You’ve created your cookie banner, it’s ready to go live, but is it compliant? Here are some questions to help assess the risks.

Questions to Ask

• Is it fair?
• Is it transparent?
• Does it explain if you’re sharing data to other data controllers for their own purposes?
• Is data being shared with companies that the user might find distasteful, untrustworthy or undesirable?
• Does it follow a “Privacy by Default” and “Privacy by Design” approach?
• Would anyone be surprised or annoyed if you were to explain exactly what cookies, scripts and services are being enabled by default?
• Does it present the information in an even way, or is it trying to influence the user to perform a specific action?
• Which other organisations are taking your approach? Has this approach been promoted/criticised/enforced against by Data Protection Authorities?
• Would you feel comfortable having a DPA, a customer and the press scrutinising your approach?
• Do you accept that your approach is a temporary measure and will have to become more conservative in time?

Consent Tests

Is the consent you are requesting:

• Freely given?
• Specific?
• Informed?
• Unambiguous?
• Requiring a statement or clear affirmative action?

rawpixel