Basics Requirements of Cookie Consent

Apr 23, 2021 3:47pm


Learn what are the requirements of cookie consent.


Knowing what exactly you need to have to meet the basic requirements can be confusing, so here is a stress-free list of the minimum amount of features you need, plus what they mean, for cookie consent. 


You must show the cookie banner at the user's first visit, this must:


  • briefly explain the purpose of the instalment of cookies that the site uses;
  • clearly state which action will signify consent;
  • be sufficiently conspicuous so as to make it noticeable;
  • link to (a cookie policy) or make available details of cookie purpose, usage, and related third-party.


Above: Cookie Banner as displayed on Motivation Digital's



Above: The full Cookie Policy will be under Settings.


Implement a cookie policy, this must include:


  • indicate the type of cookies installed - statistical, advertising, etc;
  • describe in detail the purpose of installing cookies;
  • indicate all third-parties that install or that could install cookies
    • with a link to their respective policies, and any opt-out forms (where available);
  • Be available in all languages in which the service is provided.



Allow the user to provide consent.

  • Consent to cookies must be informed and explicit and can be provided by a clear affirmative (opt-in) action. Therefore, if you use mechanisms such as checkboxes, they must NOT be pre-checked.

  • Subject to the local authority, these active behaviours may include continued browsing, clicking, scrolling the page, or some method that requires the user to actively proceed; this is somewhat left up to your discretion. Some website/app owners may favour a click-to-consent method over scrolling/continued browsing methods as the former is less likely to be performed by user error.


Before consent is granted, no cookies (except for exempt cookies) can be installed.


  • Blocking cookies before consent:

    • In compliance with the general principles of privacy legislation, which prevent the processing before consent, the cookie law does not allow the installation of cookies before obtaining user consent. In practice, this means that you may have to employ a form of script blocking prior to user consent

    • ePrivacy is a Directive, so the specifics of how requirements should be met, heavily depends on each individual Member State Law


Listing Third-Party Cookies.


  • The directive does not explicitly say you need to list and name individual third-party cookies, but you do need to state what type they are and what their purpose is.

"Freely Given" Consent.


  • Consent must be freely given by the user in order to be deemed valid.
  • In cases where coercive methods are used, consent is deemed invalid.
  • There are few exemptions 
    • where if the cookies are necessary to the functionality of the website or services affected.


Exemptions to the consent requirement.


  • Some cookies are exempt from the consent requirement, so are not subject to preventative blocking.
    • You are still required to inform users of these cookies.
  • Technical cookies - that are strictly necessary for the provision of service are exempt.
    • These include preference cookies, session cookies, load balancing.
  • Statistical Cookies that are managed by you, not third parties.
    • These are exempt as long as they are not used for profiling.
  • Anonymised Statistical Third-Party Cookies - e.g Google Analytics.


Left some questions about cookies? Here you can find the answers to them.


Not enough information? Then click here.