With the hands in the Cookie jar… (Part 1 of, possibly, many)

Are companies doing enough to implement Article 7 of the GDPR? Have they understood what "the controller shall be able to demonstrate that the data subject has consented to processing of his or her personal data." means?

Let’s see an example:

In other words: we use cookies, deal with it! Not much of consent there…

 But the most dangerous is the following (and that’s the majority of cookie banners today):

So the ‘ACCEPT’ button is not the users’ freely given consent; it is just a button to close the message (I am suspecting the cookies are already on their way to the hard drives). Users of our websites should be able to opt-in, no cookies should be placed until (and if) they press that ‘ACCEPT’ button. Default position is OPT-OUT – NO COOKIES.

The question any Supervising Authority (in our lands @ICOnews) should be asking themselves is this:  did the developer not correct the site (in the way it should be i.e. cookies are only placed if the users press the ACCEPT button) because it is too much work - too little time, or because they believed that the average user will not know the difference?

Food for thought people!


Recent Posts

See All


  • White LinkedIn Icon
  • White Twitter Icon