Iubenda logo
Start generating

Documentation

Table of Contents

GDPR Cookie Consent Cheatsheet

Disclaimer: Please note that these tables summarise the most recent guidelines from EU national authorities. They may evolve over time, depending on future legislative texts, case-law, or guidelines published on the subject.

NOTE: page or paragraph numbers for each country always refer to the respective document specified underneath the table.

Rules for collecting cookie consent: Per-country Comparison

Questions
🇬🇧 UK
🇮🇹 Italy
🇩🇪 Germany
🇫🇷 France
🇪🇸 Spain
🇩🇰 Denmark
🇬🇷 Greece
🇧🇪 Belgium
🇮🇪 Ireland
🇪🇺 EDPB
Is consent by scrolling valid?

NO

NO

NO

NO

NO

NO

NO

NO

NO

NO

Is consent by continuing navigation valid?

NO

Likely no, but not specified

NO

NO

NO

NO

NO

NO

NO

NO

Are explicit “accept” AND “reject” buttons required to be on the cookie notice?

YES

YES

YES

YES

YES

YES

Not specified

Not specified

YES

Must accept and reject options be equally conspicuous (equal prominence requirement)

YES

YES

Not specified

YES

Best practice

YES

Not specified

Not specified

YES

YES

Is the prior blocking of cookies necessary where consent is required?

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

Are full cookie walls admitted?

Unlikely

NO

NO

Possibly

NO

NO

NO

NO

Likely no

NO

Must cookies be listed one by one?

NO

Not specified

NO

NO

NO

NO

Not clear

Not clear

Likely no

Must purposes be listed in the first layer of the cookie notice?

Not mentioned, but unlikely.

Best practice

Not specified

YES

YES

YES

Not specified

YES

Not specified

Not specified

Must consent be granular on a per-purpose basis?

Per-service but not necessarily per-purpose

YES

YES

YES

YES

YES

YES

YES

YES

YES

Is GDPR-aligned proof of consent required?

YES

YES

YES

YES

Not specified (but implied)

YES

Not specified

YES

YES

Likely yes

Should withdrawing consent be as simple as giving it?

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

Is the use of a consent banner recommended?

YES

YES

Best practice

Not specifically

YES

Not specifically

YES

Not specified

Not specifically

Are strictly necessary cookies exempt from the consent requirement?

YES

YES

YES

YES

YES

YES

YES

YES

YES

YES

Can GDPR legal bases other than consent (e.g. legitimate interest) apply?

NO

NO

YES

NO

NO

YES

NO

NO

NO

Do third parties have to be listed and identified?

YES

YES

Not specifically stated

YES

YES

YES

YES

Not specified

Not completely clear

Is it specified how long the consent to a cookie should last?

NO

YES

NO

YES

Indirectly

NO

NO

NO

YES

No duration explicitly stated

Are pre-ticked boxes allowed?

NO

NO

NO

NO

Not specified

NO

NO

NO

NO

NO

🎯
New requirement

Data Protection Authorities across Europe have aligned their rules on cookies and trackers with the requirements of the GDPR and now explicitly require you to document your users’ preferences for the use of cookies. 

That’s why we’ve added the Cookie Preference Log to our Cookie Solution. Find out more here.