Complianz Privacy Suite

Are pre-checked checkboxes allowed?

Aert Hulsebos

Aert Hulsebos

Categories

Popular articles

Generating an Impressum

From release 4.4 onwards, Complianz Privacy Suite (Premium) offers a new document, the Impressum. The Impressum provides the required information for commercial websites that target

Read More
Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn

Sometimes we’ll get the question:

“Is there an option to have the categories on the cookie banner pre-checked?”.

The short answer is no, but it is more nuanced. And well…it is possible…

We understand this question for multiple reasons. First, pre-checked categories are everywhere and if it’s everywhere, you might think this is a valid way to comply with GDPR. Second, pre-checked categories are more interesting from a commercial point of view (at least at first glance) over unchecked categories.

Pre-checked checkboxes, why not and why would you?

Considering pre-checked categories will ask the user to opt-out, instead of opt-in, it contradicts the GDPR statement:

Recital (32): GDPR

Consent should be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the data subject’s agreement to the processing of personal data relating to him or her, such as by a written statement, including by electronic means, or an oral statement.

This could include ticking a box when visiting an internet website, choosing technical settings for information society services or another statement or conduct which clearly indicates in this context the data subject’s acceptance of the proposed processing of his or her personal data.

Silence, pre-ticked boxes or inactivity should not, therefore, constitute consent.

Consent should cover all processing activities carried out for the same purpose or purposes.

When the processing has multiple purposes, consent should be given to all of them.

If the data subject’s consent is to be given following a request by electronic means, the request must be clear, concise and not unnecessarily disruptive to the use of the service for which it is provided.

Even Reuters seems to ignore the GDPR.

For a live version, please visit the website or below URL. In most cases, opt-outs are not even possible (remember opt-in should be the default) or are diverted to the 3rd party, which is a lack of responsibility.

https://l3.evidon.com/site/1237/5669/6?lang=en

Are pre-checked categories really worth the risk if implemented on purpose?

We have described the various ways of not complying with the GDPR, whereby the pre-checked categories seem to be the most common option for website owners.

If a Reuters.com, an authoritative website with the means and legal know-how to comply with the GDPR, then why are they not compliant, but do make an effort? Are they missing below possibilities or is it a lack of respect for her users?

Is it worth the risk if it’s on purpose or are they not that informed as we like to believe? Pre-checked categories are not necessary to serve ads, to gather statistics, to be compliant and commercially viable as well. Be compliant, respect your users and optimize your website at the same time. They all benefit your website visitors.

Complying to GDPR and optimizing your website at the same time

Like we said earlier, GDPR will have great impact years to come. But there are possibilities to consider to comply with this regulation and come out on top.

A shortlist of positive impacts for your website.
– Blocking third parties will optimize your website, not loading unnecessary javascript and iFrames before consent and improve user experience.
– You can show non-personalized/personalized ads based on consent. Respect your users’ wished.
– Show your effort to your users by taking personal data seriously.
– Gather statistics by configuring your analytics tool for GDPR, no consent needed.
– Don’t complicate your banner, keep it simple.
– Segment your visitors based on consent. They are far more valuable.

Have any ideas about how GDPR can improve your website and/or business? Let us know!

Not convinced?

You can download the Free AutoCheck add-on for Complianz. This will check your categories by default. As stated before, this is not compliant and will not give you a 100% completion on our Complianz Dashboard. Please use at your own risk.
Warning

Related articles

2 Responses

  1. But why don’t you leave that decision to the plugin user? I would like to separate beween 3 cookie categories: functional, statistical and marketing cookies, having both functional and statistical already checked, and “marketing” unchecked.

    Borlabs goes that way (and has even “marketing” pre-checked).

    Explanation: before the user does not click anything, there is no tracking (according to the new interpretation of the GPDR). It needs one click on “accept this setting” to either start tracking or there is no tracking at all so far. But as the hopefully annoying popup shows up on every page, the user will then finally click either “accept …” (and maybe has another setting done using the checkboxes) or the user clicks on “dismiss (everything beyond functional stuff)”. The (new interpretation of the) GDPR is not violated, as far as I can see.

Leave a Reply

Your email address will not be published.

Subscribe