Apps and Organizations | iubenda.

The challenge is that writing solid terms from scratch isn’t simple. You need legal expertise. And while you might avoid hiring a pricey lawyer by trying free templates or using AI, they often miss important clauses and nuances.

That’s why many businesses turn to a terms and conditions generator.

But not all generators are built the same.

In this guide, we’ll compare 6 of the best terms and conditions generators, so you can find one that’s right for you. And we’ll delve into the details of what you need to know about this important document along the way.

Terms and conditions generator comparison: at a glance

Scroll →

	iubenda	Complianz	Enzuzo	Termly	Shopify	TermsFeed
Tailored to your business model				Limited template-based		Limited template-based
Legal expert backing						Unclear
Updates as laws evolve				Updates templates but not your document		Notifications only
Unlimited edits without republishing				Limited customization	Unclear	Requires payment
Multi-language support					Limited	Limited
All-in-one digital compliance suite
Customer satisfaction	4.7/5 (Capterra)	4.9/5 (WordPress)	3.6/5 (Trustpilot)	4.3/5 (G2)	1/5 (Trustpilot)	4.5/5 (G2)
Recommended for	Businesses of all sizes and industries	WordPress users	E-commerce businesses	Businesses that need a basic document without deep customization	Shopify users	Businesses that need a basic template-driven document

What are terms and conditions?

Terms and conditions are a legal agreement between you and the people who use your website, app, or service. They outline how your service works, what you expect from users, and what happens if someone breaks the rules.

By using your website or service, users typically agree to these terms. That agreement forms a contract. And that contract helps protect your intellectual property, clarify responsibilities, and reduce the risk of disputes.

Terms and conditions exist to protect your business and its revenue while setting clear expectations for your users.

What’s the difference between terms and conditions, terms of use, and terms of service?

Terms and conditions, terms of use, and terms of service all refer to the same type of legal agreement between a business and its users. The names are interchangeable.

You might also see them referred to as:

• Terms of Service (ToS)
• Terms of Use
• End-User License Agreement (EULA)
• General Conditions
• Legal Notes

Why do you need terms and conditions?

Terms and conditions might not be a requirement, depending on where your business operates. But that doesn’t mean you should skip them.

Because terms and conditions form a legally binding contract that can reduce legal risk and protect your business and its revenue if disputes arise. Without clear terms in place, you leave room for confusion around payments, refunds, intellectual property, liability, and more.

What’s more, a proper terms and conditions document adds to your credibility, increasing brand trust. And it sets clear expectations which create a smooth customer journey, contributing to more conversions.

What should you include in terms and conditions?

Your terms and conditions should be easy to find and simple to understand. What you include will depend on your business model. A SaaS platform won’t need the same clauses as a blog, for example. But most businesses should cover the following:

• Your business details
• A description of your services
• Conditions of using your website and services
• Payment terms
• Refunds and cancellations
• Intellectual property
• Limitation of liability and disclaimers
• Service interruptions
• Applicable law

What to look for in a terms and conditions generator

A strong terms and conditions generator should:

Build terms and conditions around your business, not a generic template

The best terms and conditions generators will guide you through relevant questions and build your terms around your answers. Whether you run subscriptions, sell digital products, ship physical goods, or allow user-generated content, your document should reflect those nuances.

That’s why copying a generic template from the internet isn’t enough. Templates often miss important clauses or include provisions that don’t apply to your setup. And when your document doesn’t match your business model, you create gaps that can weaken your protection.

Include the essential clauses

Your generator should automatically cover the key areas most businesses need, such as payment terms, cancellation rules, limitation of liability, intellectual property, and applicable law.

The best terms and conditions generators come with legal backing, so you don’t have to wonder whether you’ve missed something important.

Create a living document

Your business will evolve. You may update pricing, launch new services, expand into new markets, or change internal policies. And regulations in your country may change too.

That’s why a reliable generator shouldn’t just produce a one-off PDF. It should help you manage a living document that you can revise and republish as your business and local regulations shift.

The best terms and conditions generators

1. iubenda

iubenda offers a Terms and Conditions Generator built to create a tailored, living document that matches your unique business setup.

Instead of relying on static templates, iubenda structures your terms around how your business actually operates. Whether you run an online store, SaaS platform, mobile app, or content website, you can generate a document that reflects your pricing model, service structure, and legal requirements.

And because iubenda forms part of a wider digital compliance suite, you can manage other legal documents, consent, and accessibility. All in one place.

Standout features

• 100+ lawyer-written clauses designed for a wide range of business models
• Available in 15+ languages
• Terms update as laws evolve, no need for manual edits
• Unlimited edits that refresh your terms and conditions in real time, without needing to republish
• Guided setup tailored to your business

Best for

Businesses, apps, and websites of all sizes and industries that want lawyer-backed terms that evolve as their operations grow.

Pros

• Intuitive, user-friendly interface
• Thorough customization based on how your business operates
• Quick to generate and easy to edit
• Scales smoothly from small websites to complex, multi-product businesses
• Flexible enough for e-commerce, SaaS providers, apps, and content platforms
• Works for apps as well as websites
• Includes access to a responsive live support team
• Forms part of a wider all-in-one digital compliance suite
• 150,000+ customers trust the platform including Lamborghini, UNICEF, and Sony Music

Cons

• Requires a paid subscription

Pricing

• Paid plans start at just €19.99/month

What people say

Users find iubenda easy to use and praise the excellent customer support. People also highlight that it’s quick and makes generating legal documents easier.

2. Complianz

Complianz offers a standalone terms and conditions generator designed for WordPress users. You can use it on its own or alongside the full Complianz Cookie Consent plugin, depending on what you need.

The generator guides you through relevant questions and helps you produce a document that reflects how your business operates.

Standout features

• Clauses that cover affiliate marketing, platforms like WooCommerce, digital and physical goods, and online services
• Multi-language support
• Simple, guided setup

Best for

WordPress users who want an easy way to generate tailored terms and conditions directly within their website environment.

Pros

• Allows you to create customized terms and conditions that reflect your business operations
• Quickly generates a thorough terms and conditions document
• Free to use
• Works independently or alongside the full Complianz Cookie Consent plugin
• Comes with backing from legal experts

Cons

• You need a paid subscription to their Cookie Consent plugin if you want access to more compliance tools

Pricing

• Free for the terms and conditions generator
• Paid plans for additional digital compliance tools start from €59/year (less than €5/month)

What people say

WordPress users have rated the plugin 4.9 stars, highlighting its speed, ease of use, and effectiveness. Many see it as a perfect companion to Complianz’s Cookie Consent plugin.

3. Enzuzo

Enzuzo offers a terms and conditions generator aimed at e-commerce businesses. The platform combines legal document templates with consent and privacy tools, positioning itself as a lightweight compliance solution for online stores.

Standout features

• Multi-language support
• Updates templates if regulations change
• Available on WordPress and Shopify

Best for

E-commerce businesses that want a template-based terms and conditions generator integrated with their website platform.

Pros

• Comes with the backing of legal professionals
• Works with major platforms and website builders

Cons

• Relies heavily on templates rather than fully tailored clauses
• Requires a paid plan to access important clauses such as payments, user submissions, and dispute handling
• Requires a paid plan to edit and customize your terms or add additional languages
• Can be difficult to edit generated legal documents
• Offers limited customization compared to more advanced generators
• Some users report slow support response times

Pricing

• Limited free plan available for basic terms and conditions
• Paid plans start from $9/month, with additional clauses and customization features only available on upgraded tiers

What people say

Some users feel the platform is intuitive to use, but others mention that it’s difficult to edit generated legal documents. Users also highlight problems with paid subscriptions and support.

4. Termly

Termly provides a terms and conditions generator built around predefined templates. The platform focuses on simplicity, offering a guided questionnaire that helps users produce a basic legal document quickly.

Standout features

• Multi-language support
• Works for websites, mobile apps, and online stores
• Includes clauses for niche scenarios such as SMS marketing and contests
• Supports platforms including WordPress, Shopify, Wix, WooCommerce, and GoDaddy

Best for

Businesses that need a basic, template-based terms and conditions document and don’t require deep customization.

Pros

• Step-by-step guided setup
• Clean and easy-to-navigate interface

Cons

• Policies rely heavily on templates which aren’t easily customizable
• Can negatively impact WordPress site performance
• Poor technical support
• Heavily template-based, with limited flexibility for nuanced business models
• Legal document customization options are limited

Pricing

• Terms and conditions generator is free to use

What people say

While some users like the practical interface, others have expressed their frustration with the technical support team, limited customization, and occasional unreliability of the platform.

5. Shopify

Shopify offers a built-in terms and conditions generator designed for merchants using its e-commerce platform. The tool provides a simple way to generate a policy quickly, particularly for store owners who want a starting point without leaving the Shopify ecosystem.

However, the generator functions primarily as a template tool rather than a fully tailored document builder.

Standout features

• Limited multi-language support for policy creation
• Legal experts have developed and reviewed the generator
• Includes suggestions to help you customize your terms

Best for

E-commerce businesses that already operate on Shopify and want a basic starting point for their terms and conditions.

Pros

• Quick to generate, with the document delivered to your inbox within minutes
• Targets e-commerce use cases
• Convenient for Shopify store owners who want a simple setup

Cons

• Poor customer support
• Relies on a generic template structure
• Requires manual editing to customize clauses
• Customization can be difficult without legal expertise
• Offers limited flexibility beyond standard e-commerce scenarios

Pricing

• Limited free trial with a duration that depends on your region
• Pricing starts from $5/month, though access to certain features depends on your subscription tier

What people say

While users like how the platform is easy to use, many have difficulties with in-depth customization and Shopify’s limited features. Shopify also has a 1 star rating on Trustpilot from over 1k reviews.

6. TermsFeed

TermsFeed offers a template-based terms and conditions generator designed for websites and apps. The platform guides users through a questionnaire and produces a downloadable legal document based on their answers.

Standout features

• Download your terms and conditions in multiple formats
• Update your document using a Live Editor
• Receive notifications when laws change that may affect your terms
• Free hosting page available for your terms and conditions

Best for

Websites and apps that need a basic, template-driven terms and conditions document.

Pros

• Quick to generate

Cons

• Places certain essential clauses behind a paywall, even when local regulations may require them
• Uses a pay-per-clause model that increases costs as you add necessary protections
• Can be unreliable, adding in information that may not be correct for your business
• Limited multi-language support
• Restricts editing unless you pay

Pricing

• Limited free plan available with option to purchase additional “premium” clauses at varying prices

What people say

Although the website suggests the generator is “100% free”, there are complaints about how that isn’t actually true. Users mention that it’s expensive for something they have to edit manually.

Choose terms that grow with your business

Clear terms and conditions protect revenue, reduce disputes, and give your business room to grow.

A basic terms and conditions template might help you publish something quickly. But as your products, pricing, and markets evolve, along with local regulations, your terms need to evolve too.

The best terms and conditions generators reflect how your business actually works, cover essential clauses without hidden gaps, and let you manage your document as a living agreement, rather than a one-off file.

If you want a solution built around real business models, backed by legal expertise, iubenda gives you that flexibility as part of an all-in-one digital compliance suite.

The bottom line? Start with terms that protect where your business is today and support where you’re going next.

The post Which is the best terms and conditions generator? 6 tools compared for 2026 appeared first on Compliance Solutions for Websites, Apps and Organizations | iubenda.

They’re those little data files that a user downloads when visiting your site. They enable shopping carts to remember items, users to save login details, and allow you to track user behavior, with consent, to improve your marketing.

And if you’re using cookies, you’ll need a cookie policy to help comply with international privacy regulations like the General Data Protection Regulation (GDPR) and ePrivacy Directive.

The good news is that you don’t need to write one from scratch yourself. A cookie policy generator can create one for you in minutes.

In this guide, we’ll help you find the best cookie policy generator for your website. Because there are a lot of them out there, and not all of them are the right solution for your site.

In a moment, you’ll discover what a cookie policy should include, what to look for in a generator, and how 6 of the most popular solutions compare.

That way you’ll easily find the best cookie policy generator for your site. One that fits your needs now and continues to support you as your setup evolves.

Cookie policy generator comparison: At a glance

Scroll →

	iubenda	Complianz	Termly	CookieYes	TermsFeed	Docue
Automatic cookie scanning
Legal expert backing				Unclear	Unclear
Notifies you as laws evolve				Unclear	Manual update required	Unclear, but updates template clauses as laws change
Multi-language support
All-in-one digital compliance suite
Scales across multiple sites & regions			Limited	Limited	Limited
Customer satisfaction	4.7/5 (Capterra)	4.8/5 (WordPress)	4.3/5 (G2)	4.6/5 (AppSumo)	4.5/5 (G2)	1.5/5 (Capterra)
Price	Free plan available. Paid plans from €4.99/month	Free plan available. Paid plans from €59/year (less than €5/month)	Free plan available. Paid plans from $10/month	Free plan available. Paid plans from €9/month per domain	Limited free plan available. Varied one-time clause pricing	Paid plans from £39/month
Recommended for	Businesses of all sizes	WordPress & Shopify users	Small businesses with simple websites	Small, static websites	Small, static websites	UK-based businesses

What is a cookie policy?

A cookie policy explains:

• What types of cookies and trackers your site uses
• Why you use them
• How a user can manage or refuse them

What’s the difference between a cookie policy and a privacy policy?

A privacy policy is a broader document covering all the ways your business handles personal data (like names, emails, and payments), while a cookie policy is a specialized document that focuses specifically on the cookies your website uses.

What’s the difference between a cookie policy and a cookie banner?

While a cookie policy provides a full explanation of the cookies on your site and their purpose, a cookie banner gives users a way to accept, reject, or manage cookies before non-essential tracking starts.

Why is a cookie policy important?

Privacy regulations like GDPR, the ePrivacy Directive, the California Consumer Privacy Act (CCPA), and others require websites to provide cookie policies in a clear and accessible way.

Beyond compliance, a cookie policy is good for business. It shows users that you take transparency and data privacy seriously, building trust in your brand which contributes to more sales in the long run. And with that trust, users are more likely to consent to your collection of data for better marketing insights.

What should a cookie policy include?

While it may vary slightly depending on what regions your website is active in, generally a cookie policy should include the below in clear, accessible language:

• The types of cookies you use – For example, essential cookies, analytics cookies, and advertising cookies.
• The purpose of each cookie category – Users should understand why each type of cookie exists and what it helps you do.
• Information about third parties – If external services place cookies on your site, the policy should clearly identify them and explain their role.
• Cookie duration – How long cookies remain active on a user’s device.
• How users can manage their choices – This includes instructions on changing preferences, withdrawing consent, or updating settings later on.

What should you look for in a cookie policy generator?

Here are the key features to consider when evaluating a cookie policy generator:

Accuracy based on real cookie usage

A reliable generator creates a policy that reflects the cookies and third-party services your site actually uses. A great feature to keep an eye out for is a powerful automatic cookie scanner; it’ll help you ensure your policy doesn’t miss a thing.

Legal reliability

The best cookie policy generators come with the backing of legal experts, so your policy is more likely to align with privacy regulations.

Updates as your site and laws evolve

Look for a generator that keeps your cookie policy in sync with your site. When you add new tools or services, your policy should reflect those changes. And as privacy requirements shift, you’ll get notified so you can review without starting from scratch.

Ability to scale with your site

What works for a single website might not work for multiple domains, regions, or languages. Generators built to scale make it easier to manage policies as your business grows internationally.

The best cookie policy generators

1. iubenda

iubenda’s cookie policy generator keeps your policies current as laws change. Its legal team monitors regulatory updates and refreshes available clauses, so when something changes, you add the update in a click without rebuilding from scratch.

It also connects policy generation with site scanning, keeping your disclosures accurate as your site evolves.

The generator is part of iubenda’s connected compliance solutions, giving you access to legal document generation, cookie banners, consent management, and more, all from one place.

Standout features

• Automated cookie scanner detects your website’s cookies and services, so you can quickly generate accurate cookie policies
• A team of legal experts write and update policy clauses
• Instant notifications when privacy regulations evolve
• Available in 27 languages and covers the world’s major privacy laws like GDPR, CCPA/CPRA and other US State Laws, FADP, and LGPD
• Centralized management across multiple websites and domains

Best for

Individuals and businesses that want easy, attorney-quality cookie policy generation and other digital compliance solutions in one place.

Pros

• Easy to generate accurate policies that reflect actual cookie usage
• Reduces manual updates as cookies, vendors or regulations change
• Scales easily from simple sites to complex, multi-domain setups
• Easy to use
• Part of a wider digital compliance suite, with solutions for creating cookie banners, improving accessibility and more
• Excellent customer support that stays with you until they resolve your issue
• Trusted by over 150,000 organizations including Honda, Sony Music, and UNICEF

Cons

• Access to some of the advanced solutions in the suite requires a paid plan

Pricing

• Free plan available with everything you need for low-traffic sites
• Paid plans start at just €4.99/month

What people say

Users consistently mention ease of use, excellent customer support, and how the platform simplifies complex compliance requirements. Users also highlight its affordability and value, given that it offers a full range of solutions for digital compliance.

2. Complianz

Complianz is a cookie policy and consent management plugin built for WordPress and Shopify. Install it directly from your CMS and it gets to work right away.

Its hybrid cookie scanner detects the trackers running on your site, so your policy reflects what’s actually there. As your site changes, rescan and update to match.

It also handles cookie banner setup and records visitor preferences, keeping your consent logs in order.

Standout features

• Built-in hybrid site scanner identifies active cookies and services
• Generates a thorough and accurate cookie policy based on scanner findings
• Synchronizes with cookiedatabase.org, allowing you to automatically populate your Cookie Policy with clear, up-to-date descriptions of what each cookie does, who the service provider is, and how long until the data expires
• Compatible with multiple regions and privacy laws, including GDPR and CCPA
• Legal documents available in 49 languages

Best for

WordPress and Shopify users who want a complete plugin to manage cookie policies and consent.

Pros

• Easy to install and configure
• Trusted by 1 million users
• Backed by legal experts
• 30-day money-back guarantee

Cons

• Advanced features require a paid plan

Pricing

• Free plan available
• Paid plans start from €59/year (less than €5 a month)

What people say

WordPress users highlight easy setup and an intuitive interface. And on Shopify, the plugin comes with top reviews for the support team. 

3. Termly

Termly offers a cookie policy generator combined with consent tools. The platform focuses on predefined templates for document generation and offers a guided setup process.

Standout features

• Cookie policy generator built around predefined templates
• Cookie scanner
• Coverage for common privacy frameworks such as GDPR and CCPA
• WordPress integration via plugin

Best for

Individuals and small businesses with simple websites that need to publish a cookie policy quickly.

Pros

• Guided setup
• Simple interface

Cons

• Policies rely heavily on templates which aren’t easily customizable and don’t update as the regulations evolve
• Limited flexibility, especially for multi-region setups
• Using it for multiple websites can get expensive
• Can negatively impact WordPress site performance

Pricing

• Free plan available with limited features
• Paid plans start from $10/month
• Costs increase based on pageviews and feature access

What people say

Users praise the easy setup process, but highlight Termly’s limitations with multi-region compliance and customization, as well as poor customer service. Many WordPress users complain about the tool slowing site performance.

4. CookieYes

CookieYes offers a cookie policy generator that allows you to create your own policy based on a template. It does have a cookie scanner to help with generating the policy, but it often requires manual oversight.

Standout features

• Cookie policy generator combined with a basic site scanner
• Monthly scan to update your list of cookies
• Available as a WordPress and Shopify plugin

Best for

Small websites that want to publish a cookie policy quickly and don’t expect frequent changes to their tracking setup.

Pros

• Quick setup
• Allows for more manual intervention

Cons

• Basic cookie scanning. The tool sometimes struggles to auto-detect and categorize cookies, requiring more manual oversight
• Can be expensive if you have multiple domains and high traffic
• Limited multi-language support
• Customization can sometimes be difficult

Pricing

• Free plan available with limited functionality
• Paid plans start at €9/month per domain

What people say

Reviews mention good customer support but limited features and issues with customization. Some users also mention poor website performance on mobile devices as a result of using CookieYes.

5. TermsFeed

TermsFeed is a lightweight legal document generator. It lets you build a customized cookie policy, privacy policy, and terms and conditions document through a template-based flow.

Standout features

• Cookie policy generator based on templates
• Support for multiple types of legal documents
• Customization through guided questions
• Supports 10 languages

Best for

TermsFeed works best for individuals and small businesses that want to generate basic legal documents for static sites where manual updates are manageable.

Pros

• Simple cookie policy generation
• Covers multiple legal document types in one place
• WordPress integration

Cons

• Doesn’t have a comprehensive cookie scanner to help you create an accurate cookie policy
• Notifies you when there are changes in regulations, but you need to update your policy manually
• Users must manually update documents as their sites change
• Limited scalability for multi-site or multi-region setups
• It’s marketed as free, but there are certain “premium clauses” that you have to purchase.

Pricing

• Offers a limited free policy option that isn’t tailored for compliance with GDPR and other privacy regulations
• One-time payments with varied pricing for specific clauses in legal documents

What people say

While users mention that it’s quick to generate a cookie policy, reviews also frequently mention difficulties with the payment process, with some highlighting that they find TermsFeed expensive for what it offers.

6. Docue

Docue is a British legal document generation tool that helps businesses create and manage contracts and legal documents, including privacy-related policies.

The platform’s focus is on legal contracts rather than on full digital compliance.

Standout features

• Cookie policy and other legal document creation
• Template-based policy generation
• Clauses written and updated by a team of lawyers

Best for

Businesses with relatively static websites that handle consent and cookie management elsewhere.

Pros

• Helps generate a cookie policy that’s compliant with UK GDPR
• Allows you to tailor the document to what you need by using templated clauses

Cons

• Isn’t designed specifically for cookie policies or consent management
• No built-in cookie scanning or consent tools
• While lawyers update templates based on regulation changes, you have to manually update your policy when there are changes to your website’s cookies
• Doesn’t support international privacy regulations besides United Kingdom GDPR
• No multi-language support

Pricing

• No free plan publicly available
• Pricing starts at £39/month with an annual subscription

What people say

Some users appreciate Docue’s ability to quickly and easily generate legal documents but many mention how they feel misled by the platform’s pricing.

Choose the best cookie policy generator for your website and your business

The best cookie policy generator is one that helps you create a policy that evolves with your site as well as changing regulations.

And, if it’s a part of a wider suite of digital compliance solutions, like iubenda, you’ll not only have the best value for money but greater support for your business’ growth.

Because when you show your users that you respect their privacy by providing a cookie policy, along with solutions for consent management, you’ll be positioning your brand as transparent and trustworthy.

That kind of trust is invaluable for building customer relationships that sustain your business for the long run.

The post The best cookie policy generator in 2026: compare features, pricing, and reviews appeared first on Compliance Solutions for Websites, Apps and Organizations | iubenda.

Cookie preferences typically include options such as:

• Accepting all cookies
• Rejecting all cookies
• Selecting specific categories of cookies to allow or block, such as:
  • Strictly necessary cookies, essential for website functionality.
  • Functional cookies, which store user settings like language or location.
  • Statistics cookies, which collect anonymized data on website usage.
  • Marketing or targeting cookies, which track user data for personalized ads.

How to change cookie preferences on a website

You can change cookie preferences in two main ways: using the website’s cookie banner or via your browser. 

1. Using the website’s cookie banner 

If a website uses cookies, it should have a cookie banner in place for consent management. Usually, consent management solutions allow you to edit your cookie preferences at any time. 

If you want to change your preferences after initially giving consent, you should look for the button that reopens the cookie banner. It is often located at the bottom of the page or in the footer, near the privacy policy section. 

Clicking this will reopen the cookie consent banner, allowing you to update your choices. 

2. Changing cookie preferences via your browser settings

You can also control cookies through your web browser settings, either globally or for specific sites. This method varies by browser but generally involves:

• Opening your browser’s settings or preferences menu.
• Navigating to the privacy or security section.
• Finding the cookies or site permissions settings.
• Choosing to allow, block, or clear cookies, including options to block third-party cookies or all cookies.

About us

Attorney-level solutions to make your websites and apps compliant with the law across multiple countries and legislations.

www.iubenda.com

The post What are cookie preferences? appeared first on Compliance Solutions for Websites, Apps and Organizations | iubenda.

Passive consent means that consent from a user is assumed if they don’t explicitly object to something.

Passive consent (also called opt-out consent) is often used online for consent to cookies. Under some legislations, such as the CCPA in California, non-technical cookies can be installed on a user’s device without their prior consent. Usually, websites show a notice informing users of cookies and provide a method to withdraw their consent (opt-out).

What is Active Consent?

Passive consent is opposed to active consent (opt-in consent), which instead requires the user to take an affirmative action to agree to something. For example, click on an “Accept” button on a cookie banner or select a checkbox.

What’s the Difference Between Passive and Active Consent?

Active consent requires proactive and explicit consent from the user, while passive consent assumes it until the user withdraws it.

About us

Attorney-level solutions to make your websites and apps compliant with the law across multiple countries and legislations.

www.iubenda.com

The post Passive Consent Definition & Meaning appeared first on Compliance Solutions for Websites, Apps and Organizations | iubenda.

Under data protection laws, such as the GDPR or the CCPA, personally identifiable information is any information that can identify a living person. This definition even applies to pieces of information that, when combined, can help identify an individual.

Other examples of personal data include:

• basic identity data such as names, telephone number, home address;
• web data such as IP addresses, personal email addresses, unique identifiers;
• sensitive data, such as sexual orientation, health, and biometric data.

There is one case when email addresses are not considered personal data, and it’s the case of generic addresses. For example, emails like info@company.com are not considered PII.

Learn more about email marketing and data protection laws

---

• How to Make your Emails and Newsletter Compliant
• Your Essential Email Marketing Checklist – 3 Steps Only!
• B2B Marketing Email Examples and Tips
• Targeted Email Marketing: How to Personalize and Boost CTR for Results

About us

Attorney-level solutions to make your websites and apps compliant with the law across multiple countries and legislations.

www.iubenda.com

The post Is Email Address Personal Information? appeared first on Compliance Solutions for Websites, Apps and Organizations | iubenda.

What are First-Party Cookies?

First-party cookies are created and stored directly by the website you visit. They are very common because they help with core functionality, such as remembering your login information, preferences, or the items you saved in your shopping cart.

In some cases, statistical cookies that are directly managed by the website owner also fall into this category and can be installed without the user’s consent.

What is an example of a first-party cookie?

A good example of a first-party cookie is cart_items.

You visit an online store and add items to your shopping cart, but don’t make a purchase. If you leave the site and return later, you will see that your cart still contains the items you selected. This is possible for the cart_items first-party cookie.

Other examples of first-party cookies are:

• user_session: it keeps the user logged into their account on a website.
• language: it remembers the language selected by the user.
• wishlist: it saves products that the user has marked as favorites.
• theme_mode: it remembers whether the user prefers a light or dark mode on the website.

What are Third-Party Cookies?

On the other hand, third-party cookies are created and stored on websites that are different from the one you are visiting. Typically, third-party cookies are present when a site uses third-party services to incorporate images, social media plugins, or advertising.

How to manage first-party vs third-party cookies

If you own a website, you need to know how to manage cookies in the right way. Many companies have been fined for their unlawful use of cookies – for example, they were installing tracking cookies without the users’ consent.

Cookie requirements may vary depending on your location and the location of your users. However, three main things apply generally:

1. Have a cookie policy: this document defines how your website is using cookies and for what purposes. You need a cookie policy even if you’re just using technical cookies.
2. Add a cookie consent banner: a cookie banner allows you to collect consent to cookies. Under EU law,cookies that are not strictly necessary can’t be be installed without the user’s explicit consent. You should show your cookie banner upon the first visit to your website and respect the choice users make about cookies.
3. Block cookies from running before consent and when consent is rejected: before users make their choice and if they choose to reject cookies, you must block cookie scripts from running and you can’t track them.

Manage cookies with iubenda!

iubenda simplifies cookie management with its smart technology, saving you time and granting peace of mind:

Our Site Scanner suggests the category of cookies you should add to your cookie policy.
Our Privacy Controls and Cookie Solution suggests the best configuration for your website.
The Autoblocking feature automatically blocks the most popular cookie scripts on your website and then immediately releases them after consent.
The Geolocation Technology adapts the behavior of your cookie banner based on the location of your users, to help you meet the right requirements and improve your consent rate.

Read also

• Do third parties have to be listed in my cookie policy?
• Cookies and the GDPR: What’s Really Required?
• GDPR Cookie Consent Cheatsheet

About us

Cookie consent management for the ePrivacy, GDPR and CCPA

www.iubenda.com

The post First-Party vs Third-Party Cookies: What’s the Difference? appeared first on Compliance Solutions for Websites, Apps and Organizations | iubenda.

As more US states enforce privacy laws that require honoring universal opt-out signals, businesses must prepare to respect consumer privacy preferences or face legal and financial consequences.

Why UOOM Compliance Matters for Businesses

Businesses must be proactive in respecting users’ preferences, especially when it comes to targeted advertising and the sale of personal data. Universal opt-out signals, or UOOMs, have become a regulatory standard in many states, like California and Colorado, where laws mandate that businesses recognize and respond to these signals. Failing to do so could lead to fines, legal battles, and a damaged reputation.

As of 2023, California’s CCPA, following the latest amendments introduced by the CPRA, has required businesses to honor UOOMs, along with Colorado’s CPA joining in July 2024. Similar requirements apply under other states’ privacy legislation, with at least seven others expected to mandate similar requirements by 2026.

What is a Universal Opt-Out Mechanism (UOOM)?

A UOOM allows users to set privacy preferences, such as refusing targeted advertising and the sale of personal data, across multiple websites. When enabled, a UOOM sends a signal to websites indicating that a user does not want their data tracked or collected for certain purposes. This mechanism simplifies users’ privacy management and allows businesses to efficiently handle compliance by respecting these signals.

For businesses, honoring UOOM signals means, among others, not tracking users for targeted advertising, not collecting personal data, and not selling or sharing their information when such signals are received. Key states, including California and Colorado, have started enforcing this requirement, and the regulatory landscape will only continue to grow.

How Do Businesses Comply with UOOM Signals?

To comply, businesses must recognize and act on UOOM signals by:

Recognized tools, such as the Global Privacy Control (GPC), facilitate UOOM compliance. Businesses can integrate with GPC by adopting consent management platforms or using technical protocols like the U.S. Privacy API. Colorado’s CPA, in particular, mandates GPC compliance for businesses, underscoring the importance of this tool as a baseline for UOOM adherence.

Key Requirements for Businesses

Both the CCPA and CPA require businesses engaged in targeted advertising or data sales to honor UOOM signals. Under these laws, data “sale” is defined broadly to include not only traditional sales but also any data exchange for monetary or other valuable consideration. Businesses, for example, must ensure they halt the sharing of:

Additionally, businesses are required to make clear disclosures about their data practices and provide a simple method for users to opt out. California, for example, requires an option to limit the use of sensitive data, which businesses must display in a visible, easily accessible link on their websites.

This trend highlights the importance of having a solid privacy compliance strategy in place to manage opt-out requirements across multiple jurisdictions and protect consumer data effectively.

The Consequences of Non-Compliance: Lessons from Recent Cases

Recent enforcement actions underscore the importance of UOOM compliance. In August 2022, Sephora was fined $1.2 million for not honoring GPC signals or clearly disclosing its data practices, despite receiving a 30-day notice to comply. 

These cases highlight the financial and reputational risks for businesses that fail to comply with UOOM requirements. As more states implement privacy laws, establishing protocols to respect universal opt-out signals is essential to avoid costly penalties and uphold consumer trust.

How iubenda Helps Businesses Stay Compliant

It’s time for businesses to be proactive in meeting UOOM requirements.

Luckily, seeking a straightforward way to meet these UOOM requirements can be made easy with iubenda’s tools that simplify privacy compliance. By integrating iubenda’s services, businesses can efficiently: 

• handle opt-out signals; and
• manage consent.

The post Universal Opt-Out Mechanisms (UOOM): Essential Compliance Guide for Businesses appeared first on Compliance Solutions for Websites, Apps and Organizations | iubenda.

Understanding the Issue

Ad-blockers can prevent cookie banners or privacy notices from appearing on your website. This might seem problematic because it could appear that you’re not informing visitors about cookie usage or collecting their consent. However, compliance can still be achieved by understanding a few things, let’s see!

GDPR Compliance and Accountability

Under the GDPR, website owners (Data Controllers) must follow the accountability principle. This means they need to show they have procedures in place that allow users (Data Subjects) to exercise their privacy rights.

Key Points:

1. Accountability Principle: Website owners must prove they have implemented processes to protect user privacy.
2. User Consent: If users willingly use ad blockers, they effectively waive certain privacy rights, as stated in the tool’s terms and conditions.
3. No Liability: Data Controllers can avoid liability if they show they comply with GDPR and have no control over users’ use of ad blockers. This is supported by Article 82(3) of the GDPR.

US Perspective on Privacy Compliance

Similar principles apply in the US. Website owners (Controllers) must demonstrate accountability and show they have enabled individuals to exercise their privacy rights. If individuals willingly use tools that block privacy features, they waive some of their rights.

Key Points:

1. Accountability: Controllers must show they have implemented privacy procedures.
2. User Consent: Conscious use of ad blockers means users waive certain privacy rights.
3. No Liability: Controllers are not liable if they comply with legal requirements and cannot control the use of ad blockers.

Best Practices for Website Owners

Implement Privacy and Cookie Policies: Ensure you have all necessary GDPR measures in place, including a comprehensive Privacy Policy and Cookie Policy. Clearly outline how your site handles data and cookies.

Detecting Ad-Blockers: According to the European Commission, you can detect if a user is using an ad-blocker without needing their prior consent. This detection should be included in your Privacy Policy, explaining that it’s necessary to ensure proper consent management. You can easily integrate this detection via a custom clause using iubenda’s Privacy and Cookie Policy Generator as detailed here.

Inform Users: If an ad-blocker is detected, inform users that their use of such tools may prevent them from seeing important privacy notices and cookie consent banners. Encourage them to disable the ad-blocker for full functionality.

How You Can Integrate Ad-Blocker Detection into Your Privacy Policy with iubenda

To add a custom service for ad-blocker detection to your iubenda privacy policy, you can follow these steps:

1. Log in to your iubenda account and go to the Dashboard.
2. Once in the Privacy and Cookie Policy Generator, choose the “Add service” option.
3. Click on “Create custom service” This will lead you to the input prompts for creating a custom clause.
4. Fill Out Mandatory Fields
• Service Name: Enter a clear and concise title, such as “Ad-Blocker Detection”
• Privacy Policy Description: Detail the types of data collected by the ad-blocker detection service, how this data is used, and if shared with any third parties. Include information about the third party, if applicable, such as their headquarters location and a link to their privacy policy.
5. Optional Fields:
   • Purpose: Assign a purpose from the provided drop-down list to categorize the data collection activities. For example, you might select “Handling activities related to compliance”
   • Show this service on: Specify where this service will appear—either in the privacy policy, the cookie policy, or both.
6. By checking the “Specify service translations” box, you can provide translations for different languages, ensuring your policy is accessible and clear to all users.
7. Once all fields are completed, save the custom service. It will automatically integrate into your privacy policy text, ensuring that it appears seamlessly alongside other pre-made clauses.

For a detailed step-by-step guide on how to add a custom service and customize it to your specific needs, visit our comprehensive guide here.

By following these steps, you ensure that the ad-blocker detection feature is transparently disclosed in your privacy policy, helping to maintain compliance with GDPR and providing users with clear information about data collection practices.

The post What Happens to Compliance When Ad-Blockers and Browsers Block Cookies? appeared first on Compliance Solutions for Websites, Apps and Organizations | iubenda.

Understanding tracking cookies is essential both for your online privacy and for compliance with privacy laws. In this article, we explain all you need to know about tracking cookies and how they work.

What are tracking cookies?

Tracking cookies are little text files that a website places on a user’s browser when they visit the site and track the user’s behavior.

In general, cookies collect information. The type of information collected includes internet habits, prior visits, search history, and so on. With this gathered information, cookies allow websites to remember users and their preferences, allowing sites to customize page content to the user.

Tracking scripts are used for a variety of reasons, such as:

• User profiling: they collect data on user behavior, preferences, and interests to create detailed user profiles.
• Targeted advertising: they show personalized ads based on the user’s browsing history and preferences.
• Website analytics: they monitor and analyze user interactions with the website to improve functionality and user experience.
• Cross-site tracking: they track users across multiple websites to gather comprehensive data about their online activities.

Which items can companies track through the use of cookies?

The data tracked by cookies includes:

• search results;
• actions on a site;
• browsing behavior;
• purchases;
• preferences;
• IP address;
• device information;
• location;
• when and where you viewed prior advertising;
• how many times you have seen an ad; and
• which links you click on.

How tracking cookies work

A cookie usually comprises of two pieces of information:

• a unique ID for each user; and
• the website’s name.

When a user visits a website, the server sends a cookie to the user’s browser. The browser stores the cookie on the
user’s device, either temporarily (session cookies) or for a longer period (persistent cookies). Tracking cookies are usually persistent cookies because they collect data over a longer period.

Each time the user visits the same website or a partner site, the browser sends the stored cookie back to the server. Thanks to the unique ID, the server can recognize the user and retrieve their stored data, such as pages visited, time spent on the site, interactions and more.

Tracking cookies are often third-party cookies placed by domains other than the one the user is visiting. These third-party cookies can create a profile for each user, to give them a customized online experience or show personalized ads. For example, an e-commerce website can recommend products similar to the ones you’ve already bought or saved in your cart.

How do tracking cookies affect user privacy?

Even though tracking scripts aren’t necessarily dangerous, they are often a cause of privacy concerns. In fact, the creation of a user profile can feel quite invasive of one’s privacy, as well as the sharing of data with third parties. Moreover, since the data is shared with third parties, you don’t always know how securely the data is stored and handled.

That’s why online privacy laws were amended to regulate the use of tracking cookies, to make the process more transparent for the users. Let’s take a look at some of the requirements:

EU GDPR and ePrivacy Directive

In the EU, cookies are regulated by the ePrivacy Directive, also called Cookie Law.

The Cookie Law requires you to inform users of your use of cookies and obtain their consent before doing so. In practice, you’ll need to show a cookie banner on the user’s first visit, implement a cookie policy that provides further details about your use of cookies, block non-technical cookie scripts before consent, and indicate clearly to the site visitor which action signifies consent. Users can either accept or reject consent to cookies.

The General Data Protection Regulation (GDPR) complements the Cookie Law, requiring you to store proof of consent to cookies for every one of your users.

California’s CCPA / CPRA

California’s law takes an opt-out approach, meaning that cookies can be placed without user consent, but users must be able to opt out of the sale and sharing of their personal information. This is usually done through a “Do Not Sell My Personal Information” link.

Brazil’s LGPD

Brazil’s Lei Geral de Proteção de Dados Pessoais mirrors the EU’s GDPR in many ways. For example, the LGPD also requires consent to be “free, informed and unambiguous.” In addition, the Brazilian DPA has published its guidelines on cookies, which mention consent as a necessary condition for the installation of tracking cookies.

Detecting tracking scripts on your devices

If you’re wondering whether you have cookies installed on your computer or browser, the answer is most likely yes. This is because almost every website today uses cookies for basic functionalities, such as remembering your username and password or your preferred language.

However, if you want to find what tracking scripts are on your computer, here’s how to do that in some popular browsers:

• Google Chrome: Settings > Privacy and security > Cookies and other site data > See all cookies and site data.
• Mozilla Firefox: Preferences > Privacy & Security > Cookies and Site Data > Manage Data.
• Safari: Preferences > Privacy > Manage Website Data.
• Microsoft Edge: Settings > Cookies and site permissions > Manage and delete cookies and site data.

How to block and remove tracking cookies

Many browsers have started blocking third-party cookies as a default setting.

For example, in June 2022, Mozilla Firefox introduced Total Cookie Protection and made it the default for all Firefox users. With this protection, tracking tools cannot “follow” the user from site to site, but are limited to recording behavior on a single website.

Safari also blocked third-party cookies by default in early 2020 with a feature called Intelligent Tracking Prevention (ITP), which limits access to user information.

However, you can also remove or block cookies manually from your browser’s settings. Here’s how:

• Google Chrome:
  • Settings > Privacy and security > Cookies and other site data > Block third-party cookies.
  • Settings > Privacy and security > Clear browsing data > Cookies and other site data > Clear data.
• Mozilla Firefox:
  • Preferences > Privacy & Security > Enhanced Tracking Protection > Strict.
  • Preferences > Privacy & Security > Cookies and Site Data > Manage Data > Remove Selected/Remove All
• Safari:
  • Preferences > Privacy > Check “Prevent cross-site tracking” and optionally “Block all cookies.”
  • Preferences > Privacy > Manage Website Data > Remove/Remove All.
• Microsoft Edge:
  • Settings > Cookies and site permissions > Manage and delete cookies and site data > Block third-party cookies.
  • Settings > Cookies and site permissions > Manage and delete cookies and site data > See all cookies and site data > Remove/Remove All.

FAQs

Conclusion

Think of cookies as the memory for your online activity. The websites you visit can remember your passwords, addresses, and invoice details, so you don’t have to enter all this information every time you visit or buy something from them. Tracking cookies are what makes the experience of a website more tailored to what you like.

Remember: if you have a website, you can’t just install cookies on users’ devices without their consent. You need to show a compliant cookie banner and respect their choice if they reject consent to cookies, or you’re exposing yourself to legal liabilities.

iubenda can help you with that!

Our Privacy Controls and Cookie Solution is the solution to manage all aspects of cookie consent: create a cookie banner, add your cookie policy and store a proof of consent for every user.

Moreover, our solution was designed to perfectly balance your business needs with the rights of your users. So you’ll be on the right side of the law, without losing your ad revenue.

About us

Cookie consent management for the ePrivacy, GDPR and CCPA

www.iubenda.com

The post Understanding Tracking Cookies: What They Are and How to Manage Them appeared first on Compliance Solutions for Websites, Apps and Organizations | iubenda.

What is a Cookie Audit?

A cookie audit is a comprehensive review of a website’s cookie usage, the small pieces of data stored on users’ devices. This audit helps identify what cookies your website uses, their purpose, and whether they comply with privacy regulations. It’s a fundamental component of website privacy management.

What are Cookies and How Do They Work?

Cookies are small text files placed on a user’s device by a website to store information. This information can include a wide range of data, from user preferences to tracking data for analytics, like login details, language preferences, shopping cart contents, among others. Cookies are also categorized based on their origin, duration, and purpose:

First-party and Third-party Cookies

• First-party cookies are created by the website you’re visiting. They are often used to remember your preferences within the site.
• Third-party cookies are created by domains other than the one you are visiting directly, usually for advertising or analytics purposes.

Necessary and Non-essential Cookies

• Strictly necessary cookies are essential for a website to function properly, like those needed for a shopping cart.
• Non-essential cookies are not strictly necessary but enhance the user experience, such as analytics cookies.

Session and Persistent Cookies

• Session cookies last for a single session and disappear after you close your browser.
• Persistent cookies remain on your device for a set period or until you delete them, remembering your preferences across multiple sessions.

Laws Governing Cookies

As digital privacy becomes a significant concern globally, various laws have been enacted to protect users’ information on the internet. The European Union’s General Data Protection Regulation (GDPR) and Brazil’s General Data Protection Law (LGPD), govern how personal data should be lawfully processed. Also, the ePrivacy Directive in the EU, often called the Cookie Law, specifically regulates how websites can use cookies and other tracking technologies.

Here is a brief overview of the main aspects of each of these laws:

Why You Need To Audit Cookies

Auditing cookies is essential for several key reasons:

• Comply with Laws: Adhere to GDPR, LGPD, ePrivacy Directive, etc.
• Build Trust: Transparently share cookie practices with users.
• Enhance Experience: Remove unnecessary cookies to speed up the site.
• Secure Data: Secure cookies to prevent security breaches.
• Ensure Accuracy: Keep tracking technologies updated for reliable data.
• Stay Current: Adapt to new privacy laws and technology changes.
• Promote Privacy: Incorporate privacy into your company culture.

How To Conduct a Cookie Audit Automatically

How To Conduct a Cookie Audit Manually

Conducting a cookie audit manually (without using an automatic cookie audit tool) is a thorough and time-consuming approach that contrasts with the efficiency and ease of an automated cookie audit tool.

This method requires more time and effort, but equally provides a comprehensive understanding of your website’s cookie landscape. Here’s how you can perform a manual cookie audit effectively (Without an automatic cookie audit tool):

Step 1: Identify Cookies

Checking Cookies in Chrome

• • Open Chrome and navigate to your website.

• • Right-click, select “Inspect,” then go to the “Application” tab.

• • Look under “Cookies” in the left sidebar to see the cookies your site uses.

Checking Cookies in Firefox

• • Visit your site in Firefox.

• • Right-click, choose “Inspect Element,” and click the “Storage” tab.

• • Select “Cookies” to view your site’s cookies.

Step 2: Analyze Cookies

Cookie analysis is a critical and time-consuming step in a manual audit process, but one that provides information about what each cookie does, who owns it, and why it is being used. This is vital information for understanding the implications of these cookies on your website, especially in terms of user privacy and legal compliance.

When analyzing cookies, you’ll need to look at several key attributes:

• • Name: The identifier for the cookie, which can sometimes indicate its purpose.

• • Value: The information the cookie stores, which can range from a simple session ID to more complex data.

• • Domain: This shows where the cookie is being sent to and can help differentiate between first-party and third-party cookies.

• • Path: Determines the part of the website where the cookie is active.

• • Expiration: The lifespan of the cookie. Session cookies expire when the session ends, while persistent cookies remain until their expiration date.

• • Secure: Indicates if the cookie is sent only over HTTPS, enhancing security.

• • HttpOnly: Specifies whether the cookie is accessible only through HTTP requests, which helps mitigate the risk of cross-site scripting (XSS) attacks.

Step 3: Categorize Cookies

Each cookie on your website serves a specific purpose, ranging from essential functionality to tracking user behavior. Categorize cookies based on their function:

• • Essential: Necessary for the website to function correctly. For example, cookies that manage shopping cart contents or user authentication.

• • Performance and Analytics: Collect data on how users interact with the site, such as pages visited and links clicked. These help in improving site performance.

• • Functionality: Remember user preferences, like language settings or layout choices, enhancing the user experience.

• • Advertising: Track users across websites to display targeted advertising based on browsing behavior.

Step 4: Look for Compliance Issues

This step is essential because it directly addresses the legal and regulatory obligations associated with the use of cookies on your website. Here’s how to delve deeper into this process:

Understanding Legal Frameworks

First, familiarize yourself with the relevant legal frameworks that govern the handling of personal data and cookie usage. This includes:

• • ePrivacy Directive (Cookie Law): Requires websites to obtain user consent before any files are saved or read on the user’s device, in the context of cookies that are not strictly necessary for the operation of the website or app.

• • General Data Protection Regulation (GDPR): For websites operating within or targeting individuals in the European Union, while the GDPR doesn’t directly mandate consent for cookies, it defines the standards for what constitutes valid consent for processing personal data. These standards apply to any cookies that collect personal data, emphasizing the need for explicit and freely given consent.

• • Brazilian General Data Protection Law (LGPD): For websites that process the data of Brazilian residents, LGPD mandates explicit consent for any personal data processing that does not fall under other legal bases. It also emphasizes transparency and the provision of clear information regarding data collection practices.

Understanding these laws will help you identify specific compliance issues that may arise in your current cookie usage.

Identifying Potential Compliance Issues

When looking for compliance issues, focus on the following areas:

• • Consent Mechanisms: Ensure that your website has a clear and user-friendly mechanism for obtaining consent for cookies, especially for non-essential ones. The mechanism should typically allow users to opt-in or opt-out easily, depending on the applicable legislation.

• • Cookie Policy: Check if your website provides clear information about the use of cookies upon first visit and if there’s an accessible, comprehensive cookie policy that details the purpose, type, and duration of each cookie.

• • Data Collection and Processing: Verify that the data collected by cookies is processed and stored according to the legal requirements, ensuring data minimization and security.

Cookie Audit: Practical Steps to Address Compliance

Step 1: Create a Cookie Policy

Your cookie policy is a detailed document that informs users about the cookies your website uses, the purpose of each cookie, its duration, and how users can control their cookie preferences. Here are some of the key points to include:

• • Introduction: Briefly explain what cookies are and why they are used, emphasizing the commitment to user privacy.

• • Details of Cookies Used: List each type of cookie (e.g., necessary, performance, analytics, and advertising cookies), including information on first-party and third-party cookies. Provide specifics such as the name, purpose, and lifespan of each cookie.

• • User Consent and Control: Clearly explain how users can give, refuse, or withdraw their consent to cookies at any time. Provide detailed instructions on how users can adjust their cookie settings as needed, ensuring they have continuous control over their privacy preferences.

• • Updates and Contact Information: Mention how users will be informed of any changes to the cookie policy and provide contact details for privacy inquiries.

Ensure your cookie policy is accessible from every page of your website, typically through the footer. Learn more about the legal requirements concerning cookies here.

Cookie Policy Example:

Step 2: Implementing an Effective Cookie Consent Mechanism

Cookie consent solutions manage how you obtain, store, and act upon user consent regarding cookie usage. An effective cookie solution should:

• • Be Clearly Visible: Ensure the consent mechanism is prominent on the page, catching the user’s attention without being obstructive.

• • Offer Choice: Users should be able to choose which types of cookies they consent to (e.g., allowing necessary cookies while opting out of analytics and advertising cookies).

• • Facilitate Easy Withdrawal of Consent: Users should find it as easy to withdraw consent as to give it, at any time during their use of the website.

• • Record and Manage Consents: Keep a record of consents as proof of compliance with legal requirements and manage these consents effectively to respect user preferences across subsequent visits. Read what are the different types of consent.

Cookie Consent Banner Example:

Step 3: Work With a Consent Manager Solution

Given the complexity of legal requirements and the technical challenges in managing cookies and consents, using a professional solution like iubenda’s cookie consent manager is highly recommended. Consent management solutions offer:

• • Automated Compliance: Automatically adjust consent features based on the user’s location to comply with regional laws (GDPR, ePrivacy, LGPD, etc.).

• • Customizable User Interface: Tailor the appearance and language of your consent banner to match your website while ensuring it’s user-friendly.

• • Integration Ease: Seamlessly integrate with your website and existing privacy tools, simplifying the management of consents and cookie policies.

Step 4: Conduct Periodic Audits

Conducting periodic audits of your website’s cookies and consent mechanisms helps you identify changes in cookie usage, assess the effectiveness of your cookie consent solution, and adapt to new legal requirements.

Periodic Cookie Audit Checklist

•   Set a regular schedule for audits (quarterly, biannually, etc.).
•   Adjust the frequency based on website changes and traffic volume.
•   Verify all existing cookies and their purposes.
•   Identify and document any new cookies since the last audit.
•   Remove or update documentation for cookies no longer in use.
•   Evaluate consent mechanisms for compliance with laws like GDPR, CCPA.
•   Update the cookie policy to accurately reflect current cookie usage.
•   Ensure the cookie policy is accessible and easy to understand.
•   Check the consent banner’s functionality across devices and browsers.
•   Verify that user preferences are accurately respected and applied.
•   Review third-party cookies for any changes in their use or compliance.
•   Update agreements or documentation with third-party service providers as needed.
•   Keep detailed records of audit findings and corrective actions.
•   Use automated tools for scanning and categorizing cookies.
•   Consult with experts for insights into regulatory developments and compliance strategies.

Cookie Audit FAQs

The post Choosing the Best Cookie Audit Tool: How To Conduct a Cookie Audit With a Tool or Manually appeared first on Compliance Solutions for Websites, Apps and Organizations | iubenda.

Google’s Compliance Mandate Reaches Switzerland

In an important update, Google has extended its compliance requirements, now necessitating publishers targeting users in Switzerland to employ a certified Consent Management Platform (CMP) integrated with the Transparency & Consent Framework (TCF). This extension is a part of Google’s ongoing commitment to user privacy and data protection, aligning with the already established requirements in the European Union and the United Kingdom. 

Starting in July 2024, your adherence to these requirements is not just about staying compliant; it’s about safeguarding your user’s privacy and ensuring their trust in your services.

Swiss Cookie Consent Guidelines (Effective 2025)

The Swiss Federal Data Protection and Information Commissioner (FDPIC) has issued guidelines that recommendconsent for non-essential cookies, such as those used for tracking, analytics, and marketing. 

These guidelines emphasize the need for active opt-in consent and the ability for users to easily manage or withdraw consent. While these are not legally binding mandates, following them is crucial to ensuring compliance with Swiss data protection regulations.

Compliance with iubenda

Navigating through these requirements might seem daunting, but we are here to streamline the process for you. Follow these simple 4 steps below: 

Step 1: Activate Your Switzerland Tile

First things first, ensure that the “Switzerland” tile is activated on your iubenda dashboard. 

This step is crucial as it customizes your compliance tools to include specific requirements for Switzerland.

Step 2: Choose the Opt-in Consent Approach

To apply the opt-in consent approach you need to enable the “GDPR” tile. Then, within the Switzerland title, select the manual configuration and switch to “Opt-in”. 

Next, make sure that the GDPR applies to all users.

Step 3: Integrate the TCF

Easily activate the TCF tile and configure it according to your needs.

Step 4: Update Your Privacy and Cookie Policy

Finally, make sure you enable FADP disclosures for users in Switzerland and add all third-party services used by your website or app, such as Google Analytics, and disclose all TCF vendors you work with. 

Ready to Ensure Compliance?

Navigating Google’s new requirements doesn’t have to be complex or time-consuming. With iubenda, you have a partner that simplifies compliance, allowing you to focus on what you do best: running your business. 

The post Stay Ahead: Google Expands Certified CMP and TCF Requirements to Switzerland appeared first on Compliance Solutions for Websites, Apps and Organizations | iubenda.

At iubenda, we collected the most frequently asked questions directly from our users and asked them to Isabella Mazzeo, Google’s Ads Privacy, Data & Measurement Lead for Italy during our webinar.

Is Google Consent Mode mandatory?

To date, the use of Google Consent Mode is not mandatory. Therefore, if you do not need remarketing or conversion measurement, you can continue to use Google platforms without adopting Consent Mode.
While it is not mandatory, in order to continue using certain features (such as modeling, remarketing, and conversion measurement), Google must receive the consent signals through Consent Mode.

What actions does Google take when we do not comply?

Beginning in March 2024, Google is strengthening the enforcement of its policies, such as the EU User Consent Policy. This will make it mandatory to send the opt-in signal when using Google platforms.

As of 6 March 2024, without the consent information for the ad_personalisation parameter, Google will no longer be able to collect audiences for remarketing. Therefore, if you use first-party cookies to remarket but do not send the consent signal, that collection will be blocked and limited. The audiences you previously collected will continue to work, but over time they will decrease and become empty.

Moreover, if you are still using the old Google Analytics Universal platform and continue to do conversion bidding or audience targeting on the old conversions or audiences, be aware that these stopped working as of 6 March.

Finally, Google’s policy enforcement will also become stricter for measuring conversions, so without consent, you will also lose access to this feature. For this, however, there is no exact date yet.

How do I anonymize AdSense data?

Be careful not to mistake Google AdSense with Google Ads: in fact, Google AdSense is not one of the services that Google Consent Mode supports. However, the AdSense consent signal refers to the TCF, the Transparency and Consent Framework. So, if you show ads on your website or blog via AdSense, what you need to do is implement a Consent Management Platform (CMP) and activate the TCF functionality. With iubenda, you can do this easily from the Privacy Controls and Cookie Solution dashboard.

Why does Google Consent Mode add its strings to a URL when I click on “Reject” on a consent banner? Is it possible to remove them?

This refers to a Google Tag Manager parameter called URL pass-through. What you can do is simply deactivate this parameter in Google Tag Manager and that way no string will be added to the URL of your site. This can be useful for anyone who uses the URL to display particular elements on their site, instead of using CSS.

If I use Google Analytics 4 and Consent Mode, will the data of those who do not grant their consent be collected and recorded as well?

The data of those who do not grant their consent are not recorded. There is, however, a difference between the basic and the advanced version of Google Consent Mode:

• In the Basic version, no data is collected, so all information is only passed on to Google with consent.

• In the Advanced version, anonymized information – such as device type, geo, and browser type – is collected and used anonymously to feed the modeling algorithms.

Google Ads keeps telling me that I have to enable Consent Mode even though the setting is correct and active. What should I do?

This is a warning that is shown to all Google Ads users as a reminder to activate Consent Mode and will be visible throughout March. If you have already activated Consent Mode, you can ignore the message.

What is the best way to integrate iubenda with Google Consent Mode?

All iubenda integrations support Google Consent Mode. Our advice is to rely on the integration mode you are already using. If you use the WordPress plugin, simply update it. If you have integrated iubenda with the direct link, you will need to copy and paste the new script into your site, and the same applies to our Google Tag Manager template and the other available plugins, which should have updated themselves.

Is it necessary to implement Consent Mode even if I only use Google Analytics for traffic measurement, so not for marketing or other reasons?

To date, this is not necessary, because the only functionality blocked without Consent Mode is remarketing. Therefore, if you are not using Google Analytics to collect remarketing audiences, you do not need to activate Consent Mode.

However, in the course of the year, Google may require Consent Mode also for the collection of measurements. Thus, you may need Consent Mode even if you are simply using Google Analytics to measure user behavior on your site.

There is still no date for the implementation of this new requirement, but in order not to miss the latest updates, we recommend that you subscribe to the iubenda newsletter.

What parameters must be in granted before the user interacts with the cookie banner?

By default, no parameters can be set to granted before the user interacts with the cookie banner, so all parameters must be in denied.

So at the moment the user arrives at your site and has not yet completed any choices through the cookie banner, the consent parameters are set to denied. If the user clicks Reject, they remain in denied. If the user clicks Accept, they pass consent and the parameters are updated to granted.

In this regard, you might consider using Google Consent Mode as an alternative to the prior blocking of cookies, but only if you only use Google services on your site (e.g. if you use alternative technologies such as the Meta pixel, prior blocking will still be necessary).

How do you handle the collection and management of consent from users based on their geolocation or other demographic characteristics?

If you use iubenda’s CMP, this is very easy. One of iubenda’s default settings is geolocation-based consent collection, so the CMP will be displayed according to the laws that apply to the user’s country of residence. Currently, Google Consent Mode is required for websites in Europe, but not yet in the US: iubenda will automatically enable Consent Mode tags for European users, but not for US users.

Should I add new Google services to my privacy policy, or is it enough to have Google Analytics 4 and Google Tag Manager?

This depends on which Google services are present on your site. You will definitely need to include Google Analytics and Google Tag Manager if you are integrating via Google Tag Manager. If you use Google Ads, you will also need to include the other Google Ads-related services, such as Google Ads Remarketing.

Will the iubenda dashboard (for web agencies with multiple sites) show which sites are to be adapted?

First of all, iubenda’s Site Scanner periodically scans websites and detects if there are any critical compliance issues. Furthermore, as far as Google Consent Mode is concerned, we have a tool that allows you to automatically check the presence of Google Consent Mode on a website.

Remember that, for agencies, there is also the iubenda Partner Program, which gives you access to discounts and priority support.

Is it possible to configure GA4 to not use Consent Mode and the cookie banner (even if I have to give up some data)?

Some users have implemented Google Analytics 4 with customized settings via server site tagging. In general, if you use GA4 integrated with advertising platforms, it is best to do so with a cookie banner and by activating Google Consent Mode. If you want to use Google Analytics without a banner cookie, it is always best to be sure and to discuss this with your legal team or DPO.

Is it true that Google Consent Mode has to be managed via Google Tag Manager?

No, not necessarily. As we have already explained, iubenda allows several integrations: they all support Google Consent Mode but there is no obligation to use Google Tag Manager. So choose the integration you are most familiar with and proceed with that.

If I set analytics_storage = denied, will the number of conversions and associated revenue displayed in GA4 be complete or an estimate? And if the thresholds required for modeling are not met, what data will be displayed in GA4 – just the conversions of those who have given consent?

If you use behavioral modeling in Google Analytics, the number of user conversions set to denied is modeled. It means that some of this information is retrieved by modeling, but only when thresholds are reached.

As far as thresholds are concerned, the property must have at least 1000 events per day in denied for 7 days, and at least 1000 users per day in granted for 7 days over the last 28 days.

If the thresholds are not reached, no modeling is activated and therefore the information available is only that of the users who have given consent, collected via cookies.

Although we seem to have implemented everything correctly (i.e. Tag Assistant is not giving us any errors), we are experiencing a drop in GA4-side sessions. We also did a domain migration around this time. Do you think Consent Mode might have something to do with this?

There have been cases where there has been a slight decrease in information measured by GA4. This is not so much due to the implementation of Google Consent Mode, but rather the alignment of the cookie banner with the consent requirements. It is likely that prior to Consent Mode, there was no prior blocking on GA4 and therefore the data collected was on all traffic. Now, with Consent Mode, the data collected is on all traffic from users who clicked ‘Accept’ and an estimate of users who clicked ‘Reject’. However, it is expected that this drop will gradually be made up as modeling fills in the missing information.

Are there ways to improve and optimize the consent rate?

Yes, there are some tricks that can help you improve your consent rate. For example, add your logo to the CMP or use a mobile-optimized CMP. You can find more tips to improve your consent rate here.

iubenda is already a CMP with a very high consent rate, and we are constantly optimizing it to help you improve your performance. One of the features we have implemented is consent recovery, which allows you to display a customized message instead of blocked iframes.

What is the estimated percentage of users who reject cookies that Google Analytics can still track?

It depends very much on each case. In general, the information that can be recovered by modeling is about 65% of the lost information.

Consent Mode and marketing automation: best practices and tips

As we have already mentioned, with Consent Mode and with modeling, it is possible to recover a part of the conversions that come from a click on an ad. This recovered information also allows automated bidding algorithms – those that automatically manage advertising investments – to work with more accurate data.

For example, without modeling and with a consent rate of about 70%, 30% of the information is lost and the bidding algorithms work with partial information. With modeling, on the other hand, the algorithms are able to work with more complete information. This, of course, guarantees an improvement in marketing performance.

If I already have iubenda installed on my website, is Consent Mode configured by default?

If you have installed iubenda since November 2023, Consent Mode is enabled by default. If you have installed iubenda before November 2023, you can manually check if the implementation is active or you can integrate the iubenda script back into your website.

If there is the warning on Google Ads and it does not tell me whether I have implemented Google Consent Mode correctly, how can I tell whether I have implemented it correctly or not?

The best way to understand if the Consent Mode has been implemented correctly is to check if the consent information is passed to the data layer via Tag Assistant or via the network traffic monitor.

In particular, Tag Assistant allows you to test the post-consent parameter update and see live whether the consent parameter is correctly recorded after the user gives consent. If this parameter is denied on all four tags even though consent has been given, then the Consent Mode is not implemented correctly.

Here below, we explain how to perform a manual check:

Another way to check the implementation is to monitor the data collection and see if there is a drastic drop in the data collected since you enabled Consent Mode. This drastic drop could be due to a faulty implementation where Consent Mode is not collecting data correctly and all consents are being recorded as declined.

Is the Basic or Advanced plan activated when you enable Consent Mode v2 with iubenda?

The version of Google Consent Mode active on the iubenda CMP is Advanced.

How is it possible to manage Consent Mode with iubenda in Shopify without using Google Tag Manager?

To integrate iubenda with Shopify, you can follow this step-by-step guide.

At this time, due to a limitation of Shopify, it is not possible to integrate the Advanced version of Consent Mode, but you still have access to modeling.

We are managing some sites from an old CMS that we created. Do we have to generate the scripts on iubenda and then integrate them manually?

Yes, the script generated by iubenda is enough to enable Google Consent Mode. There is no need to add the script that forces the default consent to be denied, as it is already included in the iubenda script.

About us

The solution to generate your Privacy Policy. Customizable from 1700+ clauses, available in 9 languages and self-updating

www.iubenda.com

The post Google Consent Mode: Frequently Asked Questions appeared first on Compliance Solutions for Websites, Apps and Organizations | iubenda.

Help your network stay compliant and give them 10% off

Earn a 30% cash commission by copying + sharing this update in your newsletter and on social media.

Step 1: Download the ebook

Download

Step 2: Choose your banners

Download

Download

Download

Download

Download

Download

Step 3: Copy the text below into your post

Feel free to change it up, or use it as is.

Dive into the future of digital marketing with @iubenda! Reach out to me to get their exclusive e-book on Google Consent Mode & use my link for a 10% discount: [affiliate link]

Copy

Step 4: Copy the text below into your newsletter

Feel free to change it up, or use it as is.

Subject: All you need to know about Google Consent Mode

Hi [name]!

I’m reaching out to share a new resource that I believe will help you as much as it’s helped me.

iubenda has just released an insightful e-book on Google Consent Mode – a new framework that is set to revolutionize digital marketing.

The e-book is packed with valuable information to help you stay ahead of the game. That’s why I think you should have it, too!

I’ve attached the e-book to this email, let me know what you think And if you find it useful, feel free to share it with whoever you like.

Best,

[name]

PS: Remember that you can always use my link to get a 10% discount with iubenda [affiliate link]

Copy

Step 5: Insert your affiliate link and share

Don’t forget to replace the text with your affiliate link so we can send you that sweet commission. Share it in all of your posts and newsletters to maximize your cash rewards.

Get your affiliate link

The post Google Consent Mode: download our exclusive e-book! appeared first on Compliance Solutions for Websites, Apps and Organizations | iubenda.

In the digital era, privacy and data protection are paramount. Cookie compliance has emerged as a crucial aspect to regulate cookies and similar technologies by websites, used to track user behavior and preferences or serve them personalized content like ads.

This article delves into what cookie compliance is, covering main regulations like the GDPR and CCPA/CPRA and steps toward ensuring your website meets legal requirements.

Meet legal cookie requirements the easy way

• 

  Create your free compliant cookie banner

• 

  Collect and manage cookie consent

• 

  Store your users’ preferences

Try it now

Generate your cookie banner in minutes

What is cookie compliance?

Cookie compliance is the adherence to laws and regulations like the GDPR and ePrivacy directive governing the use of cookies and similar technologies by websites online. It involves implementing a series of measures like obtaining consent before any cookies are installed via a cookie banner, providing options for managing preferences, as well as informing users via a cookie policy.

As a quick reminder, cookies are small text files stored on a user’s device when they visit a website, used to remember the their actions and preferences.

Below are 3 practical and detailed examples of cookie compliance on a website:

1. Cookie Consent Banner: Upon visiting the website, users are presented with a cookie consent banner or pop-up. This banner informs users that the site uses cookies for various purposes such as analytics, advertising, or preferences. It also includes options for users to either accept all cookies, decline all cookies except necessary ones, or customize their preferences.
2. Cookie Policy Page: A website that uses cookies typically includes a dedicated website cookie policy page accessible from the footer and through a link in the banner mentioned previously. This page provides detailed information about the types of cookies used (including third-party cookies), their purposes, and how users can manage their preferences and opt out.
3. Cookie Preferences Management: Generally part of the banner, the website displays a small privacy button on the page to allow users to easily go back to their cookie settings in more detail even after initially consenting. It empowers users to have more control over their privacy preferences.

What are the cookie compliance regulations?

The cookie compliance regulations are generally referring to two main laws that complement each other, the General Data Protection Regulation (GDPR) and the ePrivacy Directive (also known as Cookie Law) in Europe. We can also mention California’s CCPA/CPRA and PIPEDA in Canada.

In the EU, each country has a data protection authority that has been granted the duty and power to make these laws enforceable. For example, they give extensive guidance on EU cookie compliance for businesses and can distribute fines.

Learn more on each cookie compliance regulation:

GDPR: A regulation in EU law on data protection and privacy for all individuals. It is not specifically written for cookie compliance, but addresses everything surrounding personal data in general. An important concept from the GDPR is consent: it mandates that websites must obtain explicit consent from users before storing or accessing cookies on their devices, except for essential cookies necessary for the website’s operation.

ePrivacy Directive (Cookie Law): Established to put guidelines in place for the protection of electronic privacy, including email marketing and cookie usage, and it still applies today. We can think of it as complementing the GDPR. It requires websites to obtain informed consent from users before storing or accessing cookies on their devices, with some exceptions for essential cookies. The directive has been implemented differently in each EU member state.

California Consumer Privacy Act (CCPA) & California Privacy Rights Act (CPRA): Intended to enhance privacy rights and consumer protection for residents of California, United States. It requires businesses to disclose their data collection and sharing practices, including the use of cookies, and provide consumers with a right to opt out.

Are cookies allowed in the EU?

Yes, cookies are allowed in the EU. However, cookies that are not strictly necessary to browsing the site (e.g. login, account management, items saved in shopping cart), are highly regulated. The ePrivacy Directive, often referred to as the “Cookie Law,” along with the GDPR, outlines the requirements for EU cookie compliance. Websites must provide clear and detailed information about the cookies being used and obtain explicit consent from users for these non-essential cookies like analytics or ads cookies.

Using Google Ads or Google Analytics cookies? Make sure to activate Google Consent Mode to preserve essential marketing features and to get accurate conversion data through modeling. More on this here.

What is GDPR cookie compliance?

GDPR cookie compliance is a set of practices that websites must follow to align with the GDPR’s requirements on the protection of personal data in the EU. This means that if you use cookies you must:

• inform your users that your site/app (or any third-party service used by your site/app) uses cookies;
• explain, in a clear and comprehensive manner, which cookies you use and what for;
• obtain informed consent prior to the storing of those cookies on the user’s device;
• maintain records of consent and provide users with the option to withdraw consent at any time.

Check out our software solutions for a quick and easy GDPR cookie compliance here.

How do you comply with Cookie Law?

To comply with Cookie Law, you’ll need to show a compliant cookie banner (also called cookie notice or cookie popup) upon the user’s first visit, implement a cookie policy and collect user consent to these cookies – unless your website uses strictly necessary cookies only, which is highly unlikely.

Make sure to categorize cookies (i.e. necessary, performance, functionality, marketing) for clarity. And remember, as a general rule of thumb, always to provide information that is easy-to-understand, concise but precise, and unambiguous.

What is the CCPA cookie consent?

The CCPA cookie consent generally refers to your business’s obligation to disclose legally-required information including any non-essential cookies used via a notice to residents of California, USA. Although the CCPA does not require opt-in consent, the notice should provide them with an option to opt out.

One thing here to be aware of, the CCPA requires opt-in consent for the use of cookies if it relates to the sale and sharing of personal information of minors (individuals between 13 to 16 years old – if younger, you must obtain consent from their parents or guardians).

Types of Cookie Compliance Banners

• Opt-in: Users must actively agree to the use of cookies before they are set, excluding strictly necessary cookies. By “actively”, we mean they need to perform a clear and positive action like clicking on an “Accept” button. This is the case for the GDPR in the EU.
• Opt-out: Cookies are set but their use is generally disclosed in a specific notice AND users are given the option to opt-out. This is the case for the CCPA in California.
• Notice only: Users are informed about the use of cookies without explicitly asking for consent. This approach is not compliant under GDPR but may be seen under less stringent regulations.

How do I check cookie compliance?

1. Step 1: Use tools like this cookie scanner to identify all cookies your website sets on a user’s device.
2. Step 2: Implement legally-required processes like a consent banner + website cookie policy.
3. Step 3: Ensure your cookie management practices are compliant, e.g. you provide clear options to accept, reject, and manage cookies.
4. Step 4: Test across browsers and devices to make sure compliance measures are working consistently.
5. Step 5: Keep your processes up-to-date with how your site and EU cookie compliance regulations evolve.

Find out your website’s compliance rate

Scan your site for free now!

How do I become cookie compliant?

To become cookie compliant, you need to understand the specific requirements of regulations that may apply to you like the GDPR and Cookie Law, depending on where you and your users are based. You most likely have to set up a compliant cookie banner on your site, as well as a cookie policy page. For the latter, you need to conduct a thorough inventory of the cookies used on your website, including types and purposes for which they are used.

A cookie policy for website is a legal document and can be tricky to draft yourself. Same for the cookie banner, which comes with various requirements like preference management, consent collection, and can be a technical challenge to create and install on your site.

To become cookie compliant in the easiest way, try out some all-in-one software solutions like iubenda. They are expert in online compliance and have everything that you need to make your site compliant with cookie regulations.

Quick and easy cookie compliance with iubenda

Leave the tricky work to us!

Cookie banner customization + straightforward integration on your site
Cookie consent collection, preference management and records
Automatic blocking of cookies before consent is obtained
Cookie policy generation with lawyer-crafted clauses to choose from
Products updated when regulations change

The post What is Cookie Compliance? appeared first on Compliance Solutions for Websites, Apps and Organizations | iubenda.

Understanding Cookie Consent Management

Cookie Consent Managed Solution for Cookie Laws

A cookie consent manager does not just meet the regulatory needs; it is a path that connects the privacy of the user with the information transparency. Such systems make a website conform to the international privacy directives by eliciting the user’s consent to tracking cookies through a legally, ethically and entirely legit way. A good cookie consent management platform can smoothly integrate to your website by a plug-in which provides a user-friendly interface.

All-In-One Cookie Consent Manager

The attractiveness of an all-in-one cookie consent manager comes from the convenient feature that handles every aspect of cookie consent. This easy to use tool not only covers perspectives such as consent notices displayed based on the user’s location, but also it handles preferences and generates reports. 

Worldwide Cookie Consent Requirements

Global compliancy means putting up with the multitude of privacy laws in the world. Our cookie consent tool is designed to cope with the complexity by automatically adjusting cookie notices and policies to suit the requirements of different jurisdictions, giving your website all-round protection from the law whatever country your users are in.

How Cookie Consent Managers Work

These tools are made with the usability in mind, and they include the clear details about the cookies and the opportunity to add or to remove the cookies to or from the users’ device. Cookie management platforms also tend to bring efficiencies, and they are useful for organizations on showing consent tracking accuracy, which is one of the major compliance requirements for organizations, especially for those that require the approval of regulatory bodies.

FAQ

Additional Resources and Compliance Solutions

Beyond cookie consent management, our suite of compliance solutions offers tools for across the board compliance. We’re committed to providing comprehensive support to businesses looking to navigate the complexities of privacy law compliance.

Choosing the right cookie consent manager is pivotal for any website aiming to comply with global privacy laws while ensuring a seamless user experience. Our platform offers a robust, user-friendly cookie consent tool designed to simplify the management process and ensure compliance. By embracing a comprehensive cookie consent management platform, businesses can foster transparency, build trust with their audience, and navigate the regulatory landscape with confidence.

The post The Ultimate Guide to Mastering Cookie Consent Manager appeared first on Compliance Solutions for Websites, Apps and Organizations | iubenda.

Their aim? To present the draft — ‘cookie pledging principles‘ — focused on giving consumers greater control and understanding of tracking-based advertising.

The essence of this discussion was clear: how to better empower consumers in an online world often obfuscated by complex data practices. The goal is to refine these principles, with the European Data Protection Board’s (EDPB) input, and unveil the final version at the Consumer Summit in April 2024.

Let’s explore how these cookie pledging principles will impact your business, ensuring that your digital strategies are not only compliant but also resonate with a privacy-conscious consumer base.

The Pledge Principles in Summary

The principles aim to simplify cookie management for consumers while ensuring their privacy and data protection rights. Key aspects include:

Key Points from the EDPB

The EDPB’s feedback plays a crucial role in shaping these principles. Some of their key comments include:

Principle A: Consent and Essential Cookies:

The EDPB emphasizes the need for transparent and clear consent mechanisms. Notably, essential cookies, which do not require consent, shouldn’t clutter consent requests. This principal aims to simplify the information users need to process, ensuring it’s easy to understand how their personal data is handled.

• Essential cookies, which don’t require consent, shouldn’t be part of the consent request.
• Information relevant to personal data processing must be provided, even if consent for storage/access isn’t required.

For managing essential cookies and providing relevant information about personal data processing, use iubenda’s tools for creating cookie banners, privacy policies, and ensuring clarity in consent. 

For managing essential cookies and providing relevant information about personal data processing, use iubenda’s tools for creating cookie banners, privacy policies, and ensuring clarity in consent. 

Principles B, C, and D: ‘Pay or Okay’ System:

These principles address the ‘pay or okay’ system, where consumers often face a choice between accepting tracking or paying for content. The EDPB advocates for upfront explanations of such business models. The focus is on clear, simple language explaining the implications of accepting or rejecting trackers, and offering less intrusive advertising alternatives.

• Websites/apps should upfront disclose if their content is financed through advertising.
• Choices regarding trackers should be clear and easy to understand.
• An alternative to tracking-based advertising should be offered.

iubenda offers comprehensive solutions to ensure websites and apps are compliant with various laws, including the ePrivacy Directive and GDPR. Our tools are beneficial for evaluating each instance of information access or storage in terminal equipment. Learn more here →

Principle E: Consent Specificity:

To combat the overwhelming nature of cookie consent, the EDPB suggests a more streamlined approach. Users should not have to consent to every single tracker, reducing the complexity and making the choice more effective.

• Consent must be free, informed, and specific.
• Gatekeepers under the Digital Markets Act must offer less personalized alternatives to users.

For ensuring that consent is free, informed, and specific, and to comply with the Digital Markets Act, iubenda’s privacy controls and cookie solution can be customized and assist in meeting these requirements.

Principle F: Business Model Consent:

The principle states that separate consent for cookies used in the chosen advertising model isn’t needed once the consumer has agreed to the business model. This approach aims to reduce ‘cookie fatigue’ and align the consent process more closely with consumer choices.

Principle G: Duration of Consent:

A significant change is the recommendation that consent requests should not be repeated within a one-year period. This principle respects the consumer’s choice and aims to alleviate the annoyance of repeated consent prompts.

Principle H: Application Settings:

The EDPB recognizes the potential of software applications in empowering users to manage their cookie preferences. This principle supports settings that allow users to preset their preferences, further simplifying the consent process.

Next Steps

Stakeholders will discuss these principles further, considering voluntary adoption as a step forward. The objective is to finalize these principles in early 2024, following input from the EDPB and stakeholders.

These principles mark a significant step in enhancing consumer privacy and choice in the digital age. They reflect a growing awareness of the need for clarity and simplicity in digital advertising practices. As the European Commission and stakeholders continue to fine-tune these principles, further to the insight given by the EDPB, the anticipation grows for their final presentation at the Consumer Summit in April 2024. This collaboration is a testament to the ongoing effort to balance the scales between digital business models and consumer rights, paving the way for a more transparent and user-friendly digital future.

The post Simplifying Cookie Consent: The European Commission’s Approach appeared first on Compliance Solutions for Websites, Apps and Organizations | iubenda.

Element #1

• Information about the fact that information is stored on and/or accessed from the user’s device (e.g. use of cookies, device identifiers, or other device data)

• Information about the fact that personal data is processed, and the nature of the personal data processed (e.g. unique identifiers, browsing data)

Element #2

• The total number of vendors AND a link to the complete list

Remember to restrict the number of vendors you work with, since an inappropriately large number of vendors may affect the ability of users to make informed decisions and may increase legal risks for both publishers and vendors.

To do so we strongly recommend using our Privacy and Cookie Policy Generator as the Preferred Method for selecting relevant vendors and in order for the Privacy and Cookie Controls Solution to automatically update accordingly.

You can use the %{total_number_of_ads_vendors} shortcode in order to show the count of the vendors included in your Privacy and Cookie Policy or in the CS parameter value (if you choose to manually insert them).

Without a selection, the Privacy Controls and Cookie Solution will display all TCF vendors, potentially breaching TCF policies.

Element #3

• List of Special features (using at least the standardized names and/or Stack names provided by IAB)

Element #4

• List of Purposes (using at least the standardized names and/or stack names provided by IAB)

Publishers are free to choose which TCF purposes to prompt, therefore they will be required to list only those purposes actually pursued. By default, the standard text uses the stack 42 (that includes all purposes from 2 to 11).

Remember there is a new purpose 11 under TCF v 2.2 that was not present in TCF v 2.1.

Element #5

• Information about the fact that the user can withdraw their consent at any time, and how to resurface the Framework UI in order to do so

Remember to display the Privacy widget or a custom link on every page of your website to allow your users to easily access and edit their preferences.

Element #6

• A call to action for the user to express their consent (for example “Accept”, “Okay”, “Approve”, etc.) and one to customise their choices (for example “Advanced Settings”, “Customise Choices”, etc.)

Calls to action in a Framework UI must not be invisible, illegible, or appear disabled. While calls to action do not need to be identical, to ensure they are clearly visible, they must have matching text treatment (font, font size, font style) and, for the text of each, a minimum contrast ratio of 5 to 1.

The post TCF v 2.2 Initial Layer (Banner) Requirements appeared first on Compliance Solutions for Websites, Apps and Organizations | iubenda.

Timeline

iubenda, as a Certified Consent Management Platform, is fully on board with TCF 2.2.

Here’s a brief timeline of important dates:

• 6th November 2023
  Default value for tcfVersion in Privacy Controls and Cookie Solution shifts to 2.2. If you prefer the older 2.1 version after this date, you’ll have to manually set it.
• 20th November 2023
  End of the Implementation Period. After this, TCF v. 2.1 signals won’t be valid anymore. Users must switch to v. 2.2 for valid consents.

How to enable TCF 2.2 with iubenda

Choose one of the two methods below to activate TCF v. 2.2:

Method 1 (preferred) – Use iubenda’s Privacy and Cookie Policy Generator

• Go to your dashboard: Click on the site/app you want to update.
• First, select the TCF-related vendors in the services modal of the Privacy and Cookie Policy Generator, our scanner should suggest them to you (alternatively, you can find them in the “Advertising” category).



• Next, go to the Privacy Controls and Cookie Solution configurator.
• Activate the “IAB TCF” tile (if it’s not already enabled) and click “Edit”.
• Choose version “TCF v. 2.2”.
• Save and update the cookie banner integration code on your site.

Need a different method? Expand for Manual Vendor Insertion:

Additional Notes

• For those using the older 2.1 version, manually set it by November 6th. After November 20th, only TCF v. 2.2 consents will be valid.
• The Privacy Controls and Cookie Solution will auto-update when you add or remove any TCF service.
• If TCF v. 2.2 is activated but no TCF vendors are found, iubenda will display an alert.
• Without selecting specific vendors, the system might display all TCF vendors. This blanket display could inadvertently breach TCF policies, so be cautious and intentional in your selections.
• If you’ve customized the text of your cookie banner, please review the IAB guidelines and contact us for verification.

The post IAB TCF 2.2 – What you need to do appeared first on Compliance Solutions for Websites, Apps and Organizations | iubenda.

Why DPA Inspections Matter

DPA inspections, conducted by Data Protection Authorities, play a vital role in safeguarding individuals’ privacy rights and ensuring businesses adhere to data protection regulations. These inspections typically arise from user reports or random checks within specific industries. Data Protection Authorities are responsible for verifying claims, investigating allegations, and enforcing compliance with data protection laws.

The Inspection Process

DPA inspections typically involve several key steps, and these steps may vary depending on the specific authority conducting the inspection. The typical process involves:

1. User Complaint or Random Check: Inspections may be triggered by a user complaint or randomly selected by the DPA. 
2. Initiation of the Inspection: the DPAs may either notify businesses beforehand or conduct unexpected in-person or online inspections.
3. Checking the Preference Log: The DPA generally proceeds to examine the business’s preference log to determine if the reporting user is present within the system. This log contains important information about user consent and preferences.
4. Reviewing the Consent Flow: If the user is identified in the preference log, the DPA would typically review the “consent flow” implemented by the business. The consent flow outlines the necessary steps taken to obtain and record user consent.
5. Providing Proof of Compliance: Finally, the business must provide proof that it followed all the required steps as outlined in the consent flow to obtain the consent of the user. This is where maintaining a comprehensive Consent Preference Log becomes crucial.

Stand Ready for DPA Inspections

Equip your business to confidently face DPA inspections with the new Essentials plan, now including our Cookie and Consent Preference Log to simplify the management of user consent and streamline the compliance process.

Enjoy $143 in savings with the new Essentials plan, which also gives you the option to:

• Generate a Cookie Policy that you can easily connect to your cookie banner or notice.
• Add up to 20 services (instead of 4) to your Privacy and Cookie Policy.
• Keep all the functionalities and customization options you currently have.

Frequently asked questions on the Cookie and Consent Preference Log

The post Understanding DPA Inspections: Why Proof of Consent is Crucial appeared first on Compliance Solutions for Websites, Apps and Organizations | iubenda.

Your consents may be valid, but if you cannot prove them, they are worthless. 

Why is this important for YOUR business? 

This news highlights how critical it is to prove consents. The business was collecting consent but couldn’t prove it according to the GDPR. 

You must prepare unambiguous proof of consent that includes details such as when and by whom consent was given, what preferences were expressed, legal or privacy notices in effect when consent was collected, and whether consent was withdrawn. 

How to collect proof of consent?

Collecting proof of consent that meets all these requirements can be challenging, but iubenda’s Consent Database can help your businesses adapt its forms and store proof of consent seamlessly while syncing with its legal documents and providing an intuitive dashboard for retrieving consents at any time. 

It is essential for businesses to be aware of the GDPR’s requirements for obtaining and proving the validity of consent to avoid potential fines and legal issues.

Trusted by over 90,000 clients in 100+ countries

The post Can you prove your consents are valid?  appeared first on Compliance Solutions for Websites, Apps and Organizations | iubenda.

In this article, we’ll discuss everything you need to know about cookie banners, from what they are and how they work, to why you need one and how to design an effective cookie banner for your website.

Important news On May 17, 2023, the German Data Protection Authority of Lower Saxony (LfD) made a decision regarding the use of a consent banner as a cookie pay wall on the popular German-language tech news site, heise.de. The authority found that this practice infringed several articles of the GDPR. For more details on this case, please see here →

Guidelines for Each Global Privacy Regulation

Different global privacy regulations have specific guidelines for obtaining user consent for cookies. For example:

• For Europe, the General Data Protection Regulation (GDPR) requires that users provide “specific, informed, and unambiguous” consent before cookies are placed on their devices.And specifically, the ePrivacy Directive, also known as the Cookie Law, is a European Union directive that regulates the use of cookies and similar technologies for storing and accessing information on users’ devices, requires website owners to obtain user consent before using cookies or similar technologies, unless the cookies are strictly necessary for the operation of the website.
  • The ePrivacy Directive applies to all websites that are based in Europe or that are targeted to EU residents. It requires website owners to provide clear and comprehensive information about the types of cookies used on the website, the purpose of the cookies, and how users can opt out of cookies.
• For the US, state privacy legislations do not regulate cookies and other trackers and the mechanism is mainly based on opt-out. This means that the processing of personal data (sale, sharing, targeted advertising) can generally be performed right away without the user’s prior consent and up until the moment in which the user actively denies its consent. It is therefore necessary to provide ways to do so according to the requirements by the various laws in force in the US.
  • In this sense, a cookie banner may be the most effective and simple option where users can find all their privacy options, based on the type of processing made by the website.

Not sure what privacy laws actually apply to you?

---

Then this quiz may be useful!

Do this free 1-min quiz to find out

How to Design an Effective Cookie Banner

When designing a cookie banner, there are certain best practices that should be followed to ensure that it is effective in obtaining user consent while also being user-friendly.

• First, make sure that the banner is prominently displayed on the website and is easy to understand.
• It should link to a cookie policy and clearly explain what cookies are being used, their purposes and any related third-party processing involved.
• Additionally, it should provide users with a clear option to accept or reject cookies, as well as an option to change their preferences at a later time.
• When obtaining user consent, it is important to ensure that it is freely given, specific, informed, and unambiguous. This means that users should be given a clear and concise explanation of what they are consenting to.
• To make the cookie banner feel like a natural part of your website, use brand colors and design elements that match the overall aesthetic. This approach can help to improve usability and create a seamless user experience.

By following these guidelines, website owners can design an effective and user-friendly cookie banner that helps them meet their legal obligations

Cookie Banner Examples

Here are some excellent cookie banner examples that are legally compliant – once implemented in accordance with the law.

1. This one belongs to The Spectator:



2. When you visit MaxMara’s website, this one will greet you:



This banner, properly informs users about data collection to obtain their consent, and provides information about data processing with a link to privacy and cookie policy, is readable, and easy to understand and doesn’t mislead the user to provide consent.

3. In this example from lastminute.com, the visual design reflects the company’s branding:

In conclusion, cookie banners are an important tool for website owners to comply with privacy regulations and protect user privacy.

By providing users with clear information about the use of cookies and obtaining their consent, website owners can avoid fines and legal action. Remember, when implementing a cookie banner, one of the most important aspects is to ensure that users can make informed choices about the use of cookies.

But don’t worry! Compliance doesn’t have to be difficult.

Our Privacy Controls and Cookie Solution allows you to manage all aspects of cookies, in particular:

• easily inform users via cookie banner and a dedicated cookie policy page;
• obtain and save cookie consent settings;
• preventively block cookies prior to consent; and
• keep track of consent and save consent settings for each user for up to 12 months from the last site visit.

About us

Attorney-level solutions to make your websites and apps compliant with the law across multiple countries and legislations.

www.iubenda.com

The post Cookie banner: What are Cookie Banners? And why do you need one + Examples appeared first on Compliance Solutions for Websites, Apps and Organizations | iubenda.

• What is an unsubscribe link?
• Why you definitely need an unsubscribe link
• Email unsubscribe links and the law
• How to add an unsubscribe link to an email?
• Make your newsletter compliant with the law

Why do you need an unsubscribe link?

Find out useful feedback: If you’re sending a confirmation email to customers who have unsubscribed from your mailing list, you can take advantage of this to learn more about their reasons for unsubscribing. 

Don’t be labeled as spam: By having an unsubscribe link in your emails, you increase the likelihood that they will land in the inbox rather than the spam folder. This is also true since consumers will likely mark your email as spam if they do not want to receive your newsletters and cannot find an unsubscribe link when searching for one.

Email unsubscribe links and the law

Due to the requirement of an unsubscribe link under anti-spam legislations, each nation has its own laws.

  If the GDPR applies to you, you must give users the right to withdraw their consent, or you’ll be in violation of the law. 

So under consent rights, the user has to: 

• Opt in with freely given informed consent, and
• have the ability to withdraw consent in a manner equally easy as it was to grant consent

The US’s CAN SPAN Act: According to this Act, which is strictly enforced by the Federal Trade Commission, you are required to provide a very easy option for subscribers to unsubscribe from your commercial messages: Inform recipients of how to stop receiving your emails in the future.

How to add an unsubscribe link to an email?

Adding an unsubscribe link to your email is an important aspect of email marketing compliance and customer satisfaction. Here are the steps to add an unsubscribe link to your email:

• Choose the right email service provider: Most email marketing platforms, like Mailchimp, Constant Contact, or Campaign Monitor, have built-in unsubscribe functionality that you can easily add to your emails.
• Create an unsubscribe link: Once you have selected an email marketing platform, you can create an unsubscribe link by adding a merge tag or personalization tag to your email content. The merge tag is usually something like [unsubscribe], [opt-out], or [manage preferences], which will automatically generate an unsubscribe link in your email.
• Place the unsubscribe link in the email: You can place the unsubscribe link at the bottom of your email in a prominent location, such as the footer. This will ensure that subscribers can easily find and click the link to opt-out of future emails.
• Test the unsubscribe link: Before sending the email, it is important to test the unsubscribe link to ensure that it works properly. Click on the link yourself and make sure that it takes you to a confirmation page or a page where you can manage your email preferences.

By following these simple steps, you can easily add an unsubscribe link to your email and ensure that your subscribers have the option to opt-out of your emails, which can help improve your email marketing compliance and customer satisfaction.

Make your newsletter compliant with the law

It is usually a good idea to approach your data processing activities with the tightest available requirements in mind when it comes to compliance. Compliance requires you to at least implement the following in relation to the newsletter process:

 Step 1: Inform your users of the data you collect, why, and the method of delivery (If you’re using direct email marking, make sure to include this in your privacy policy)
 Step 2: Inform your users of all third-party providers involved in your newsletter management process, including links to their privacy documents and their rights in regard to their data (including the right to withdraw consent).
 Step 3: Keep valid records of the consent collected. Without these records, the consent you collect is considered invalid.

Easily get started with the iubenda privacy policy generator!

1. First, click add a service and start typing the name of the service you’d like to add; then
2. fill out your web/app owner and contact details; finally
3. embed on a location that is easily accessible and visible to users.

Once you’re finished with the privacy documents, don’t forget to set up your consent records to keep track of users who have given consent and those that have opted out. 

The post Unsubscribe link: Why you need it for marketing & how to set one up appeared first on Compliance Solutions for Websites, Apps and Organizations | iubenda.

This article delves into the essence of cookie text, its legal nuances, and practical applications for gaining insights into user preferences without breaching privacy laws.

Let’s see!

What is a Cookie?

A cookie is a piece of data used by websites to remember users’ preferences, such as login credentials or items added to a shopping cart. By using cookies, websites can offer a more personalized experience for their users and improve their browsing experience.

And basically, it works like this:

When a user visits a website, the website sends a cookie to the user’s device, which is stored in the browser’s memory.

The cookie contains information such as the user’s preferences, login information, and browsing history. This information can be used to personalize the user’s experience on the website, such as by displaying customized content or remembering their shopping cart contents.

Cookies are essential for providing a seamless and personalized browsing experience, but they also raise challenges about data privacy and security, and that is exactly what we call a cookie text.

What is Cookie Text?

Cookie text is the message displayed on a website that informs users about the use of cookies on the site. It’s also known as a cookie banner or cookie notice and usually includes a brief explanation of the types of cookies used and their purposes, as well as options for users to accept, reject, or manage their use.

Website owners must ensure that their cookie text is clear, concise, and easy to understand, so that users can make informed decisions about their data privacy.

The term “cookie” is supposed to have its origins in Lou Montulli, a computer programmer, in the early 1990s. And it seems to originate from a common practice in the kitchen of his grandmother, who would reward him and his sister with a cookie each time they did their homework.

Similarly, the text file would act as a reward for the website user, storing their preferences for future visits. The term “cookie” caught on, and is now a widely recognized term in the digital and data privacy world.

The Importance of Cookie Text

Cookie text is important for both website owners and users.

For website owners, cookie text can improve user experience by providing transparency about the use of cookies and giving users the ability to manage their preferences.

Additionally, cookie text can help website owners comply with data privacy laws, which require websites to obtain user consent before collecting their data.

For users, cookie text provides important information about how their data is being used, and gives them the ability to control their privacy settings.

GDPR Cookie Text Requirements

GDPR Compliance for Cookie Usage

There are various laws and regulations around the use of cookies and cookie text, which website owners must comply with:

• The General Data Protection Regulation (GDPR) in the European Union requires website owners to obtain user consent before gathering or processing their data, including the use of cookies. Here are 5 things you need to do now to comply with the GDPR

• Similarly, the ePrivacy Directive mandates that website owners must inform users about the use of cookies and obtain their consent before storing or accessing any non-essential cookies.

• In the United States, the California Privacy Rights Act (CPRA) and other state laws require websites to disclose their use of cookies and provide users with the ability to opt-out of their use.

Not sure what privacy laws actually apply to you?

---

Do this free 1-min quiz

How to Use Cookie Text

Implementing cookie text on a website might not be a straightforward process.

• First, website owners must determine which cookies they are using and whether they are essential or non-essential.
• Next, they should create a cookie text policy that outlines their use of cookies and provide users with clear and concise information about what data is being collected and how it will be used. It is important to provide users with an option to manage their cookie preferences, including the ability to opt-out of non-essential cookies.

There are various tools available to help website owners generate a cookie policy and implement cookie text, such as cookie consent management platforms.

Want to know what’s the meaning of “accept cookies”?

---

See our article on what accepting cookies really means

The cookie banner below is an example of a compliant cookie notice – once implemented in accordance with the law.

Remember that cookie notices are just one part of the cookie consent management requirements of the Cookie Law and GDPR. In order to be fully compliant, you must also link to an accurate cookie policy and block cookies prior to user consent.

Who needs a cookie banner or cookie text?

Any site or app running non-exempt cookies or scripts that could either:

• have EU based users (i.e any website running cookies that isn’t actively blocking EU based users);
• or any website or app belonging to an EU-based entity (company, sole trader, public institution etc.) whether or not their users are based in the EU.

In the United States, there is currently no federal privacy law that sets out clear guidelines for cookie control or cookie consent.

In the absence of federal legislation, many websites operating in the US choose to adopt privacy control measures that comply with the strictest state laws, such as the CPRA, to ensure they are in compliance with regulations.

But don’t worry! Compliance doesn’t have to be difficult.

Our Privacy Controls and Cookie Solution allows you to manage all aspects of cookies, in particular:

• easily inform users via cookie banner and a dedicated cookie policy page;
• obtain and save cookie consent settings;
• preventively block cookies prior to consent; and
• keep track of consent and save consent settings for each user for up to 12 months from the last site visit.

FAQs

The post The ABCs of Cookie Text: Understanding Its Importance appeared first on Compliance Solutions for Websites, Apps and Organizations | iubenda.

In this article, we’ll cover what cookie control is and how you can manage it on your website. We’ll also discuss the rules and regulations surrounding cookies and provide tips for avoiding common mistakes.

What are cookies, and why are they used?

Cookies are small text files that websites store on users’ devices. They enable websites to remember user preferences, and they can have different purposes, including the following:

• To give you a more enhanced experience of the website you’re visiting: trackers can remember your password or the items you’ve added to your cart during online shopping;
• To track your online behavior and/ or give you targeted offers and advice: trackers are the reason behind these shoes you’ve looked for online and that now keep popping up everywhere!

However, cookies can also raise privacy concerns, particularly when they’re used for tracking purposes.

In addition, under most privacy laws, it is crucial to obtain user consent before storing cookies on their devices and to provide the option to withdraw consent and control the data collected through cookies. Not doing so, can lead to hefty fines!

Cookie Control: What are the rules on cookies?

Cookie control regulations vary by region, with the EU and the US having different requirements.

In the EU, the General Data Protection Regulation (GDPR) sets out specific rules for obtaining user consent.

While in the US, there is no federal law governing cookie control. However, some states have enacted their own laws, such as the California Privacy Rights Act (CPRA), the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act (CPA), among others.

Let’s take a look!

Cookie Control in the EU

In the EU, cookie control is governed by the General Data Protection Regulation (GDPR) and the ePrivacy Directive (or Cookie Law). This regulation requires website owners to obtain explicit user consent before setting non-essential cookies, such as those used for tracking and advertising purposes.

The cookie notice must:

• briefly explain the purpose of the installation of cookies that the site uses;
• clearly state which action will signify consent;
• be sufficiently noticeable;
• link to a cookie policy or make details of the categories of cookies, cookie purposes, usage, and related third-party activity, available.

Additionally, the Cookie Law requires users’ informed consent before storing or accessing information on user’s devices.

This means that if you use cookies, you must:

• inform your users that your site/app (or any third-party service used by your site/app) uses cookies;
• explain, in a clear and comprehensive manner, how cookies work and what you use them for;
• obtain informed consent prior to the storing of those cookies on the user’s device.

Remember, the consent must be freely given, specific, informed, and unambiguous. This means that users must be fully informed about the purpose of the cookies and must actively consent to their use.

Failure to comply with the GDPR’s cookie control requirements can result in hefty fines and legal consequences.

Cookie Control in the US

In the United States, there is currently no federal privacy law that sets out clear guidelines for cookie control or cookie consent.

In the absence of federal legislation, many websites operating in the US choose to adopt privacy control measures that comply with the strictest state laws, such as the CPRA, to ensure they are in compliance with regulations.

Specifically, if you process consumers’ personal information for certain purposes, including but not limited to, targeted advertising, sale or sharing, some of the US state privacy laws, such as the CPRA (CCPA amendment) and VCDPA, require you to:

• clearly inform users about this processing and their right to opt out;
• provide your users with easily accessible privacy controls to exercise their right to opt out at any time and respect their choices.

Check an US State Privacy Laws Overview

Not sure what privacy laws actually apply to you?

---

Do this free 1-min quiz

How to manage cookie control

To manage cookie control on your website, you can take the following steps:

• Identify what cookies your site uses
• Choose a cookie management tool that suits your website’s needs and covers the legislation that may apply to you.
• Customize your cookie banner or pop-up to reflect your website’s branding and message.
• Implement user consent options for the types of cookies used on your site, in accordance with the laws that apply to you.
• Regularly update your cookie policy page with the latest information on your site’s use of cookies and how users can manage their preferences.

By taking these steps, you can help ensure that your website is in compliance with relevant privacy regulations and protect the privacy of your site’s visitors.

How can I comply with all these requirements?

As you see, being compliant requires a series of careful evaluations. A careless approach could expose you to massive fines and official reprimands.

That’s why it’s always wise to seek professional advice or rely on quality software, like iubenda!

It’s easy:

Select the services/technologies used on your website that collect personal data;
Choose whether to comply with US and/or European laws simultaneously, in one click;
Generate automatically a privacy policy with all country-specific disclosures;
Customize and display a consent banner, set prior blocking of trackers!

iubenda provides a full set of solutions to help you comply with the cookie requirements, taking the guesswork out of compliance.

The post Cookie Control Made Easy: What Is Cookie Control and How to Manage It? appeared first on Compliance Solutions for Websites, Apps and Organizations | iubenda.

In this article, we will give you an overview of consent records and how you can manage them, as well as some useful tips to help you take informed decisions about the personal data of your users. Keep reading!

What are Consent Records?

Consent records serve as proof of consent, and it’s a requirement under laws such as the GDPR, which in particular requires, according to Art. 30 of the GDPR, to create records of processing activities and to have an overview of the procedures by which personal data are processed. Therefore, data protection authorities will often ask for consent records, especially if there has been any kind of complaint.

Why You Need Consent Records

As mentioned before, consent records or consent proofs under GDPR are an obligation, and must include significant information about data processing, including the categories of data, the group of data subjects, the purpose of the processing, and the data recipients. This information should be made available to authorities upon request.

They also serve to protect you if you are challenged, if a customer makes a complaint, or if the DPA (Data Protection Authorities) simply decides to investigate you.

For US customers or even for people to whom the GDPR does not apply, it can be useful to have consent records, especially if you are governed by laws such as the US.

How to Keep Consent Records

Because consent under the GDPR is such an important issue, it’s mandatory that you keep clear records and that you’re able to demonstrate that the user has given consent; should problems arise, the burden of proof lies with the data controller, so keeping accurate records is vital.

The records should include:

• who provided the consent;
• when and how consent was acquired from the individual user;
• the consent collection form they were presented with at the time of the collection;
• which conditions and legal documents were applicable at the time that the consent was acquired.

Read our article for an overview of what are the different types of consent.

The Importance of Reviewing and Updating Consent Records

This is what you need to keep on top of:

• Ensure accuracy: By regularly reviewing and updating consent records, you can detect any inaccuracies or outdated information and make necessary corrections.
• Comply with regulations: Regulations and laws related to consent can change over time, so it is important to regularly review and update your documents to ensure that your organization is in compliance with current laws and regulations.

• Reflect changes in circumstances: Individuals’ circumstances and preferences may change over time, so it is important to periodically review and update your proofs of consent to reflect these changes.
• Maintaining privacy and confidentiality: Regularly reviewing and updating consent records helps to maintain the privacy and confidentiality of the individuals involved.

Luckily, our Consent Database does all of this automatically, so you don’t have to do it manually yourself.

What does this mean for a website or e-commerce owner?:

As a website or e-commerce owner, it is crucial to understand the regulations enacted by Data Protection Authorities that govern consent records and avoid potential legal consequences.

If European laws apply to you, and you are running cookies and trackers and collecting consent via a consent banner, be aware that you will need consent records. Fortunately, it’s also integrated into the Privacy Controls and Cookie Solution to help you manage every aspect of cookie consent and privacy preferences across multiple locations.

How to be compliant easily

Meeting the regulations can be a technical challenge to implement in practical terms, luckily we have these pretty awesome solutions that will make it easy to comply with the different regulations.

• iubenda ensures that you comply with the GDPR, the Cookie Law, and third party requirements. It’s also simple to use. The Privacy Controls and Cookie Solution includes all the necessary tools to facilitate compliance with the cookie law.

• With the Cookie and Consent Preference Logs available in our Privacy Controls and Cookie Solution, you can easily store and manage GDPR proofs of your users’ consent preferences.

About us

The solution to draft, update and maintain your Terms and Conditions. Optimised for eCommerce, marketplace, SaaS, apps & more.

www.iubenda.com

The post Consent records 101: What You Need to Know About Consent Records appeared first on Compliance Solutions for Websites, Apps and Organizations | iubenda.

In this post, we will explore the key aspects of the different types of consent and how they can help you to comply with the law.

Expressed Consent

Expressed consent, also known as explicit, direct, or active consent, occurs when someone explicitly agrees to the collection, use, or sharing of their personal data.

In this particular case, the user must take an active action to allow consent, for example by clicking on “Accept” or “Allow“ on a cookie banner, or agreeing to a privacy policy.

For example:

• When you first visit a website, usually there is a pop-up asking for your permission to use cookies, and it requests your consent to install them.
• When signing up for a new app, you may be prompted to agree to the app’s privacy policy, outlining the app’s use of personal data.

Collecting cookie consent? Check out this cookie consent forms examples and make sure you are doing in the right way.

Informed Consent

Informed consent means that individuals are fully aware of what they are consenting to before they give their permission. This includes clear explanations about what data is collected, how it will be used, who it will be shared with, and the potential consequences of consenting.

For example:

• When a user is asked to agree to a privacy policy or terms of service, the information provided must be easy to understand and comprehensive, so the user knows exactly what they’re agreeing to.

Implied Consent

When a user’s actions imply that they agree to the collection, use, or sharing of their personal data without directly agreeing to it, then we talk about implied consent, also known as indirect or passive consent.

For example:

• A user visits an e-commerce site and adds items to their shopping cart. As a result, the website processes their personal data, such as their name, address, and payment information, to complete the transaction. The person implicitly consents to the processing of their data to fulfil the purchase.

In this case, the website must provide clear information about the data processing activities, including the types of personal data processed, the purposes for the processing, and the person’s rights in relation to their data.

Granular Consent

Granular consent means giving individuals control over specific aspects of data processing, rather than a blanket “yes” or “no” to everything. This allows users to consent to some uses of their data but not others.

For example:

• Allowing marketing emails but not sharing data with third parties.
• Consenting to location tracking but opting out of personalized ads.

Opt-in Consent

Opt-In consent refers to a situation in which a user actively chooses to agree to the collection, use, or sharing of their personal data.

For example,

• When signing up for a newsletter, a user may be asked if they would like to receive marketing emails. If the user agrees, this is an example of opt-in consent.
• When an app asks for permission to access a user’s location data, the user must choose to allow or deny this request.

Opt-In Consent gives individuals a clear and active choice in the use of their personal data, and is a key aspect of data privacy and is the process used under European and other data protection rules.

Under EU law (both GDPR and Cookie Law/ePrivacy), even when consent is given, people have the right to opt out and should always be informed of how they can do that.

Opt-out Consent

Opt-out consent refers to a situation in which an individual is automatically enrolled in the collection, use, or sharing of their personal data, but has the option to withdraw consent.

For example:

• When a customer creates an account with a website, they may be automatically enrolled in the site’s marketing emails, but can choose to opt out and stop receiving them*.
• When an app collects data for analytics purposes, the user may be given the option to opt out of this data collection in the app’s settings.

*Note that this type of consent is typically not allowed under most European laws, though it is allowed currently under most US data privacy laws.

Opt-out consent (also called passive consent) assumes that individuals consent to the use of their personal data unless they take action to opt out.

Check out this article to learn more about what means to opt-in and opt-out.

Withdrawable Consent

Withdrawable consent recognizes that individuals should have the ongoing right to change their mind and revoke their consent at any time, without penalty or difficulty.

For example:

• A user who initially agrees to receive newsletters can unsubscribe at any moment.
• An app user who granted location access can later disable it in settings.

As already mentioned, it is essential to understand the different types of consent in order to better process personal data and protect your customers’ personal data, make sure that you are aligned with the legal requirements that apply to you.

How Should You Manage Cookie Consent in Order to Be Compliant

As you can read in this post, managing consent is not simple and easy, it can be quite difficult to know the right things to do.

Our solution simplifies this process by helping you to create your cookie banner with the Privacy Controls and Cookie Solution.

• The automatic configuration based on location will make it all easier (and quicker) and help you to comply with all the laws that apply to you and preventively block scripts prior to opt-in consent for European users.
• All the best practices to boost consents are default settings for your cookie banner.
• Easily store proofs of users’ preferences; and manage consent and privacy preferences for each of your users with the Privacy Controls and Cookie Solution.
• And you have the freedom to customize everything as you like.

About us

Cookie consent management for the ePrivacy, GDPR and CCPA

www.iubenda.com

The post What are the different types of consent? appeared first on Compliance Solutions for Websites, Apps and Organizations | iubenda.

But what exactly are they and why are they used? Does the law say something about digital dark patterns? Or are you accidentally using a dark pattern, too?

In this post, we answer all these questions!

What are dark patterns?

Dark patterns definition
Dark patterns are where design elements are used to influence people’s decisions and trick them into doing things they didn’t mean to do.

The term was first used in 2010 by the designer Harry Brignull, who has also created a website where he keeps a record of all the dark patterns on the web.

In recent times, dark patterns have been on the rise. In fact, you’ve probably fallen victim to dark patterns without realizing it.

Despite their popularity, dark patterns are not a good idea for many reasons which we’ll explore below. But first, let’s have a look at some examples.

Are dark patterns legal?

While the phrase “dark pattern” was not explicitly referenced under laws like the GDPR, many of the deceptive practices have always been at odds with legal requirements.

Laws like the GDPR mandate that consent be “freely given” and directly mention that it should be as easy to withdraw consent as it is to give it.

Despite this, the use of dark patterns has been on the rise, leading Data Protection Authorities across the world to address it more directly.

Now, more than ever, privacy is a big concern for many people. So it’s important to act in compliance with data privacy legislations and process users’ data in alignment with the law.

Dark patterns are not the right way to get consent from your users.

Of course, they are forbidden. But it’s not just that!

Collecting consents through deceptive designs could invalidate the data you’ve collected and really damage your reputation as a business.

With that said, there are ways to improve your consent rates while staying on the right side of the law.

How to improve cookie consent rates

Dark patterns aren’t the only way to improve things like consent rates. In fact, doing things the right way will help you to avoid expensive, unpleasant surprises (see NOYB complaints), and will also help you to gain your users’ trust.

Curious to discover how your cookie consent rate compares?

---

Take this quick survey and find out!

Based on our research, here are 5 tips to help improve your cookie consent rate – while still respecting your users and the law:

1. Make it easy for users to give granular consent.

Making it easy for users to see the specific reasons you’d like their consent and what it’s for is not only a great way to gain their trust, but it also increases the opportunities for consent.

For example, a user who might not want to be tracked for advertising may still choose to consent to cookies for measurement if given the choice. This can improve your consent rates because users can make a more conscious choice, and not just reject all cookies at once.

Here’s how to do it

Make sure that the CMS you’re using allows granular consent and activate it.

If you’re using iubenda, this will be selected by default. In cases where you might have deselected this option for some reason, you can simply go to your Privacy Controls and Cookie Solution dashboard, and make sure that the Learn more and customize button is selected.

2. Allow users to easily update their preferences

Humans in general often change their minds – and your users are no exception. Making it easy for users to update their consent preferences can benefit your site in several ways. Firstly, it’s great for transparency and user experience. Secondly, it gives you more opportunities for consent.

Let’s say that some element on your website (eg. a video) can’t load because users have rejected cookies. By making it easy for users to edit their preferences, you’re both making their experience better and increasing your chances to get new consent.

Here’s how to do it

Add a widget on your home page that allows users to reopen the preferences panel.

Our Privacy Controls and Cookie Solution configurator has a specific section for the privacy widget: you can choose its look, position, colors, and more.

3. Tell your users why you’re using cookies

You shouldbe transparent about the purposes of cookies and the categories you’re using. Avoid misleading descriptions or classifying non-essential cookies as technical cookies, that is deceptive.

But it’s not just about transparency here.

In her study, Doctor Ellen Langer demonstrated the power of the word “because”. She found out that people generally tend to agree with something if you explain why they should.

Here’s how to do it

You need to add all this information in your cookie policy. It can be a part of your privacy policy, or a different document. Remember to link it within your banner.

Need to create one? Check iubenda’s Privacy and Cookie Policy Generator.

4. Add your logo to the cookie banner

A logo is the equivalent of your company’s face.

We’ve found that cookie banners that have a logo usually tend to have a higher consent rate.

That’s because people are more likely to trust companies that they can recognize at a glance and are honest about their privacy practices.

Here’s how to do it

When creating your cookie banner, add your logo and make it clearly visible.

If you’re using iubenda, you can just upload the logo of your company and remove iubenda’s branding. In this way, the cookie banner will look as a native part of your website.

5. Place your cookie banner on the top of the page

In our research, we’ve found that the position of your banner could make a difference in your consent rates. For example, placing your banner at the top of your page could boost your consent rates by 16%.

Here’s how to do it

It’s really easy: when embedding your banner, choose the top of the page.

If you’re using iubenda, our Privacy Controls and Cookie Solution allows you to choose the placement you like the most and see the result live with the visual dashboard.

Is there a simple way to do all this?

Yes!

You should rely on a CMP that is built keeping in mind the strictest regulations and the best practices to increase your consent rates.

Our Privacy Controls and Cookie Solution does just that.

• The configuration based on location makes sure that you’re complying with all the laws that apply to you.
• All the best practices to boost consents are default settings for your cookie banner.
• And you have the freedom to customize everything as you like.

See more,

• 5 Ethical Marketing Hacks
• Maximizing Your Marketing Strategy with Retargeting Platforms
• 5 reasons why you need Terms and Conditions in 2023

About us

Attorney-level solutions to make your websites and apps compliant with the law across multiple countries and legislations.

www.iubenda.com

The post How to improve consent rate while avoiding dark patterns appeared first on Compliance Solutions for Websites, Apps and Organizations | iubenda.

In this guide, we will show you how to set up a CDN reverse proxy with URL substitution, avoiding the consent rate on your website being affected, and how to cache cdn.iubenda.com on a custom domain ensuring full continuity in case of iubenda CDN problems. Let’s see how to do it!

Setting up a CDN Reverse Proxy

Instructions

This document provides instructions and configurations to set up an NGINX reverse proxy that:

• Proxies static CDN contents towards cdn.iubenda.com from a custom URL
• Does URL substitution in the served documents.
• Does NOT forward the client IP with the usual headers X-Forwarded-For and X-Real-Ip
• Serves cached assets in case the iubenda’s CDN runs into issues of any type.

Configuration Example

The configurations below are examples of a typical virtual host on Port 80. Configuration must be completed with SSL parameters, depending on the chosen settings.

# iubenda CDN local proxy configuration
# Version 1.1 - Included compression support

proxy_cache_path /tmp/cache levels=1:2 keys_zone=tmpcache:100m max_size=200m 
inactive=180m;

server {
  listen                      80;
  server_name                 cdn.customer.com;

  access_log                   /var/log/nginx/cdn-customer-access.log;
  error_log                    /var/log/nginx/cdn-customer-error.log;

  location / {
    # Link rewriting
    sub_filter 'cdn.iubenda.com' 'cdn.customer.com';
    sub_filter_types *;
    sub_filter_once off;
    
    # Enables compression
    gzip on;
    gzip_static off;

    # Enables cache for this location
    proxy_cache tmpcache;

    # Delivers cached stale files instead of relaying the error to the client.
    proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504;
    proxy_cache_background_update on;
    
    # Proxy cache valid for 30 min
    proxy_cache_valid 200 301 302 304 30m;
    proxy_pass https://cdn.iubenda.com/;
    proxy_set_header Accept-Encoding "";
  }
}

SDK Configuration Examples

If you’re using our SDK, in order to use your reverse proxy setup, you can follow these configuration examples:

For Android:

IubendaCMPConfig config = IubendaCMPConfig.builder() 
 .siteId("XXXXX") //use your siteId
 .cookiePolicyId("YYYYY") //use your cookiePolicyId
 .proxyUrl("https://iubenda.example-client-domain.com/cs/mobile.htm") //use your own reverse-proxy URL
 .build();

For iOS:

let config = IubendaCMPConfiguration()
config.siteId = "XXXXX" //use your siteId
config.cookiePolicyId = "YYYYY" //use your cookiePolicyId
config.proxyUrl = “https://iubenda.example-client-domain.com/cs/mobile.htm" //use your own reverse-proxy URL
IubendaCMP.initialize(with: config)

Please note that this configuration is available from version 2.6.0 of our SDK (for both Android and iOS).

Please reach out to us via email at business@iubenda.com if you need any further assistance or clarification. We’re happy to help.

The post How to prevent Ad blockers from reducing your cookie consent collection appeared first on Compliance Solutions for Websites, Apps and Organizations | iubenda.

These are scenarios where you need to collect consent from users. Let’s look at one common mistake that may result in non-compliance (and ultimately, fines!).

Do not make this mistake

If many remember to collect consent for their marketing forms, there’s an additional step that is usually left out but equally important…

GDPR not only sets the rules for how to collect consent, but also requires companies to keep a record of these consents. It means that you must be able to provide proof of the following:

• when and how you got consent, and
• what users were told at the time.

Looking for a simple and compliant way to manage consent for newsletter subscriptions?

---

Try our Newsletter Opt-in Booster it adds a customizable signup form to your site, allowing you to collect and manage consent through a double opt-in process for a more engaged and responsive audience.

Activate now

How do I fix this?

This is quite technical, so the best way to fix this is to use dedicated software.

The iubenda Consent Database simplifies the process of making your forms GDPR-compliant by helping you to:

• easily store proof of consent, and
• manage consent and privacy preferences.

Expert Tip

With our Consent Database, you can look at each individual subscriber, see when they opted in, and which form they used to do so.

The post Beware of this common mistake when collecting consent appeared first on Compliance Solutions for Websites, Apps and Organizations | iubenda.

Mistake #1: Your banner does not have an explicit Reject option

Why is this wrong? Almost all European Data Protection Authorities state that there must be a clear option for rejecting or refusing to give consent, which must be just as visible as the Accept option.

How to fix

Make sure to add a Reject button to your banner to give your users the possibility to refuse cookies. If you’re using the Privacy Controls and Cookie Solution by iubenda, this is pretty easy, as this setting is enabled by default!

Mistake #2: Your cookie notice is available in just one language

Why is this wrong? This is a mistake when your website is available in more than one language. You need to make sure your users get a clear understanding of your banner.

How to fix

A Consent Management Platform (CMP) like iubenda can help you. You can pre-select your desired languages, and the software automatically shows a cookie banner that is compliant with the applicable law in the correct language(s), depending on the user’s geolocation.

Mistake #3: You have the banner, but you are not blocking cookie scripts

Why is this wrong? According to the law on cookies, no cookie can be installed on the user’s browser without their consent. This means that scripts of a Facebook Like button, for example, can’t be executed.

How to fix

As this is quite technical, the best way to handle this, once again, is with a dedicated tool that can do this automatically.

Mistake #4: You do not store user’s cookie consent preferences

Why is this wrong? Collecting consent is one thing. Keeping a record of consent and preferences is another. The vast majority of Data Protection Authorities across the EU have emphasized this requirement (which stems from the GDPR).

How to fix

Just like the previous point, this is definitely tricky to implement. The iubenda CMP has a specific tool called the Cookie and Consent Preference Logs which stores proofs of users’ consent preferences. You can retrieve the information at any time via a dedicated dashboard.

Mistake #5: Your documentation is not up-to-date

Why is this wrong? For example, you could have forgotten to mention in your policy a new technology that is now running and installing cookies on users’ devices.

However, you must inform users in your cookie policy, which is likely linked in your cookie banner. Your document is, therefore, incomplete.

How to fix

With iubenda’s Privacy and Cookie Policy Generator, documents are interactive and can be updated anytime. Add, remove, and edit the technologies listed in the policy and used on your website.

The post Don’t make these 5 mistakes when collecting cookie consent appeared first on Compliance Solutions for Websites, Apps and Organizations | iubenda.

To keep our users safe, we took a step further and analyzed all our users’ websites to determine whether this feature was still in use.

On November 21, 2022, we upgraded all the affected installations to the latest requirements:

• we’ve removed the possibility to accept cookies via continued browsing (in technical terms: the consentOnContinuedBrowsing parameter will be forced to false, nullifying the true value you may have set previously)
• we’ve added to the cookie banner an explicit “Accept” button when necessary (in technical terms: when both the Accept and “x” buttons are missing, we’ll display the “Accept” button by forcing the acceptButtonDisplay parameter to true)

What do I need to do?

No action is required, but you may want to take the chance to make sure that the configuration of your cookie banner is up to date with the latest requirements by data protection authorities, which have recently become stricter and now – for instance – require an explicit “Reject” button.

The post We’ve updated your cookie banner to match a recent requirement appeared first on Compliance Solutions for Websites, Apps and Organizations | iubenda.

In this post, we explain what accepting cookies really means and why privacy laws stress the importance of consent so much. 

What are you accepting when you click on “Accept”?

So you might be wondering, what does accept cookies mean?
In general, when you “accept” cookies, you’re giving consent for the website to run cookie scripts and similar technologies. This isn’t always a bad thing as cookies can be quite useful for various things like playing videos, shopping cart software, showing personalized ads, analytics and more.

But before we get into the various purposes of cookies and the legal considerations, let’s first start with some definitions. Do you know what cookies are? 

Cookies are scripts that websites install on your device, and they can be first-party or third-party.

Keep in mind that cookies can have different purposes. 
Some of them give you a more enhanced experience of the website you’re visiting. For example, cookies can remember your username and password or the items you’ve added to your cart during online shopping. Others, instead, can track your online behavior to give you targeted advice or give website owners insight into their audience. 

More on cookies

---

This article is a part of our series on cookies and cookie consent. Read also:

Third party cookies: What you need to know

Why do you need to accept cookies?

Now that you know what cookies are, you may be wondering: “Why don’t websites just run cookies without letting users know?”. 

Well, that’s against the law. 

For instance, in the EU, cookies are regulated by the ePrivacy Directive (also known as Cookie Law).  
The Cookie Law requires that every website or app owner who uses cookies disclose it in a cookie policy and block them from running if users’ don’t consent. Even though it grants some exceptions to the consent requirement, users need to be informed that the website uses cookies through a cookie banner.  

There still isn’t an all-encompassing privacy law in the US, but we can look at California as the state with the most comprehensive data privacy legislation. According to the California Privacy Rights Act (CPRA, CCPA amendment), websites owners can run cookies without consent (opt-in). Still, they must inform the users through a “Do Not Sell My Personal Information” notice. Users can opt-out (decline cookies) at any time. 

It’s important to note that users have the right to withdraw their consent at any time, even though they consented to cookies in the first place.

See also

• Cookies and the GDPR: What’s Really Required?
• The Ultimate Guide to Mastering Cookie Consent Manager
• Choosing the Best Cookie Audit Tool: How To Conduct a Cookie Audit With a Tool or Manually
• What is Cookie Compliance?

The post What’s the meaning of “accept cookies”? appeared first on Compliance Solutions for Websites, Apps and Organizations | iubenda.

In this post, we’ll explain what cross-site tracking is and how privacy laws regulate it.

More on data protection

---

This article is a part of our series on data protection. Read also:

What do cookies track?

Cross-site tracking and the GDPR

When it comes to the usage of trackers in the European Union, two privacy laws apply. 

The first one is the ePrivacy Directive – also known as Cookie Law. It requires that every website or app owner who uses trackers should disclose it in a cookie policy and block trackers from running if users’ don’t grant their consent.

The second one is the GDPR. Though the GDPR doesn’t specifically mention trackers, trackers do process personal data in most cases. Here’s s why the GDPR record-keeping requirements apply. Moreover, most Data Protection Authorities across the EU have aligned their rules about trackers and cookies to GDPR requirements.

Does your website use trackers? Here are 4 actionable steps to comply

So, the usage of trackers is generally allowed, but you need to take a few preventive measures first. 

These steps will ensure that your activity is lawful and avoid hefty fines. 

1. Add a cookie policy and a cookie banner to your website/app: you need to inform your users that you’re using trackers. Be sure to mention which ones, the purpose, and which third parties are involved.
2. Block trackers from running before you’ve obtained your users’ consent: you’re not allowed to install cookies unless you have your users’ consent, though there may be some exemptions regarding your website’s functionality.
3. Collect consent in a lawful way: consent must be freely given, specific, informed, and based on an explicit affirmative action. Many EU Data Protection Authorities have released guidance on trackers, including advice and recommendations on valid methods to obtain consent. 
4. Keep records of consents. You need to be able to demonstrate that your activity was 100% lawful, so you need to keep detailed records. 

About us

GDPR compliance for your site, app and organization

www.iubenda.com

See also

• What are trackers?
• What’s the meaning of “accept cookies”?
• In which countries do I need consent for cookies?

The post What is cross-site tracking? appeared first on Compliance Solutions for Websites, Apps and Organizations | iubenda.

An example is Facebook “Like” button. You may add a “Like” button on your website, and that button stores a cookie on the visitor’s computer, that sends information back to Facebook.

Now let’s break it down.

There are three categories of cookies, and its good to be able to identify them:

More on cookies

---

This article is a part of our series on cookies and cookie consent. Read also:

What’s the meaning of “accept cookies”?

First party vs third party cookies: 3 main differences

There are 3 main differences between first-party and third-party cookies:

1. Setting the cookie: The publisher’s webserver or any JavaScript loaded on the page sets a first-party cookie. While a third-party cookie can be set by a third-party server, for instance an AdTech provider.
2. Cookie availability: The domain that originated has access to first-party cookies. A third-party cookie can be accessed by the third-party domain that created it when its scripts or resources are loaded on multiple websites (but the individual websites themselves cannot directly access this cookie data).
3. Browser support/blocking: All browsers support first-party cookies, and users can disable or delete them. Although third-party cookies are supported by all browsers, many of them are blocked by default.

It is likely that most authorities will require website and app owners that use cookies and trackers to display cookie lifetime details in their cookie policy.

Are you lawfully managing cookies on your website? 

iubenda allows you to manage third-party cookies on your website.

Still, confused about third-party requirements?

It’s a full-time job keeping up with the latest cookie rules and ensuring that your website conforms. iubenda ensures that you comply with the GDPR, the Cookie Law, and third party requirements. It’s also simple to use.

The iubenda Privacy Controls and Cookie Solution includes all the necessary tools to facilitate compliance with the cookie law.

See also

• How to Identify the Cookies Your Site Installs in Browsers
• Cookies and the GDPR: What’s Really Required?

The post Third party cookies: What you need to know appeared first on Compliance Solutions for Websites, Apps and Organizations | iubenda.

In this post, we’ll explain what are the exact requirements and how to set up the perfect consent management monitoring system for your website or app.

Why do I need a consent management monitoring system?

As you may know, consent is one of the legal bases of the GDPR.

Because it’s such an important issue, it’s mandatory that you keep clear records and that you’re able to demonstrate that the user has given consent; should problems arise, the burden of proof lies with the data controller, so keeping accurate records is vital.

What should a record of consent include?

Unfortunately, keeping a spreadsheet with your users’ names and whether consent was provided is not enough.

A compliant record of consent should include:

• who provided the consent;
• when and how consent was acquired from the individual user;
• the consent collection form they were presented with at the time of the collection;
• which conditions and legal documents were applicable at the time that the consent was acquired.

At any moment, Data Protection Authorities could ask you to demonstrate whether you’ve collected consents lawfully, so it’s better to be safe.

Example of online consent management monitoring system

There are some online tools that allow you to record the consents you collect automatically.

For example, iubenda’s Consent Database smoothly integrates with your consent collection forms and syncs with your legal documents, so that your records are always updated.

It also allows you to keep track of each user’s consent preferences, their history of consents, and the form the user was prompted at the time of the collection.

Need an online consent management monitoring system for website or app? Click the button below and try iubenda’s Consent Database (try it risk free for 14 days)!

About us

Cookie consent management for the ePrivacy, GDPR and CCPA

www.iubenda.com

The post Online consent management monitoring system for websites and apps appeared first on Compliance Solutions for Websites, Apps and Organizations | iubenda.

If consent is required under the Cookie Law, you cannot rely on the full range of possible lawful grounds provided by the GDPR, as Cookie

What counts as legitimate interest?

Determining what counts as legitimate interest requires a balancing act between the interests of the data controller and the privacy rights of the data subject. In general, legitimate interest may include:

1. Fraud prevention and security: Protecting against fraud, malware, and other security risks.
2. Direct marketing: Sending promotional or marketing communications to customers who have previously shown an interest in the product or service.
3. Statistical analysis: Using aggregated data to generate insights about user behavior and trends.
4. Improvement of products or services: Analyzing user behavior to improve product or service offerings.
5. Personalization of user experience: Tailoring the user experience based on the user’s behavior or preferences.

Is consent the only possible legal basis?

No, consent is not the only possible legal basis for the use of cookies. 

Under the General Data Protection Regulation (GDPR), legitimate interest can also be a legal basis for the use of cookies, provided that the use of cookies is necessary for the legitimate interests of the website operator or a third party, and does not infringe on the privacy rights of the user. 

If you’re setting cookies, you need to look at Cookie Law first and comply with its specific rules, before considering any of the general rules of the GDPR.

Legitimate interest vs consent

Legitimate interest and consent are two legal bases under the General Data Protection Regulation (GDPR) for processing personal data. Legitimate interest refers to processing personal data when it is necessary for the legitimate interests pursued by the website operator or a third party, except where such interests are overridden by the interests, rights, or freedoms of the data subject. Consent, on the other hand, refers to the user’s explicit agreement to the processing of their personal data, which must be freely given, specific, informed, and unambiguous.

When it comes to choosing between legitimate interest and consent, website operators should carefully assess their specific situation and determine which legal basis is appropriate. Legitimate interest may be appropriate when the processing of personal data is necessary for a specific purpose and the data subject’s interests do not override those of the website operator. However, consent may be required when processing personal data for certain purposes, such as marketing or tracking cookies.

About us

Cookie consent management for the ePrivacy, GDPR and CCPA

www.iubenda.com

See also

• What is GDPR cookie consent + examples
• Which EU cookie consent rules apply on a per-country basis? (GDPR Cookie Consent Cheatsheet)
• Is cookie consent by scrolling allowed?
• In which countries do I need consent for cookies?

The post Understanding Legitimate Interest and Cookies in Online Business appeared first on Compliance Solutions for Websites, Apps and Organizations | iubenda.

With the recent increased focus on data privacy and laws like the GDPR and CCPA coming into effect, it’s important to know what rules to follow when sending customer emails – and specifically, when you need consent to do it. 

In this post, we’ll take a quick look – by region – at when consent is and isn’t required when sending customer communications.

Do I need consent for sending emails to users based in the US?

No, under the Federal CAN-SPAM Act you do not need opt-in consent for sending commercial emails. However, you must provide a visible opt-out or unsubscribe option in all such communications. Furthermore, CAN-SPAM rules state that you must provide valid identification information and mark promotional emails as an ad.

If you’re likely to have California-based users on your site, consider that the California Consumer Privacy Act (CCPA) might apply. 

The CCPA has many rules that are relevant to website owners. Within this context, you need to obtain valid email consent before sending communications to children under the age of 16.

Do I need consent for sending emails to users based in the EU?

In the EU, you may need permission before emailing your customers. Let’s have a closer look

When you don’t need consent in the EU

Consent is not required in cases of “soft-spam” for existing customers, but only when the following conditions are met:

• the person you’re sending the email to is or has been your customer;
• the email is about services similar to those of the sale;
• you’ve informed users via your privacy policy that their data may also be used for soft spam;
• users are informed of their right to opt-out at anytime.

Do note that opt-out requests must be honored.

When you need consent in the EU

In all other cases than the above, email consent is always required when EU-based users are involved. The consent must be freely given, specific, informed, and, withdrawable.

The usual way of acquiring consent is via data collection forms like newsletter, sign-up or checkout forms. However, do note that where opt-in consent is required, certain conditions must be met for the consent to be considered valid.

Most importantly, please note that you must always give the possibility to revoke the consent (opt-out) and honor the request. Under the GDPR, you must also be able to demonstrate that compliant consent was collected, via valid records of consent. More on consent records here.

Are you collecting consent in the right way?

---

Find out if your forms are GDPR-compliant:

How to create GDPR compliant forms

Learn more about the legal requirements for ecommerce in our short Compliance for Ecommerce summary guide.

See also

• Ecommerce: what legal documents do I need?
• How to write an eCommerce return and refund policy
• CCPA vs GDPR: what’s the difference?

About us

Compliance solutions for websites, apps and organizations: collect GDPR consent, document opt-ins and CCPA opt-outs via your web forms.

www.iubenda.com

The post E-commerce: do you need consent for emails? appeared first on Compliance Solutions for Websites, Apps and Organizations | iubenda.

How iubenda can help you create a cookie policy

Our Privacy and Cookie Policy Generator is affordable, available in several languages, lawyer crafted, customizable and self-updating.

It easily allows you to create a beautiful, precise privacy policy and seamlessly integrate it with your website. You can simply add any of several pre-created clauses at the click of a button or easily write your own custom clauses.

The privacy policy also comes with the option to include a cookie policy in just one click. The policies are customized to your needs and remotely maintained by a legal team.

About us

Attorney-level solutions to make your websites and apps compliant with the law across multiple countries and legislations.

www.iubenda.com

See also

• Cookies and the GDPR: what’s really required?
• Which EU cookie consent rules apply on a per-country basis? (GDPR Cookie Consent Cheatsheet)
• How to generate a cookie policy with iubenda

The post Do third-parties have to be listed in my cookie policy? appeared first on Compliance Solutions for Websites, Apps and Organizations | iubenda.

The cookie consent must be informed, explicit and given via an unambiguous opt-in action.

Specifically, you must:

• display a clearly visible cookie banner (with a link to the cookie policy) at the user’s first visit;
• block all non-exempt cookies and scripts from being run until after consent is received;
• collect consent via an explicit opt-in action.

How iubenda can help

Here’s where our cookie consent management solution comes in very handy. It allows you to:

• easily generate a cookie banner with “Accept” and “Reject” buttons,
• seamlessly collect consent,
• implement prior blocking,
• set advertising preferences and more.

About us

Cookie consent management for the ePrivacy, GDPR and CCPA

www.iubenda.com

See also

• Is implied consent valid under the GDPR?
• Cookie banner – Do you need one and how can you get a cookie notice for your website?
• Cookies and the GDPR: what’s really required?
• Which EU cookie consent rules apply on a per-country basis? (GDPR Cookie Consent Cheatsheet)

The post Are explicit “accept” and “reject” buttons required for cookie consent? appeared first on Compliance Solutions for Websites, Apps and Organizations | iubenda.

Consent to cookies must be informed and explicit, and can be provided by a clear affirmative (opt-in) action. Subject to the local authority, these active behaviors may include continued browsing, clicking, scrolling the page or some method that requires the user to actively proceed.

How iubenda can help you manage cookie consent

Our comprehensive cookie management solution allows you to:

• easily inform users via cookie banner and a dedicated cookie policy page (which is automatically linked to your privacy policy);
• obtain and save cookie consent settings;
• collect granular, per-category consent;
• preventively block scripts prior to consent;
• apply the IAB Transparency and Consent Framework with a single click;
• maintain records of consent via integration with our Consent Database (integration available upon request).

Our solution allows for the acquisition of active consent via:

• continued browsing,
• scrolling, and/or
• specific clicking action.

About us

Cookie consent management for the ePrivacy, GDPR and CCPA

www.iubenda.com

See also

• Cookies and the GDPR: what’s really required?
• Cookie banner – Do you need one and how can you get a cookie notice for your website?
• What is GDPR cookie consent + examples
• Which EU cookie consent rules apply on a per-country basis? (GDPR Cookie Consent Cheatsheet)

The post Is implied consent valid under the GDPR? appeared first on Compliance Solutions for Websites, Apps and Organizations | iubenda.

The European Data Protection Board (EDPB) has updated its guidelines on consent: Guidelines 05/2020 on consent under Regulation 2016/679. This update is important as it aims to remove any ambiguity on the official position regarding several aspects of cookie usage. Perhaps most significantly, these latest guidelines clearly state that Cookie Walls are prohibited and that the EDPB does not consider implied consent, i.e. consent via scrolling or continued browsing to be valid. 

EDPB’s stance on Implied Consent

The official EDPB stance on consent on scroll and consent by continued browsing is as follows: “actions such as scrolling or swiping through a webpage or similar user activity will not under any circumstances satisfy the requirement of a clear and affirmative action: such actions may be difficult to distinguish from other activity or interaction by a user and therefore determining that an unambiguous consent has been obtained will also not be possible. “

Are Cookie Walls and Consent on scroll still valid?

Contrary to popular belief, many European Data Protection Authorities, such as those in Italy, UK, Ireland, France, Germany, Belgium, and Greece do not regard consent via scrolling as valid.

At iubenda, we pay close attention to the latest compliance guidelines and recommendations from around the world. Currently, implied consent options (like consent via scroll and continued browsing) are still available configurations within our Privacy Controls and Cookie Solution – giving you full control over how you customize – however, we urge you to carefully check which legislations apply to you.

Need a cookie banner and consent management platform for your website or app? Start generating for free with our Privacy Controls and Cookie Solution.

About us

Cookie consent management for the ePrivacy, GDPR and CCPA

www.iubenda.com

See also

• Cookies and the GDPR: what’s really required?
• Which EU cookie consent rules apply on a per-country basis? (GDPR Cookie Consent Cheatsheet)
• Do I need a Reject button on my cookie banner?
• How to customize the look and behavior of the iubenda cookie banner

The post Latest European Data Protection Board (EDPB) consent guidelines – is consent on scroll still allowed? appeared first on Compliance Solutions for Websites, Apps and Organizations | iubenda.

Firstly, however, let’s examine the meaning of cookie consent.

What is cookie consent?

In compliance with the general principles of privacy legislation, which prevent the processing before consent, the Cookie Law does not allow the installation of cookies before obtaining user consent.

Consent to cookies must be informed and explicit, and can be provided by a clear affirmative (opt-in) action.

What constitutes valid active cookie consent?

Subject to the local authority, active behaviors may include:

• continued browsing,
• clicking,
• scrolling the page, or
• some method that requires the user to actively proceed.

Tip: you may favor a click-to-consent method over scrolling/continued-browsing methods as the former is less likely to be performed by user error.

How about cookie consent by scrolling? Is it always allowed?

Contrary to popular belief, many European Data Protection Authorities, such as those in Italy, UK, Ireland, France, Germany, Belgium, and Greece do not regard consent via scrolling as valid.

How do you implement cookie consent?

If your website or app can be visited by European users and installs any non-technical cookies (e.g. via script like Google Analytics or via a Facebook share button), you need to display a cookie banner to inform users that your website/app uses cookies.

How iubenda can help you create a cookie banner

Our comprehensive cookie management solution simplifies compliance with provisions of the European Cookie Law. It allows you to:

• easily inform users via cookie banner and a dedicated cookie policy page (which is automatically linked to your privacy policy and integrates what’s necessary for Cookie Law compliance);
• obtain and save cookie consent settings;
• preventively block scripts prior to consent.

Our solution allows for the acquisition of active consent via:

• continued browsing,
• scrolling, and/or
• specific clicking action.

About us

Cookie consent management for the ePrivacy, GDPR and CCPA

www.iubenda.com

See also

• The Ultimate Guide to Mastering Cookie Consent Manager
• Which EU cookie consent rules apply on a per-country basis? (GDPR Cookie Consent Cheatsheet)
• What is GDPR cookie consent + examples
• Cookie banner – Do you need one and how can you get a cookie notice for your website?

The post Is cookie consent by scrolling allowed? appeared first on Compliance Solutions for Websites, Apps and Organizations | iubenda.

COOKIE BANNER FOR WORDPRESS

Add your own cookie banner with iubenda All-in-one Compliance – WordPress plugin

The iubenda WordPress banner plugin is a compliance solution that helps you make your site compliant in just a few clicks. Install the plugin, configure it and we’ll take care of the rest!

Download now

Cliccare per il suono

2:38

Have a look for yourself

If you’re here, you probably have a WordPress site and need to display a cookie banner in order to comply with laws like the GDPR, the ePrivacy (Cookie Law) and the CCPA.

What is a cookie banner?

A cookie banner is a notice that is shown to users when they visit a website for the first time. It informs them that the website makes use of cookies and asks if they want to accept or reject consent for their installation.

Cookie Consent Banner WordPress: Why do you need a cookie banner?

You need a cookie banner because it’s a mandatory requirement under several privacy laws, in particular the GDPR. This law requires obtaining user consent before collecting personal data. A cookie banner is particularly necessary if you’re based in the European Union – including the UK – or target EU users, and your website uses profiling cookies or trackers for personalized ads (which it most likely does).

Even if you believe your site doesn’t use these types of cookies, remember that third-party widgets like social sharing buttons might still install cookies.

How to create a cookie banner on WordPress?

Luckily, our cookie consent plugin for WordPress simplifies and manages all of these compliance requirements within a few clicks!

Let’s take a quick look at how to set it up.

Set up your cookie banner on WordPress

• Install the Privacy Controls and Cookie Solution plugin from the WordPress plugin repository (it’s free!);
• In the WordPress Admin panel, click on Plugins > Add New Plugin > iubenda | All-in-one Compliance for GDPR / CCPA Cookie Consent + more. Install and activate it;
• Start the scan of your website;
• Go on, create and personalize your cookie banner by choosing from various style and behavior options.
• Save the changes or integrate the script on your site, and your WordPress cookie banner is ready!

Once set up, the plugin will begin to show the banner to users that visit your site for the first time without the need for any other further configurations.

How to add the cookie banner to WordPress?

As we have seen above, if you are using the iubenda plugin, all you have to do is click on Save Changes, and the plugin will start showing the banner to users visiting your site for the first time without any further configuration.

If, on the other hand, you are using the manual configuration, you will have to copy the code and paste it before closing the HEAD tag of your WordPress site.

Cookie Consent Banner WordPress: FAQs

About us

Cookie consent management for the ePrivacy, GDPR and CCPA

www.iubenda.com

See also

• Privacy Controls and Cookie Solution – WordPress Plugin Installation Guide
• Do you need a cookie notice, and how can you get one for your website?

The post How to add a GDPR cookie banner to WordPress appeared first on Compliance Solutions for Websites, Apps and Organizations | iubenda.

Update: Stricter Enforcement of Cookie Consent Requirements in Germany

The legal requirement for clear and equally conspicuous cookie consent options has been established for some time. However, recent rulings from the District Courts of Cologne and Rostock mark a turning point toward stricter enforcement of these requirements. These decisions reinforce the need for transparent and unambiguous consent mechanisms on websites.

It’s crucial for website operators to ensure their cookie banners comply with these legal standards, as authorities are intensifying their efforts to check for compliance.

Ensure your websites’ compliance here ->

The Reject button allows your users to reject all cookies at once. Here’s an example of iubenda’s cookie banner with a valid reject button:

Here is a breakdown of some key slight differences in each country’s requirements regarding the reject button:

Please note that there are slight differences in each country’s requirements regarding the reject button: 

If you are operating in the UK, you need to give the choice between accepting and rejecting all cookies alongside handles to customize their choices.

The ICO has provided explicit guidance stating that organizations should ensure that it’s equally simple for users to decline all advertising cookies as it is to accept them. While websites can still show advertisements even if users reject all tracking, they are prohibited from customizing these ads based on the user’s browsing activity.

If you are operating in Italy, the banner must contain:

• an “Accept” command;
• an “X” or any equally unambiguous command that users may click on to close the banner and continue navigating without accepting any cookies (“Reject”).

If you are operating in Spain, the cookie banner (or any other alternative method of attaining consent) must be presented in a prominent place and format on the viewer’s screen. It must include both Accept and Reject buttons at the same level. The option to reject cookies cannot be more complex than the possibility to accept cookies. In other words, the option to reject cookies should be made as easy as it is to accept them.

While suggesting it as best practice, other countries like Sweden and Switzerland do not currently make specifications for the use of the Reject button. Luxembourg on the other hand considers the use of the Reject button as common practice and if present it should have common prominence as the Accept button.

How to add the Reject button to the cookie banner

Here’s where our cookie consent management solution comes in very handy: it allows you to easily generate a cookie banner with Reject button, seamlessly collect consent, implement prior blocking, set advertising preferences and more.

As with most other elements in the Cookie Solution, the color and text of the Reject button are fully customizable.

About us

Cookie consent management for the ePrivacy, GDPR and CCPA

www.iubenda.com

See also

• Cookie banner – Do you need one and how can you get a cookie notice for your website?
• What is GDPR cookie consent + examples
• Which EU cookie consent rules apply on a per-country basis? (GDPR Cookie Consent Cheatsheet)
• iubenda Cookie Solution – Introduction and getting started

The post Do I need a Reject button on my cookie banner? appeared first on Compliance Solutions for Websites, Apps and Organizations | iubenda.

Typically built on top of the IAB’s GDPR Transparency & Consent Framework, consent management platforms offer publishers a tool to collect and manage user consent for data processing.

Simply put, users can set their consent status for all the vendors (individually or in a bulk manner) on the publisher’s site. The CMP can employ a pop-up modal (as shown below) to let visitors allow or disallow vendors to track and target them.

Once the consent is given by the user, the CMP can distribute it throughout the supply chain to deliver ads.

Consent management for publishers: how iubenda can help

As a registered Consent Management Platform (id number 123), our Privacy Controls and Cookie Solution let users set advertising preferences and is compatible with the IAB Europe GDPR Transparency and Consent Framework. This feature allows users to toggle advertising preferences for all the advertisers on the IAB’s extensive global vendor list.

About us

Cookie consent management for the ePrivacy, GDPR and CCPA

www.iubenda.com

See also

• The complete guide to IAB GDPR Framework and iubenda’s Consent Management Platform
• TCF 2.0 Transition Guide

The post What Is a Consent Management Platform? appeared first on Compliance Solutions for Websites, Apps and Organizations | iubenda.

What is the CAN-SPAM Act?

The CAN-SPAM Act is a federal regulation that sets the rules for commercial messages, including email.
Under CAN-SPAM, you must provide the option to opt-out of further communication when sending any electronic commercial message of which the primary purpose is “the commercial advertisement or promotion of a commercial product or service”.

CAN-SPAM opt-out, therefore, refers to the legally required option to opt out of contact, which must be provided to recipients in accordance with the rules listed below.

More on compliance for websites and apps

---

This article is a part of our series on compliance for websites and apps. Read also:

Marketing Consent in the GDPR

What are the CAN-SPAM main requirements?

Under the Act, you do not need consent prior to adding users located in the US to your mailing list or sending them commercial messages, however, it is mandatory that you provide users with a clear means of opting out of further contact.

The main CAN-SPAM Requirements are listed below.

• Use truthful header information: Your name, email address and routing information (including domain) must be accurate and correctly identify you as the sender of the message.
• Do not use misleading subject lines: Subject lines must give an accurate depiction of message content.
• Identify the message as an ad: The identification must be “clear and conspicuous.”, i.e obvious and easy for the recipient to see.
• Tell recipients where you’re located: You must include your valid physical postal address.
• Monitor what others are doing on your behalf: Even if you’ve out-sourced your email marketing to another company, the law may hold both you and the other company responsible.
• Inform users of and provide a visible opt-out or unsubscribe option. The “unsubscribe” option must be east to see and must clearly explain how the recipient can opt-out of receiving future communication from you. This information must be easy for an average user to recognize, read, and understand.
  • The ability to unsubscribe should be free and should not be behind a login process. This means that users must be able to unsubscribe without paying a fee and without needing to log into their account to do so. The FTC states: You can’t charge a fee, require the recipient to give you any personally identifying information beyond an e-mail address, or make the recipient take any step other than sending a reply e-mail or visiting a single page on an Internet website as a condition for honoring an opt-out request.
  • The unsubscribe link must be valid for at least 30 days after you’ve sent the email;
  • You must honor unsubscribe requests within 10 days

The law makes no exception for B2B (business to business) contact, which must, therefore, also follow the rules.

You can read about exemptions from the CAN-SPAM rules here.

Can-Spam opt out example

A practical way to implement CAN-SPAM opt out would be to simply include an “unsubscribe” link in the email or message, together with a statement informing the user of the option to opt out (as legally required).

For example: “You are receiving this business communication from [Business Name] as you have expressed your interest in [our products and services]. If you no longer wish to receive these communications, you can unsubscribe by clicking here”.

Other US (and EU) laws to take note of

• If you have potentially have users based in the state of California, then the CCPA (Californian Consumer Privacy Act) could be relevant to you. Learn more about the CCPA and how to comply here.
• Have EU users? Learn about EU commercial communication rules and how to comply here.

About us

Attorney-level solutions to make your websites and apps compliant with the law across multiple countries and legislations.

www.iubenda.com

See also

• Privacy policy, GDPR forms and consent collection for Mailchimp
• How to Make your Emails and Newsletter Compliant (with Form Examples)
• ePrivacy and Direct Email Marketing (DEM)

The post What is CAN-SPAM opt out and how do you set it up? appeared first on Compliance Solutions for Websites, Apps and Organizations | iubenda.

In this article, we’ll clear up the confusion surrounding cookies and the GDPR and we’ll explore what’s required to obtain valid consent for cookies.

But first, what exactly are cookies?

A cookie is a small file that’s sent from a website and stored on a user’s computer. Once installed, cookies can send information about the visitor’s activity back to the website and enable a more personalized user experience.

In the EU, cookies don’t fall directly under the GDPR. Instead, cookies are handled by the ePrivacy Directive (also known as Cookie Law). 

However, both laws now work together, complementing each other. 

More on cookies

---

This article is a part of our series on cookies and cookie consent. Read also:

Third party cookies: What you need to know

Cookie consent: Cookie Law and GDPR

Cookie Law

If your website can be visited by European users, and it installs non-technical cookies, the Cookie Law requires you to:

• provide a compliant cookie policy;
• display a cookie banner at the user’s first visit;
• block non-exempt cookies before obtaining user consent; and
• release cookies only after informed consent has been provided.

Most importantly, you have to give visitors the opportunity to provide, withdraw or refuse consent. Prior to consent, no cookies — except for exempt cookies — can be installed.

GDPR

As we mentioned, the GDPR doesn’t directly apply to cookies, but still some of its requirements may extend to them as well. 

For example, while the Cookie Law does not explicitly require that you keep records of consent for cookies, in most cases cookies do process personal data. That’s why you may need to keep records of consent.

Moreover, many Data Protection Authorities across the EU have also aligned their cookie and tracker rules to GDPR requirements. 

How iubenda can help you manage cookie consent

Our Privacy Controls and Cookie Solution allows you to manage all aspects of the Cookie Law. In particular, you can:

• easily inform users via cookie banner and a dedicated cookie policy page;
• obtain and save cookie consent settings;
• preventively block cookies prior to consent;
• keep track of consent and save consent settings for each user for up to 12 months from the last site visit; and
• keep records of your users’ preferences about cookies.

About us

Cookie consent management for the ePrivacy, GDPR and CCPA

www.iubenda.com

See also

• Cookie banner – Do you need one and how can you get a cookie notice for your website?
• What is GDPR cookie consent + examples
• How to manage Cookie Consent on WordPress
• The Ultimate Guide to Mastering Cookie Consent Manager

The post Cookie consent: what are the GDPR requirements? appeared first on Compliance Solutions for Websites, Apps and Organizations | iubenda.

About us

Attorney-level solutions to make your websites and apps compliant with the law across multiple countries and legislations.

www.iubenda.com

See also

• Does GDPR require double opt-in?
• How to make your emails and newsletter compliant (with form examples)
• Mobile opt-in – How to collect GDPR consent on mobile
• Opt-out requirements under the CCPA

The post Opt-In vs. Opt-Out appeared first on Compliance Solutions for Websites, Apps and Organizations | iubenda.

Under the GDPR, consent is one of the most frequently used and well known legal bases for processing user data, however, for consent to be considered valid, it must be collected under specific conditions. Because contact forms are generally used as a means of collecting users’ consent for being contacted, contact forms are subject to GDPR consent rules.

Here’s how to create a GDPR contact form:

Step 1: Use clear and straightforward language on your forms

The GDPR requires transparency and only considers informed, freely given, specific consent to be valid. If your users are not able to understand exactly what they’re signing up for, they cannot give informed consent.

Step 2: Give granular options for consent

Consent should be specific to a particular activity/ purpose in order to be considered valid. See the examples below:

Step 3: Give the user the ability to opt-in

Under the GDPR, consent must be freely given via an unambiguous action. Mechanisms like pre-checked boxes are forbidden.

Looking for a simple and compliant way to manage consent for newsletter subscriptions?

---

Try our Newsletter Opt-in Booster it adds a customizable signup form to your site, allowing you to collect and manage consent through a double opt-in process for a more engaged and responsive audience.

Activate now

Step 4: Keep up-to-date records of the consents you’ve collected

Consent is a very important issue under the GDPR, such that it’s mandatory that you’re able to demonstrate that the user has given valid consent; should problems arise, the burden of proof lies with the data controller, so keeping accurate records is vital.

Here’s what how to keep compliant records vs non-compliant records:

Non-compliant Record Keeping	Compliant Record Keeping
Simply keeping a spreadsheet with customer names and whether or not consent was provided	Ensuring that you keep a copy of the customer’s signed and dated form which shows the action taken by the customer to provide their consent to the specific processing.
Simply keeping the time and date of consent linked to an IP address, with a web link to your current data-capture form and privacy policy.	Keeping comprehensive records that include a user ID and the data submitted together with a timestamp. You also keep a copy of the version of the data-capture form and any other relevant documents in use on that date.

Our Consent Database simplifies this process by helping you to easily store proof of consent and manage consent and privacy preferences for each of your users. It allows you to record every aspect of consent (including the legal or privacy notice and the consent form that the user was presented with at the time of consent collection) and the related preferences expressed by the user.

To use, simply activate the Consent Database and get the API key, then install via HTTP API or JS widget and you’re done; you’ll be able to retrieve consents at any time and keep them updated.

For a list of the full features of the Consent Database click here or start generating below.

About us

Compliance solutions for websites, apps and organizations: collect GDPR consent, document opt-ins and CCPA opt-outs via your web forms.

www.iubenda.com

See also

• How to Make your Emails and Newsletter Compliant (with Form Examples)
• GDPR Guide
• Consent Database technical guide

The post How to create a GDPR contact form appeared first on Compliance Solutions for Websites, Apps and Organizations | iubenda.

Firstly, however, let’s examine the meaning of cookie consent.

Display Cookie Consent Banner Checklist

Use the following checklist to guide you through the process:

10 Cookie Banner Examples That Convert

Discover how over 1 Million websites, ranging from publishers to large-scale businesses and startups, have achieved GDPR compliance effortlessly with the help of iubenda’s Privacy Controls and Cookie Solution.

Below, we’ve selected a few prime cookie banner examples of European websites that have successfully implemented a cookie notice with iubenda.

1. Linkbuilder

Linkbuilder shows an example of a cookie popup that displays granular consent. This approach puts user experience and transparency at the forefront. By allowing users to selectively choose which specific types of cookies they wish to accept, it respects their privacy preferences while increasing your chances of collecting consent. This approach not only enhances user trust but also aligns with evolving data protection regulations and best practices.

2. Crazy Games

Crazy Game is the first company on our cookie banner examples list. Popping up in the middle of the screen, it is a great example of a banner that’s customized to fit brand identity – see how they have added their logo. Find out how to customize a cookie banner with iubenda here →

3. The Spectator

The example of a cookie banner that pops up on the right-hand side of the screen on The Spectator site is a good example because it strikes a balance between visibility and non-intrusiveness. Placing the banner on the side allows users to easily notice and interact with it without obstructing the main content.

4. la Repubblica

The publication la Republica is a good example of how transparency can boost conversion. The publication explains their purposes for running personalized ads and gives users the option to subscribe to their paid publication for an ad-free experience. You can read more about paywalls for publishers here →

5. Max Mara

The simple but elegant cookie banner that pops up on the footer of the Max Mara site is a good example of persistent visibility without interrupting the user’s browsing experience. The inclusion of a “Continue without accepting” option respects user preferences and provides an alternative for those who may choose not to consent to cookies, promoting user choice and privacy.

6. Adidas 

The Adidas cookie banner has a floating banner on their website that adheres to GDPR. The banner features ‘accept’ and ‘reject’ buttons placed at an equal levels, with the same color and level of visual prominance. Ensuring that it’s not just in line with laws like the GDPR and ePrivacy, but also with the French DPA’s (the CNIL) guidelines.

7. Barbour 

The Barbour’s site hosts a great example of a cookie popup that’s simple, clear and matches the minimalist style of the site and brand. Additionally, the clear link to the cookie policy ensures transparency and enables users to make informed choices about their data privacy.

8. Barton Perreira

Similar to the cookie banner examples above, the eyewear designer Barton Perreira’s banner is a prominent, yet elegant one. They list purposes, and link to their cookie policy. With iubenda, they were able to customize the banner by adding their logo on the top left corner.

9. ITA Airways

The main Italian airline company ITA Airways uses iubenda to display a cookie banner in the center of their website at the user’s first visit. To make it more visible, the background is darker.

10. Armani Hotel & Resorts

The last one of our cookie banner examples is a short cookie message on the Armani Hotel & Resorts’s site with both an ‘Accept All’ and ‘Reject All’ button. Its design reflects the same search banner look at the bottom.

Frequently Asked Questions

How does cookie consent function?

Cookie consent is implemented through the display of a cookie banner or popup when a user visits a website. This allows users to choose whether to accept (give consent), reject, or customize their cookie preferences. By granting consent, users may enable or disable specific cookie categories, except for strictly necessary cookies. Consent can be withdrawn at any time, and the cookie consent banner typically includes a “cookie widget” or callback button for users to revisit their cookie settings.

What is the duration of cookie consent?

Cookie consent should be renewed at least once a year in compliance with the ePrivacy Directive. However, local data protection authorities (DPAs) may provide guidelines for periodic renewal. For example, the Irish DPC and the French CNIL recommend re-obtaining consent no later than every six months. The GDPR does not specify a specific timeframe, so it is advisable to establish a renewal period based on your respective DPA’s guidance.

Is cookie consent necessary for Google Analytics?

If your website employs third-party analytics services like Google Analytics that collect and process visitors’ personal data, obtaining consent is required. 

According to Google’s official guidance, if you have activated Google Analytics Advertising Features such as remarketing and display network impression reporting, you must acquire consent for cookies and disclose this information in your privacy policy. Additionally, it is recommended to consider obtaining consent for the collection of user IDs, pseudonymous identifiers, and geographic data (e.g., postal code, location coordinates).

What is a cookie consent manager?

A cookie consent manager is a specialized tool or software designed to acquire and handle cookie consent on a website. Given the potential privacy concerns associated with cookies, strict regulations are in place.

iubenda’s Privacy Controls and Cookie Solution enables website owners to obtain explicit permission from visitors for cookie usage, block third-party cookies until consent is granted, provide options for users to opt in or out, and store their cookie consent preferences. By using iubenda, website owners can ensure compliance with privacy laws and empower users to exercise control over their cookie preferences.

What is a cookie popup?

A “cookie popup” is another way to call the cookie banner or cookies notice, and it refers to a notification or alert that appears on a website when a user first visits it. This notification is typically in the form of a banner.

It informs the user about the site’s use of cookies and requests the user’s consent to store or retrieve information on their device.

Why are websites showing cookie warnings?

Cookie warnings on websites are actually required by law in certain regions. The requirement largely stems from privacy and data protection regulations. Notably, the General Data Protection Regulation (GDPR) in the European Union and the ePrivacy Directive (often referred to as the “Cookie Law”) have established guidelines requiring websites to inform users and obtain their consent from users before any non-essential cookies are used.

This is why you often see a popup asking for your consent to cookies when you visit a website for the first time, especially if the site operates in or serves users in the EU. Cookies are small pieces of data that can identify you, hence them being regulated. They are used to recall your session preferences (e.g. language, login info), to target you with personalized ads, or to track your behavior (e.g. shopping cart, how long you spent on a page).

See also

• Which EU cookie consent rules apply on a per-country basis? (GDPR Cookie Consent Cheatsheet)
• How to add a GDPR Cookie Banner to WordPress
• Privacy Controls and Cookie Solution – WordPress Plugin
• How to Manage Cookie Consent on WordPress

The post 10 GDPR Cookie Banner Examples That Convert appeared first on Compliance Solutions for Websites, Apps and Organizations | iubenda.

In this post, we’ll show you how to identify the cookies used by your website using our free tool or by checking directly in your browser.

Understanding Website Cookies

Firstly, let’s recap what a cookie is. A cookie is a small piece of data that is sent from a website or app and often stored on a user’s computer via their web browser.

Cookies can be first-party (cookies actually produced by your website or app) or third-party (cookies in use on your site or app, but which are produced by third-party services like widgets, iframes, scripts, etc).

Where Are Cookies Stored?

Cookies are usually stored on your computer or device, in a folder in your browser. Each browser has its own storage location for these files, but they are usually kept in a specific directory tied to the browser’s user profile, which contains information like preferences, session data, or tracking details.

Do All Websites Use Cookies?

Today, almost every website uses cookies. This is because cookies can have different purposes.

They can help with the correct functioning of a website, they can gather useful insight about your performance, or track user data to improve your marketing campaigns.

Types of Cookies on a Website

As we said, cookies can have different purposes and your website may use different kinds of cookies, too.

Usually, cookies are categorized by source, duration, necessity and function.

• Source: Cookies can be either first-party (placed directly by the website owner) or third-party (placed by third-party services that the website relies on).
• Duration: Cookies can last just for a session (session cookies) or for a longer period (persistent cookies).
• Necessity: Cookies can be strictly necessary (they help with the correct functioning of a website) or they can be non-necessary, and be used for improving user experience or tracking.
• Function: Lastly, cookies can have different functions. The most common are functional, performance, marketing, and analytics cookies.

How Do I Know If My Website Uses Cookies?

Method 1: Use a Cookie Scanner (simpler)

The cookies running on your website are likely the result of the combined use of different tools, widgets and scripts.

One of the easiest ways for you to figure out which cookies are installed by your site is to identify the services running on your site. Our free site scanner identifies services running on your site, making it incredibly easy for you to identify potential cookie sources.

Simply:

1. Create a free account here, click on Start Generating and enter the address of the site you want to scan.
2. Click on Privacy and Cookie policy here

   

3. Click the Add Services button
4. Then click on scan site in the top left of the window

   

5. View your results!

The site scanner identifies most, if not all, services running on your site.

Method 2: View Cookies in Your Browser (Chrome, Firefox, Safari)

The second method involves a manual action, which requires a bit more effort, but it’s still easy to do. The process is more or less the same for every browser, we selected Chrome, Firefox and Safari because they are the most used ones.

How to view cookies in Chrome

To understand if your website uses cookies on Google Chrome, go to your website and then right-click. Select “Inspect”.

This will open the Developer Console. Don’t get scared by the different tabs! Look for “Application” in the top bar and click. You will see on the left column a tab called “Cookies”. From there, you can view, add, edit and delete cookies.

How to view cookies in Mozilla Firefox

As for Chrome, right-click on your website and select “Inspect”.

This will open the Developer Console. Here, look for “Storage” and then “Cookies”.

How to view cookies in Safari

Right-click and select “Inspect Element”.

From here, look for “Storage” and then “Cookies”.

This method allows you to check whether your website is using cookies and whether there are third-party services that run cookies on your website without you knowing it.

Is My Website Cookie Compliant?

Saying whether your website is compliant with cookie regulations is not as straightforward as you may think it is. There are different factors influencing compliance, and they depend on the legislation that applies to you.

When it comes to cookies, different legislations may apply.

For example, in the EU cookies are regulated by the ePrivacy Directive, also called Cookie Law, and the GDPR.

So if you are based in the EU, or if you target users in the EU, you should at least:

• Show a cookie banner when a user visits your website for the first time. The cookie banner should inform your users that you’re using cookies and ask for their consent to install non-necessary cookies.
• Have a cookie policy, where you explain in detail why you’re using cookies and what kind of cookies you’re using. You should link your cookie policy to your cookie banner, too.
• Block cookies from running before the user accepts cookies and when consent is denied.

On the other hand, regulations in the US often have a different approach.

For example, although not explicitly regulating cookies, the California Consumer Privacy Act adopts a so-called opt-out approach. This allows you to collect and process personal data, including through cookies, without prior consent. However, it requires you to inform your website’s visitors and give them an easy way to withdraw consent for certain processing activities.

How iubenda can help

Now that you know that your website uses cookies, it’s time to manage them correctly! If you’re looking for an easy tool to manage cookies on your website, our Privacy Controls and Cookie Solution is the right solution for you.

It allows you to:

Create your cookie banner in a few clicks and customize it to match your brand identity.
Block cookies from running when needed.
Apply the right standards at any time, based on its geolocation feature.

In this way, you won’t need to implement different configurations manually.

Curious to give it a try?

Read also

• Cookies and the GDPR: What’s Really Required?
• Cookie banner – Do you need one and how can you get a cookie notice for your website?
• Cookie Policy Template for Your Website

About us

Cookie consent management for the ePrivacy, GDPR and CCPA

www.iubenda.com

The post Does My Website Use Cookies? appeared first on Compliance Solutions for Websites, Apps and Organizations | iubenda.

What does opt-out mean?

When someone has opted out, it generally means that they’ve indicated a preference to not be included in something. A common scenario is where users opt-out of an email list by unsubscribing or where Californian consumers opt out of having their personal information shared or sold under CCPA provisions.

What is an example of opt-out?

You are subscribed to a newsletter but later decide you don’t want to receive it anymore. At the bottom of each email, there’s a link that says “Unsubscribe” Clicking this link will take you to a webpage where you can confirm you want to stop receiving emails. This process is an example of opting out. After you confirm, the company will stop sending you the newsletter. This allows you to easily remove yourself from their mailing list.

What’s the difference between opt out and opt in?

The meaning of opt-in is that a user must take a positive or affirmative action before being included in something (e.g. a user has opted in if they sign-up to an email list or click “Accept” on a consent banner).

Opt-out means that a user can bee included in something without the need of any action on their part (e.g including a US-based user on an email list under CAN-SPAM provisions ). Under most opt-out regimes, users must be given the possibility to opt-out easily.

How does opt out affect marketing?

Where opt-out regimes legally apply, they can pose both pros and cons to marketing. We outline the main points below:

Pros

• Greatly simplifies marketing efforts on a technical level (no need to set up consent collection mechanisms)
• Larger lists (as users can be added at any time unless they’ve previously opted out) and, therefore, an increased potential to get the message in front of more users.

Cons

• Less targeted list. Because anyone can be added there’s a high possibility of reaching users that are not interested in the product or service being marketed.
• Higher risk of annoying users and being flagged as spam, which can reduce the overall reach on mailing lists and leas to being black-listed by email filters.

Manage opt-outs the right way

When sending newsletters and marketing emails, you must respect your users’ choices. So if they wish to opt-out, you need to make sure it’s done promptly.

iubenda’s Newsletter Opt-In Booster helps you simplify marketing signups and consent management to make sure you’re always on top of opt-out requests.

About us

Attorney-level solutions to make your websites and apps compliant with the law across multiple countries and legislations.

www.iubenda.com

See also

• Legal requirements in email marketing (including opt out vs opt-in)
• Opt-out requirements under the CCPA
• How to set up CCPA opt out with the iubenda

The post What does opt-out mean? appeared first on Compliance Solutions for Websites, Apps and Organizations | iubenda.

What is double opt-in?

While single opt-in only requires that users submit their information in order to be added to your list, double opt-in requires that users first validate their email address before being added to your mailing list. The validation is carried out when users click on a specific link contained in a “confirmation” message sent to their email address.

In short, double opt-in allows you to make sure that the person who received your email actually wants to be on your list. See more details here.

Looking for a simple and compliant way to manage consent for newsletter subscriptions?

---

Try our Newsletter Opt-in Booster it adds a customizable signup form to your site, allowing you to collect and manage consent through a double opt-in process for a more engaged and responsive audience.

Activate now

Is double opt-in required by the GDPR?

No, there’s no requirement under GDPR to have a double opt-in process. Yet, it’s considered best practice in many countries, especially Germany and in the EU in general. With this method, you can ensure the email address receiving your communication actually belongs to the person giving the consent and hereby further ensure that you avoid high unsubscribe rates, retain the integrity of your list and the reputation of your address.

While there are benefits in using double opt-in, it’s not enough to be GDPR compliant. In fact, double opt-in on its own doesn’t guarantee GDPR compliance because it’s not enough to prove consent.

To collect consent upon subscription, you have to add checkbox fields with consent clauses and a link to your privacy policy to your forms. As we said, it’s definitely a good idea to enable the extra confirmation step to improve deliverability, but you cannot rely solely on double opt-in to be compliant with the GDPR.

More on GDPR

---

This article is a part of our series on GDPR and GDPR compliance. Read also:

How to create GDPR compliant forms

How iubenda can help you collect GDPR consent for your forms

GDPR not only sets the rules for how to collect consent but also requires companies to keep a record of these consents. It means that you must be able to provide proof of when and how you got consent and what they were told at the time.

Our Consent Database simplifies this process by helping you to easily store proof of consent and manage consent and privacy preferences for each of your users.

About us

Compliance solutions for websites, apps and organizations: collect GDPR consent, document opt-ins and CCPA opt-outs via your web forms.

www.iubenda.com

See also

• GDPR consent forms examples – What to do and not to do
• How to Make your Emails and Newsletter Compliant
• Privacy policy, GDPR forms and consent collection for Mailchimp

The post Does GDPR require double opt in? appeared first on Compliance Solutions for Websites, Apps and Organizations | iubenda.

GDPR opt in: Is consent necessary?

Yes, opt-in consent is necessary for certain processing activities carried out by mobile apps. Generally, things like direct email advertising and cookies will require opt-in consent. These two scenarios will require different tools to help you comply.

We’ll start with email consent forms first, but you can click here to jump to the section on cookies.

Looking for a simple and compliant way to manage consent for newsletter subscriptions?

---

Try our Newsletter Opt-in Booster it adds a customizable signup form to your site, allowing you to collect and manage consent through a double opt-in process for a more engaged and responsive audience.

Activate now

Collecting GDPR opt-in consent to direct email marketing:

Under the GDPR, your users that you sign up to your mailing list should have the following:

• The opportunity to give their informed consent. Users should be informed of the reasons you’d like their email address and the kind of emails they can expect to receive (e.g. third party advertisements).
• The ability to opt in to the consent rather than opt-out. Pre-ticked checkboxes are forbidden.
• The ability to give granular consent. Separate consent must be collected for separate purposes.
• The ability to withdraw their consent after it’s been given. This option should be visible and easy to identify. A popular approach is to include an “unsubscribe” link in the footer of all your email communications.

Under the GDPR you should have the following:

• informed freely given consent of the users on your mailing list;
• proof of that consent via detailed consent records.

You can read more about setting up email/ newsletter lists under laws like the GDPR and the US’ CAN-SPAM Act here.

Collecting opt-in consent for cookies

Here’s how to collect opt in consent for cookies on mobile apps:

Make sure that you have a banner visible on your app at the user’s first visit

The banner should:

• inform users of any cookies that your app uses;
• disclose the users’ rights in regards to the cookies (they have the right to refuse consent or withdraw it after it’s given);
• link to a cookie policy that explains in detail the purpose of the various categories of cookies and the third-parties involved; and
• to ask for the user’s consent before running those cookies in the first place.

More on cookie consent

---

To get a more detailed understanding of the law that governs cookie consent and read answers to frequent questions around this topic, check out this article:

How Must I Manage Cookie Consent in Order to Be Compliant

Block any scripts that could run non-exempt cookies

Because informed opt-in or prior consent is required under the GDPR and ePrivacy (Cookie Law), you’ll need to make sure that you’ve set up a mechanism that block non-exempt cookies until the user has given consent via an affirmative action such as clicking and “Accept” button.

This is where our Privacy Controls and Cookie Solution comes in. With a few short clicks it lets you:

• easily inform users via cookie banner and a dedicated cookie policy page (which is automatically linked to your privacy policy and integrates what’s necessary for cookie law compliance);
• obtain and save cookie consent settings;
• preventively block scripts prior to consent.

Get started for free for up to 1K page views per month (no payment info required), with affordable paying plans available for sites that have more monthly traffic. You can start generating for your mobile site in minutes using the button below or email us at info@iubenda.com to access the Privacy Controls and Cookie Solution mobile SDK (available as a native component for iOS and Android).

See also

• Compliance for App Developers
• Getting started with the Consent Database for web forms
• Cookie banner – do you need one?

About us

Cookie consent management for the ePrivacy, GDPR and CCPA

www.iubenda.com

The post GDPR opt in: How to collect consent on mobile appeared first on Compliance Solutions for Websites, Apps and Organizations | iubenda.