The GDPR governs the processing of personal data of individuals inside the EU and most cookies today collect personal data from users, when they visit websites.<\/p>\n\n\n\n
The GDPR requires websites to obtain user consent before activating cookies that will process personal data.<\/p>\n\n\n\n
Websites are not allowed to activate cookies and trackers that process personal data unless the user has first consented to it, unless the cookies can be deemed strictly necessary for the basic functions of the website.<\/p>\n\n\n\n Personal data is any kind of information that can be directly or indirectly related to a living individual and therefore identify the user.<\/p>\n\n\n\n This includes anything from names, e-mail addresses, social security numbers, but also IP addresses, browser specifications, search history and Unique IDs that most cookies set on user browsers after a website visit.<\/p>\n\n\n\n If your website has visitors from inside the EU<\/strong> and you use cookies that process personal data, you must \u2013<\/p>\n\n\n\n Is your website GDPR compliant? Test for free with the Cookiebot CMP test<\/a>.<\/p>\n\n\n\n Learn more about the GDPR and cookie consent<\/a><\/p>\n\n\n\n The European Data Protection Board (EDPB)<\/a> is the leading supervisor of the GDPR in the EU that regularly adopts guidelines and issues decisions on how the GDPR is to be enforced by the national data protection authorities in each EU member country.<\/p>\n\n\n\n On May 4, 2020, the EDPB adopted guidelines on valid consent <\/a>that make it very clear what constitutes GDPR compliant consent for the processing of personal data on websites\u2026 and what does not.<\/p>\n\n\n\n EDPB guidelines clarify that \u2013<\/p>\n\n\n\n Learn more about the EDPB guidelines on valid consent<\/a><\/p>\n\n\n\n In doubt whether your website is GDPR compliant? Test with the free Cookiebot CMP compliance test<\/a>.<\/p>\n\n\n\n Try Cookiebot CMP free for 14 days<\/a>... or forever if you have a small website.<\/p>\n\n\n\n Cookiebot CMP<\/a> is a consent management platform that makes your website compliant with the GDPR, the CCPA and other data protection laws across the world.<\/p>\n\n\n\n Cookiebot CMP<\/a> works by detecting all cookies and trackers in operation on your domain using our unmatched scanning technology that finds even the hidden third-party trojan horses.<\/p>\n\n\n\n Cookiebot CMP<\/a> auto-blocks all cookies and personal data processing on your domain until users have given their granular consent to which trackers, they will allow activated \u2013 ensuring that your website fully lives up to the GDPR requirements for prior consent.<\/p>\n\n\n\n Cookiebot CMP<\/a> also offers full CCPA compliance for websites.<\/p>\n\n\n\n Try Cookiebot CMP free for 14 days<\/a>\u2026 or forever if you have a small website.<\/p>\n\n\n\n Learn more about GDPR and cookie consent<\/a><\/p>\n\n\n\n Learn more about CCPA compliance<\/a><\/p>\n\n\n\n In the US, the use of cookies and the processing of personal information is not regulated on a federal level as it is in the EU by the GDPR.<\/p>\n\n\n\n Instead, some states have their own set of laws governing personal information collection and digital privacy, while other states have no real protection for users.<\/p>\n\n\n\n The biggest data protection in the US that covers cookie control is the California Consumer Privacy Act (CCPA)<\/a> that took effect in January 2020.<\/p>\n\n\n\n The CCPA grants consumers the right to request disclosure of the categories and specific pieces of personal information that a business has collected on them. It also grants consumers the right to request deletion, as well as the right to opt out of having their data sold to third parties.<\/p>\n\n\n\n The CCPA requires that users are informed of what cookies are in operation on a website, what kind of personal information they collect and for what purposes.<\/p>\n\n\n\n CCPA also requires websites to inform users of what third parties they share their personal information with.<\/p>\n\n\n\n Learn more about the California Consumer Privacy Act (CCPA)<\/a><\/p>\n\n\n\n Learn more about CCPA compliance with Cookiebot CMP<\/a><\/p>\n\n\n\n The UK left the EU in January 2020 and by the end of this year will no longer be governed by the EU\u2019s General Data Protection Regulation.<\/p>\n\n\n\n However, the UK has adopted new data protection laws that mirror the GDPR and that will ensure a continued equivalent data protection regime.<\/p>\n\n\n\n Learn more about Brexit and cookie control in the UK<\/a><\/p>\n\n\n\n The Information Commissioner\u2019s Office (ICO) is the leading data protection authority in the UK, responsible for enforcement and supervision of the country\u2019s data protection laws.<\/p>\n\n\n\n The UK\u2019s data protection laws after Brexit is the UK-GDPR <\/a>and the Data Protection Act 2018<\/a>.<\/p>\n\n\n\n In the summer of 2019, the ICO has updated its guidelines for the use of cookies<\/a> and trackers and put a significantly tighter cookie control in place in the UK.<\/p>\n\n\n\n When it comes to a website\u2019s cookie management, implied consent as we know it today \u2013 the soft opt-in that allows websites to interpret as consent the continued browsing of its users \u2013 do not meet the requirements for valid consent, ICO has ruled.<\/p>\n\n\n\n Instead, users must give their affirmative consent to anything that is not necessary cookies (or non-essential, as ICO calls them) and it is the legal responsibility of websites to have a cookie manager in place that enables this for their users.<\/p>\n\n\n\n Pre-ticked boxes (or any equivalent) are not lawful to use on anything but necessary cookies, according to the new ICO guidelines.<\/p>\n\n\n\n This means that preference, statistics and marketing cookies must abide by the same rules: they all need to be un-ticked and now require affirmative opt-in to be viewed as valid consent.<\/p>\n\n\n\n In other words, users must now choose to tick the boxes of preference, statistics and marketing cookies alike, in order for these categories of cookies to be activated.<\/p>\n\n\n\n The ICO guidelines clarify that \u2013<\/p>\n\n\n\n Inform yourself on ICO\u2019s updated guidelines on cookies<\/a>.<\/p>\n\n\n\n Digital self-defense is also an option a lot of people are choosing in exasperation when learning about the ugly truth of the dismal state of privacy on the Internet today.<\/p>\n\n\n\n This type of digital self-defense is essentially a version of privacy protection, where everyone has to fend for themselves, by downloading the right browser that then block cookies automatically.<\/p>\n\n\n\n Privacy-friendly browsers such as Epic<\/a>, Brave<\/a> or Firefox<\/a> offer cookie control through non-discriminatory, across-the-board cookie blockers that stop all cookies, even necessary and benign ones.<\/p>\n\n\n\n The downside is that they often break websites, because they block cookies that support the basic functions of a domain. This full cookie stop is the default mode of both Epic and Brave, whereas Firefox utilizes a tracker list from Disconnect<\/a> to determine which cookies they block.<\/p>\n\n\n\n This digital self-defense is not a viable final solution to the privacy problems of surveillance capitalism, since most people don\u2019t have the time or the technical skills to navigate the abundant market of privacy tools, browsers, VPNs or adblockers.<\/p>\n\n\n\n There is also another way to protect privacy in our digital infrastructures\u2026<\/p>\n\n\n\n Cookie control through a cookie manager like Cookiebot CMP<\/a> is a technology that we \u2013 obviously \u2013 have put our weight behind and think of as a vital part of a sustainable solution for protecting privacy.<\/p>\n\n\n\n Using a consent solution that is specific to each website (implemented through the cloud and integrated seamlessly onto a domain) not only prevents websites from breaking by allowing them to discriminate between different categories of cookies, it also holds the potential to be fully GDPR and CCPA compliant.<\/p>\n\n\n\n Cookiebot CMP makes your website fully compliant with the General Data Protection Regulation (GDPR)<\/a> and the California Consumer Privacy Act (CCPA)<\/a>.<\/p>\n\n\n\n![\"Flag](\"\/media\/3911\/1920px-flag_of_europesvg.png?width=411&\")
\n
EDPB guidelines on valid consent<\/h3>\n\n\n\n
\n
Cookie control with Cookiebot CMP<\/h2>\n\n\n\n
![\"Cookieboot](\"\/media\/4333\/consent_en.png?width=500&\")
Cookie control in the US<\/h2>\n\n\n\n
![\"Flag](\"\/media\/3912\/1920px-flag_of_the_united_statessvg.png?width=409&\")
Cookie control in the UK after Brexit<\/h2>\n\n\n\n
![\"Flag](\"\/media\/3628\/uk-flag.png?width=426&\")
\n
Cookie control in web browsers<\/h2>\n\n\n\n
![\"Epic,](\"\/media\/3598\/privacy-browsers.jpg?width=500&\")
<\/figure>\n\n\n\nConsent management platform and cookie control <\/h2>\n\n\n\n