Iubenda logo
Start generating

Documentation

Table of Contents

UK’s latest Cookie Requirements

And what you need to do

As you may know, many Data Protection Authorities across Europe (including the UK, France, Italy, Belgium, and more) have aligned their rules on cookies and trackers with the requirements of the GDPR.

However, because cookies are technically also governed by the ePrivacy Directive, “cookie rules”, while mostly similar, can vary slightly from country to country. The UK is one such case.

If you do not comply, the consent to the cookies you acquire can be considered invalid in the eyes of the law. This may put you in violation of the GDPR and at risk of penalties and fines of up to £17.5 million.


How to adapt

For your convenience, we’ve prepared a summarised checklist of what you need to do in accordance with the UK’s Data Protection Authority.

As these rules are already “live”, we recommend setting up as soon as possible if you haven’t already.

  1. Activate the Cookie Preference Log in your Cookie solution
  2. Update your Cookie Solution configuration
  3. Implement your Cookie Solution with the new code snippet

1. Activate the Cookie Preference Log

GDPR proof of consent is now mandatory in order for the consent to be considered valid.

Unlike a technical cookie, the Cookie Preference Log allows you to record and store proof of consent, and tie it to a unique user for future verification.

The log is available in your dashboard:

cookie preference log

If you can’t access it, you need to activate it. Upgrade your Cookie Solution to enable consent logging, to avoid having to ask your users to re-consent going forward.

2. Update your Cookie Solution configuration

Go to the dashboard → Select your site → Click on “Edit” under Cookie Solution.
The easiest way is to use our recommended settings:

automated configuration UK

Alternatively, if you have customized your configuration, make sure your settings follow these instructions:

Furthermore

3. Implement your Cookie Solution with the new code snippet

 Once you have saved the settings,copy and paste the Cookie Solution embedding code at the end of the HEAD tag of your pages, replacing – if present – the previous integration code.

If you use one of our plugins for WordPress, Joomla!, PrestaShop or Magento, you have to replace the code you can find in the plugin configuration panel.

🎙️
Need help? Ask our experts live!

Join our free webinar on What you need to know about Cookies and GDPR consent. Learn about which GDPR rules apply to certain countries, what’s required by third-parties like Google, how to set up your Cookie Solution to meet the latest requirements and more. The webinar includes live demo and Q&A.

Learn more

Frequently asked questions on the Cookie Preference Log

Cookie Preference Log allows you to create records of your users’ cookie consent preferences when they visit your site. You need this feature to align with the requirements of most Data Protection Authorities across Europe (including the UK, France, Italy, Belgium, and more).

The smallest Cookie Solution plan with this feature covers 50k pageviews/month and costs $13 per month or $143 per year.

To get access:

  • New Cookie Solution users
    Purchase a Cookie Solution plan that includes at least 50k pageviews/month.
  • Existing Cookie Solution users
    • If you use our free Cookie Solution plan (25k pageviews/month), you need to upgrade to a paid Cookie Solution plan that includes at least 50k pageviews/month.
    • If you already have a paid Cookie Solution plan, but you don’t have access to this feature (“Log under “Dashboard > [Your website/app] > Cookie Solution”), you must upgrade your plan. The upgrade involves an increase in the subscription fee of your Cookie Solution plan.

Cookie Preference Log is associated with an increased subscription fee and is not included in our free Cookie Solution plan because it is an expensive feature to manage and maintain in terms of bandwidth and space.

It requires an advanced computational infrastructure to ensure maximum data security and availability and involves handling high amounts of data.

No, you can use a single Cookie Solution plan for multiple websites: every site in your account will have separate Cookie Solution settings and separate Cookie Preference Log.

The important thing is that the number of pageviews totalled by the sites in your account does not exceed the limit set by your Cookie Solution plan (in that case, as usual, you can always upgrade to a bigger plan, automatically or after our notice).

If you’re an agency or a web professional, we can move the projects from your clients’ accounts to your agency account upon request. This way, you can spread the cost among your customers (applying the markup you prefer).

Find out how to resell iubenda’s solutions to your clients.

No, the Pro and Ultra licenses include a free 25k pageviews/month Cookie Solution plan with no Cookie Preference Log.

To have the Cookie Preference Log, you need to upgrade your Cookie Solution plan. The smallest Cookie Solution plan with this feature covers 50k pageviews/month and costs $13 per month or $143 per year.

Yes, if your website installs non-exempt cookies and European users visit it, you need to keep valid records of your users’ cookie preferences.

In other words, regardless of the number of monthly pageviews, you need to store cookie preference logs if you have a cookie banner.

If you can’t access the Cookie Preference Log, you probably have an old Cookie Solution plan. To access the Cookie Preference Log, you’ll need to upgrade your plan. The paid upgrade will keep you on the same plan with the same number of pageviews but with the Cookie Preference Log enabled.

The procedure is entirely automated, and it doesn’t require any changes to the Cookie Solution script you’ve embedded on your site.

No, the Consent Solution collects and stores proof of consent specifically for online and offline forms, and requires some setup.

The Cookie Preference Log, however, is a fully automated feature of the Cookie Solution, our solution for managing consent preferences for cookies, trackers and similar technologies.

In cases where the GDPR and the Cookie Law don’t apply to you, but you target California-based (and by extension US-based) users, our free Cookie Solution plan allows you to meet the CCPA requirement of informing Californian users of any selling activity upon site visit and allowing them to opt-out.

It also allows you to potentially meet the CCPA opt-in requirement for minors.

On the other hand, if you or your users are based in the EU and you need a cookie banner, you’ll also need the Cookie Preference Log to keep records of the cookie preferences your users set when they visit your site.

The Cookie Preference Log solves this problem – without the need for a dedicated configuration. For each consent given, we collect:

  • a string of 6 random hexadecimal characters and the timestamp to uniquely identify a specific consent and the time at which it was given
  • the user’s IP address

This way, the consent is collected via the string of 6 hexadecimal characters and the IP address is uniquely linked to a specific user. If necessary, the DPA may:

  • examine the user’s browser and compare it with the unique record in your logs (verifying proof)
  • use the IP address to cross-check and verify the information