Iubenda logo
Start generating


Table of Contents

UK: which cookie consent rules apply

Must consent be granular in the UK? What about implied and on-scroll consent? Cookie consent rules may differ depending on the EU country. In this post, we’ll take a look at which GDPR cookie rules apply in the UK.

GDPR cookies rules for the UK

Is cookie consent by scrolling allowed under UK law?

No, the UK’s Information Commissioner’s Office (ICO) does not recognize consent by scrolling to be a valid indication of affirmative consent.

Under UK law, is cookie consent by continued browsing allowed?

No. As with consent on scroll, the UK does not recognize consent via continued browsing to be valid. Consent should be given via a direct affirmative action.

Under UK law, do I need to add a Reject button to my cookie banner?

Yes, this feature is explicitly required according to the UK’s latest ICO guidelines. The explicit reject button is also required by Germany, Ireland and the Netherlands.

The ICO seems to favor combining both the “accept” and the “reject” buttons on the banner. This combination should put the options at equal prominence, in order to avoid any “nudging behaviour”. uk gdpr cookie consent rules

According to the ICO: “A consent mechanism that emphasises ‘agree’ or ‘allow’ over ‘reject’ or ‘block’ represents a non-compliant approach, as the online service is influencing users towards the ‘accept’ option”.

Do cookies have to be blocked before consent under UK law?

Yes. Except for exempt categories (which very few cookies fall into), cookies must be blocked until users have given their informed consent.

Must cookie consent be granular in the UK?

The consent must be specific to the particular service. Users should be able to manage consent to individual third parties on a granular basis – however, global consent can be used, provided that the user at least has the option to consent on an individual basis, should they choose to.

Is proof of consent requested according to the criteria established under the GDPR?

Yes, GDPR records of consent are also required for cookie consent, according to the ICO. You can read more about records of consent here.

How iubenda can help you manage cookie consent

Our comprehensive cookie management solution allows you to:

  • easily inform users via cookie banner and a dedicated cookie policy page (which is automatically linked to your privacy policy);
  • obtain and save cookie consent settings;
  • collect granular, per-category consent;
  • preventively block scripts prior to consent;
  • apply the IAB Transparency and Consent Framework with a single click;
  • maintain records of consent via integration with our Consent Database (integration available upon request).

About us


Cookie consent management for the ePrivacy, GDPR and CCPA


See also