Iubenda logo

Documentation

Table of Contents

GDPR Cookie Consent Cheatsheet

Disclaimer: Please note that these tables summarise the most recent guidelines from EU national authorities. They may evolve over time, depending on future legislative texts, case-law, or guidelines published on the subject.

NOTE: page or paragraph numbers for each country always refer to the respective document specified underneath the table.

Rules for collecting cookie consent: Per-country Comparison

*Note: Italy’s DPA guidelines were published before the entry into force of the GDPR.

Questions
🇬🇧 UK
🇮🇹 Italy
🇩🇪 Germany
🇫🇷 France
🇪🇸 Spain
🇩🇰 Denmark
🇬🇷 Greece
🇧🇪 Belgium
🇮🇪 Ireland
🇪🇺 EDPB
Is consent by scrolling valid?

NO

YES

NO

NO

NO

NO

NO

NO

NO

NO

Is consent by continuing navigation valid?

NO

YES

NO

NO

NO

NO

NO

NO

NO

NO

Are explicit “accept” AND “reject” buttons required to be on the cookie notice?

YES

NO

YES

Most likely

YES

Not explicitly specified

Not specified

Not specified

YES

Is the prior blocking of cookies necessary where consent is required?

YES

YES

YES

YES

YES

Not specified

YES

YES

YES

YES

Are full Cookie walls admitted?

Unlikely

Not specified

NO

Possibly

NO

NO

NO

NO

Not specified

NO

Must cookies be listed one by one?

NO

Not clear

NO

NO

NO

Not specified

Not clear

Not clear

Likely no, but not clear

Must consent be granular on a per-purpose basis?

Per-service but not necessarily per-purpose

NO

YES

YES

YES

YES

YES

YES

Yes, per purpose

YES

Is proof of consent requested according to the criteria established under the GDPR?

YES

NO

YES

YES

Not specified (but implied)

YES

Not specified

YES

YES

Not explicitly stated

Should withdrawing consent be as simple as giving it?

YES

NO

YES

YES

YES

YES

YES

YES

YES

YES

Is the use of a consent banner recommended?

YES

YES

Best practice

Not specified

YES

YES

YES

Not specified

Not specifically

May cookies (and other trackers) be placed on legal grounds other than users’ consent?

YES

YES

YES

YES

YES

YES

YES

YES

YES

Do third parties have to be listed and identified?

YES

Not specified

Not specifically stated

YES and NO

YES and NO

YES

YES

Not specified

Not completely clear

Is it specified how long the consent to a cookie should last?

NO

NO

NO

YES

Indirectly

NO

NO

NO

YES

No duration explicitly stated

Are pre-ticked boxes allowed?

NO

NO

NO

NO

Not specified

NO

NO

NO

NO

NO

What is the territorial scope of national cookies laws?

Not specified

Not specified

Germany

France

Spain

Not specified

Not specified

Not explicitly stated

Ireland

Sources and further reading

*Unless otherwise stated, all sources linked are in their respective languages.

Belgium

2020 Cookie guidelines on DPA website + Cookie FAQ

Denmark*

2020 Guidelines on the “Processing of personal data of website visitors“ | 2019 Executive Order (“EO”) regarding cookies (still applies unless the above 2020 document states differently)

*guidelines apply to any consent-based processing of personal data, not only to cookies or trackers, strictly speaking.

European Data Protection Board – EDPB

2020 EDPB Guidelines 05/2020 on consent under Regulation 2016/679 (English)

France

2020 Cookie Guidelines | Cookie Recommendations

Finland

2020
Summarizing article (English) | Decision by the Ombudsman | Information on the Finnish Traffic and Communication Authority’s website

Germany

2020 Guidance from the supervisory authorities for providers of telemedia

Greece

2020 Guidelines | Press release | Unofficial English translation

Italy

2014 Identification of simplified procedures for information and the acquisition of consent for use | Clarifications on the implementation of the legislation on cookies

Ireland

2020 Data Protection Commission guidelines on the use of cookies | Survey on the use of cookies

Spain

2020: Guide on the use of cookies

UK

2019 Guide to PECR: Cookies and similar technologies