Cookie Banner Signoff

You’ve created your cookie banner, it’s ready to go live, but is it compliant? Here are some questions to help assess the risks.

Questions to Ask

  • Is it fair?
  • Is it transparent?
  • Does it explain if you’re sharing data to other data controllers for their own purposes?
  • Is data being shared with companies that the user might find distasteful, untrustworthy or undesirable?
  • Does it follow a “Privacy by Default” and “Privacy by Design” approach?
  • Would anyone be surprised or annoyed if you were to explain exactly what cookies, scripts and services are being enabled by default?
  • Does it present the information in an even way, or is it trying to influence the user to perform a specific action?
  • Which other organisations are taking your approach? Has this approach been promoted/criticised/enforced against by Data Protection Authorities?
  • Would you feel comfortable having a DPA, a customer and the press scrutinising your approach?
  • Do you accept that your approach is a temporary measure and will have to become more conservative in time?

Consent Tests

Is the consent you are requesting:

  • Freely given?
  • Specific?
  • Informed?
  • Unambiguous?
  • Requiring a statement or clear affirmative action?

Images in this post have been kindly provided by:


Carl Gottlieb

Carl Gottlieb is the privacy lead and Data Protection Officer for a select group of leading tech companies. Carl’s consultancy company Cognition provides a range of privacy and security services including virtual DPO and virtual CISO.