Legal basis for the validity of the banner with consents
If, in order to protect the rights of the site operator or third parties, cookies are not stored exclusively on the device of the site visitor, the consent of the site visitor is required in accordance with Article 6(1) of the GDPR.
When the interests of the website operator or third parties require against the interests or fundamental rights and freedoms of the website visitor, it is often difficult to determine which interest prevails.
The legal justification for the website operator's interest is to ensure the correct display of the site. Accordingly, the cookies necessary for this purpose are always taken into account in the legitimate interest of the site operator.
This becomes more difficult when cookies are configured to study the behavior of users visiting a website or for promotional purposes. In such a case, it is usually impossible to rule out the fact that data protection regulators or courts will be more interested in the welfare of site visitors than the website owner.
In addition to technically necessary cookies, the placement of cookies should always require the consent of the website visitor. Such consent can be traditionally obtained via a checkbox.
The following are the most common mistakes made in banner implementation
The lack of a reject/refusal option on the banner violates the GDPR provisions on consent, as consent cannot be considered voluntary if there is no option to refuse.
2. Using varied, suggestive colors for "Accept" or "Allow" and "Reject" or "Do Not Accept" buttons is considered user manipulation and a violation of the GDPR. The color must not force a specific user response.
3. No available "Agree" and/or "Disagree" options on the banner.
If the banner is just a pop-up window informing users about cookies that includes a close icon in the upper right corner (or just an "OK" button)-it does not comply with GDPR.
4. Initial highlighted areas for essential cookies.
This is another example of a negative pattern. Avoid pre-selected consents. Users must overtly confirm their actions to select areas when giving consent.
5.You have to click more times to not accept cookies than you would to accept them.
In this kind of situation, there is usually no "Decline/Reject" button, but another one such as "More Settings," and the user can only reject the use of cookies after entering this area. If rejecting cookies through the consent banner requires more clicks than accepting them, this is not in compliance with the GDPR.
It is worth remembering that scrolling through the view, clicking on a hyperlink or any other user action does not imply consent. It is also important to display the cookie banner in the language of the user's browser to make sure it is understood.
Creating a cookie banner that complies with the law is not something difficult. It's also not a disadvantage for the site operator. Finally, site visitors should also be treated fairly. This means that they should be provided with clear information about what happens after they enter the website. Only then can we allow visitors to make informed decisions about whether and what data they want to disclose. Just as many website developers and operators don't want to be tracked by third parties, they should offer visitors the ability to decide for themselves what data they want to disclose and what they don't.
