- Cookie law requires users’ informed consent before storing cookies on a user’s device and/or tracking them.
- Consent to cookies must be informed and based on an explicit affirmative action; subject to the local authority, these actions may include continued browsing, clicking, scrolling the page or some method that requires the user to actively proceed.
- While the Cookie Law does not explicitly require that records of consent be kept, only proof, however, many Data Protection Authorities across the EU have aligned their cookie rules to GDPR requirements. This means that, depending on the country relevant to you, you may be required to maintain records of cookie consent as required under the GDPR.
- The cookie law does not require that you individually list third-party cookies, only that you state their category and purpose.
- While the Cookie Law does not require that you manage consent for third-party cookies directly on your site/app, you are required to inform users of third-party cookie usage, the purpose of the cookies and link to the relevant third-party privacy/cookie policies.