What is the purpose of adding a consent rule to your consent policy OneTrust?

OneTrust's cookie-content solution is software that is subject to a fee. The license can be purchased on a monthly or annual basis. It costs 45 EUR / month per domain, regardless of company size. The OneTrust cookie solution is hosted in the EU.

According to the manufacturer, OneTrust offers the following features in this software solution: 

• Unlimited number of subdomains and pages
• Unlimited Consent Records
• Automated Website Scanning
• Cookie categorization based on Cookiepedia (OneTrust's own cookie database in which all cookies collected by the tool are listed and categorized)
• Customizable banners and preference center presets
• Configurable consent models
• Prior Informed Consent and Do Not Track
• Automatic speech recognition
• Dynamic cookie list script
• Integration with CMSs, website builders, tag managers
• Extended scanning (behind login and query parameters)
• Multi-page templates
• Geo-Targeting by country
• Cross-domain consent
• IAB Europe TCF Support
• Local JavaScript Hosting Option
• Multiple languages
• Remove branding "Powered by OneTrust"

The advantages of the OneTrust content cookie solution

The legal requirements must be met. In some cases, the technical possibilities are not available to implement the development effort. A further advantage of OneTrust's cookie content-solution is the possibility to integrate the cookie layer without deployment. However, this requires tag management.

OneTrust offers not only a European solution, but also content solutions analogous to the respective countries. This is helpful for an international orientation. 

Custom solution versus commercial solution.

The advantages of a custom cookie solution are generally these:

• No ongoing license costs,
• Individual technical solutions enable special integrations,
• Design / UX can correspond exactly to the corporate design

The disadvantage is primarily the high initial creation costs. 

On the other hand, there are the advantages of the commercial Consent solution:

• Quickly implemented,
• Low initial costs.

In contrast, the running costs remain constant. The license fee is charged per domain. The look and feel should be adopted and usually does not correspond to the corporate design of the website. 

Nevada’s new law, SB-220, which requires website operators to honor opt-out procedures, went into effect on October 1, 2019. Nevada’s Senate Bill 220, or “An Act relating to Internet privacy,” requires organizations who run websites that collect and maintain data comply with requirements set by the law.

The General Data Protection Regulation has everyone talking about cookies, consent, and privacy. But there’s an earlier privacy law called the ePrivacy Directive. This law, along with the GDPR, created the situation that website owners are now trying to navigate.

To understand the GDPR, it helps to first understand the overlap of ePrivacy and GDPR as it relates to cookies and consent.

The ePrivacy Directive and the GDPR

The ePrivacy Directive established that storing or retrieving any information from a user’s device is subject to consent. That is, “unless it is technically necessary to enable the intended communication to take place.”

This rule made it necessary for the cookie notification banners that you’ll see on many websites.

But there was a problem.

Since this rule passed as a Directive, each member state had to write it into their national law. Also, while the ePrivacy Directive defined the need for cookie consent, it didn’t define consent.

Because of this, ePrivacy rules and enforcement rolled out in a fragmented way.

Part of the GDPR’s goal was to unify those rules. To do this, the GDPR needed to clearly define what consent is and when it’s needed.

What Does Cookie Consent Mean?

Before the GDPR, cookie consent meant different things throughout the EU. However, in Recital 32, the GDPR established a unified rule that clearly defined what consent is:

“Consent should be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the data subject’s agreement to the processing of personal data relating to him or her.”

Since terms like “clear”, “specific”, and “informed” are subjective, we still have to unpack Recital 32 a bit more.

A Clear Affirmative Act

Recital 32 says that consent can be “ticking a box” or another statement that “clearly indicates in this context the data subject’s acceptance of the proposed processing of his or her personal data.”

Specific, Informed, Freely Given, and Unambiguous

Additionally, Recital 32 states that you need consent for “all processing activities carried out for the same purpose.” And if processing has multiple purposes, “consent should be given for all of them.

Moreover, the consent request must be “clear, concise and not unnecessarily disruptive” to the user. Recital 32 also explains what consent is not, which includes “inactivity” or “pre-ticked” boxes.

One More Condition of Cookie Consent: Withdrawability

The GDPR says that users must be able to withdraw consent and that it “shall be as easy to withdraw as to give consent.”

How Does GDPR Apply to Cookies?

In short, to achieve compliance with the GDPR, you must enable a user to show their consent with a clear, affirmative action. Moreover, that action must be 1) specific, 2) informed, 3) freely given, 4) unambiguous, and 5) withdrawable.

Takeaways for Website Owners

For website owners, the GDPR means that their current cookie consent processes will likely need to change.

Many of the designs currently used for cookie consent are not compliant. These include:

1. Implied consent. Visiting a site for the first time is not considered an affirmative act.
2. Advice to adjust browser setting. Telling visitors to block cookies is not a valid way to make consent withdrawable, as required under the GDPR.
3. Statements like, “By using this site, you accept cookies.” Cookie walls are not a free choice so it is not valid consent.

Moreover, sites may also need to provide:

• An always-available opt-out.
• A response to Do Not Track browser requests.
• Control of consent for each cookie purpose.

Let CookiePro Help

Create a mobile-friendly, customizable cookie banner and preference center for visitors to provide consent and opt-in or opt-out of certain categories of tracking on your website. Check out our Cookie Banner Gallery to see all the different GDPR-compliant cookie banners.

Which of the following are consent collection point types in OneTrust?

What is required for cookie consent?

What is cookie consent management?

Which tool helps you manage customer consent and communication preferences?