Common problems include the use of third-party consent management platforms which have been arranged to include boxes or toggles pre-checked or set to the ON position to signal that the user ‘consents’ to cookies. Consent for the use of cookies is not valid if you seek to obtain it using pre-checked boxes or toggles.

Some tools in use on websites also contain settings hidden beneath toggles that are set to the OFF position, giving users an expectation that they do not have to take any further action to set their cookies preferences.

It is also common to see websites provide hyperlinks in their cookie banner or privacy policy to information on third-party websites about cookies. The information provided in the cookie policy or in any links from the cookie banner must be information about that website or app operator’s own deployment and use of cookies.

Many website operators also fail to provide a privacy policy with basic transparency information. Where an entity processes personal data as a result of the deployment of cookies, the requirements for transparency and mandatory information that must be provided to data subjects are set out in Article 12, 13 and 14 of the General Data Protection Regulation (GDPR).