Minimum requirements for cookies

Minimum requirements for cookies

Application processing and Biometric Residence Permits

A cookie task force of the European Data Protection Board (the EDPB) has published a report advising on new cookie requirements for websites. Although the findings of the report are not currently legally binding, they could soon be adopted by the EU.

Generally, the report stresses that companies should always be sure to inform their website users what cookies they are consenting to. Users must also always have the option to reject cookies or withdraw their consent.

To ensure companies comply with this, they should pay close attention to the design and layout of their cookie banners.

The report includes the following guidance:

  • Reject option: Cookie banners must have a “reject all” option. This button must be easily visible. For example, it cannot be placed in a link outside of the cookie banner itself or hidden in a chunk of text.
  • Pre-ticked options: Users must give active consent to cookies and therefore preferences cannot be “pre-ticked” by default upon entering the website.
  • Legitimate interest: Sites must not mislead users by claiming that non-essential cookies must be agreed to. The “legitimate interest” test can only be used for cookies that are strictly necessary.
  • Misleading colours: Cookie banners cannot “point” users toward accepting cookies by making the “accept” button more noticeable than the “reject” button through prominent colours or shading. 
  • Withdraw consent: Users should always be able to easily withdraw their consent. A “withdraw consent” button should always be readily available.

The full report can be found here:

Contact our experts for further advice

Search our site