Recital 32 of the GDPR states that “Consent should be given by a clear affirmative act”. The DPC’s guidance falls in line with this concept, and should spell the end for banners proclaiming “By continuing to use this site, you agree to the use of cookies”. Though this interpretation is generally accepted by European regulators, the Spanish authority suggests that if a user has seen a cookie banner and takes a positive action on the website, they have consented to the use of cookies.
To ensure that specific consent is obtained for each purpose that a cookie is used, and to allow the withdrawal of consent in accordance with the GDPR, the DPC recommends that organisations should avoid bundling cookie consents (e.g. by forcing users to accept “all” marketing, analytics, tracking cookies etc.). Organisations must also provide information on how users can withdraw their consent to the use of cookies, and provide them with an easy-to-use mechanism to do so.
As consent must be “informed,” the DPC has further recommended that “clear and comprehensive information” about the use of cookies be provided, such as a short description of the types in your cookie banner, and a detailed description in your cookies policy.