Disclaimer: Please note that these tables summarise the most recent guidelines from EU national authorities. They may evolve over time, depending on future legislative texts, case-law, or guidelines published on the subject.
NOTE: page or paragraph numbers for each country always refer to the respective document specified underneath the table.
Questions
|
🇬🇧 UK
|
🇮🇹 Italy
|
🇩🇪 Germany
|
🇫🇷 France
|
🇪🇸 Spain
|
🇩🇰 Denmark
|
🇬🇷 Greece
|
🇧🇪 Belgium
|
🇮🇪 Ireland
|
🇸🇪 Sweden
|
🇳🇱 Netherlands
|
🇱🇺 Luxemburg
|
🇦🇹 Austria
|
🇪🇺 EDPB
|
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Is consent by scrolling valid? |
NO |
NO |
NO |
NO |
NO |
NO |
NO |
NO |
NO |
NO |
NO |
NO |
NO |
NO |
Is consent by continuing navigation valid? |
NO |
Likely no, but not specified |
NO |
NO |
NO |
NO |
NO |
NO |
NO |
NO |
NO |
NO |
NO |
NO |
Are explicit “accept” AND “reject” buttons required to be on the cookie notice? |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
Not specified |
YES |
NO |
YES |
|
Must accept and reject options be equally conspicuous (equal prominence requirement)? |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
Not specified |
YES |
Not specified |
Not specified |
YES |
YES |
YES |
Is the prior blocking of cookies necessary where consent is required? |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
Are full cookie walls admitted? |
Unlikely |
NO |
NO |
Possibly |
NO |
Possibly |
NO |
NO |
Likely no |
NO |
NO |
NO |
YES |
NO |
Must cookies be listed one by one? |
NO |
Not specified |
NO |
NO |
NO |
NO |
Not clear |
Not clear |
Likely no |
YES |
YES |
Likely no |
Likely no |
|
Must purposes be listed in the first layer of the cookie notice? |
Not mentioned, but unlikely. |
Best practice |
YES |
YES |
YES |
YES |
YES |
YES |
Not specified |
Not specified |
YES |
YES |
YES |
Not specified |
Must consent be granular on a per-purpose basis? |
Per-service but not necessarily per-purpose |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
Not specified (but implied) |
Not specified (but implied) |
YES |
YES |
Is a GDPR-aligned proof of consent required? |
YES |
YES |
YES |
YES |
Not specified (but implied) |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
Likely yes |
Should withdrawing consent be as simple as giving it? |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES р> |
YES |
Is the use of a consent banner recommended? |
YES |
YES |
YES |
Not specifically |
YES |
Not specifically |
YES |
Not specified |
Not specifically |
Not specifically |
YES |
Best practice |
Best practice р> |
|
Are strictly necessary cookies exempt from the consent requirement? |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES р> |
YES |
Can GDPR legal bases other than consent (e.g. legitimate interest) apply? |
NO |
NO |
YES |
NO |
NO |
YES |
NO |
NO |
NO |
NO |
NO |
NO |
NO |
|
Do third parties have to be listed and identified? |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
Not specified |
Not completely clear |
YES |
YES |
YES |
Not specified |
|
Is it specified how long the consent to a cookie should last? |
NO |
YES |
YES |
YES |
Specified good practice |
NO |
YES |
NO |
YES |
YES |
NO |
YES |
Not specified |
No duration explicitly stated |
Are pre-ticked boxes allowed? |
NO |
NO |
NO |
NO |
NO |
NO |
NO |
NO |
NO |
NO |
NO |
NO |
NO р> |
NO |
*Unless otherwise stated, all sources linked are in their respective languages.
2020:
2023:
2020:
2019:
*guidelines apply to any consent-based processing of personal data, not only to cookies or trackers, strictly speaking.
2020:
2020:
2020:
2020:
2020:
2021:
2023:
2023:
2019:
2024:
Data Protection Authorities across Europe have aligned their rules on cookies and trackers with the requirements of the GDPR and now explicitly require you to document your users’ preferences for the use of cookies.
That’s why we’ve added the Cookie and Consent Preference Log to our Privacy Controls and Cookie Solution. Find out more here.