The Privacy Suite for WordPress

Are pre-checked checkboxes allowed?

Get compliant today in the European Union, United States, Canada, United Kingdom, Australia, Brazil & South Africa with the only Privacy Suite for WordPress that offers a fully-featured plugin for Worldwide Compliance.

Sometimes we’ll get the question:

“Is there an option to have the categories on the cookie banner pre-checked?”.

The short answer is no, but it is more nuanced. And well…it is possible…

We understand this question for multiple reasons. First, pre-checked categories are everywhere and if it’s everywhere, you might think this is a valid way to comply with GDPR. Second, pre-checked categories are more interesting from a commercial point of view (at least at first glance) over unchecked categories.

Pre-checked checkboxes, why not and why would you?

Considering pre-checked categories will ask the user to opt-out, instead of opt-in, it contradicts the GDPR statement:

Recital (32): GDPR

Consent should be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the data subject’s agreement to the processing of relating to him or her, such as by a written statement, including by electronic means, or an oral statement.

This could include ticking a box when visiting an internet website, choosing technical settings for information society services or another statement or conduct which clearly indicates in this context the data subject’s acceptance of the proposed processing of his or her personal data.

Silence, pre-ticked boxes or inactivity should not, therefore, constitute consent.

Consent should cover all processing activities carried out for the same purpose or purposes.

When the processing has multiple purposes, consent should be given to all of them.

If the data subject’s consent is to be given following a request by electronic means, the request must be clear, concise and not unnecessarily disruptive to the use of the service for which it is provided.

Even Reuters seems to ignore the GDPR.

For a live version, please visit the website or below URL. In most cases, opt-outs are not even possible (remember opt-in should be the default) or are diverted to the 3rd party, which is a lack of responsibility.

Are pre-checked categories really worth the risk if implemented on purpose?

We have described the various ways of not complying with the GDPR, whereby the pre-checked categories seem to be the most common option for website owners.

If a, an authoritative website with the means and legal know-how to comply with the GDPR, then why are they not compliant, but do make an effort? Are they missing below possibilities or is it a lack of respect for her users?

Is it worth the risk if it’s on purpose or are they not that informed as we like to believe? Pre-checked categories are not necessary to serve ads, to gather statistics, to be compliant and commercially viable as well. Be compliant, respect your users and optimize your website at the same time. They all benefit your website visitors.

Complying to GDPR and optimizing your website at the same time

Like we said earlier, GDPR will have great impact years to come. But there are possibilities to consider to comply with this regulation and come out on top.

A shortlist of positive impacts for your website.
– Blocking third parties will optimize your website, not loading unnecessary javascript and iFrames before consent and improve user experience.
– You can show non-personalized/personalized ads based on consent. Respect your users’ wished.
– Show your effort to your users by taking personal data seriously.
– Gather statistics by configuring your analytics tool for GDPR, no consent needed.
– Don’t complicate your banner, keep it simple.
– Segment your visitors based on consent. They are far more valuable.

Have any ideas about how GDPR can improve your website and/or business? Let us know!

Not convinced?

You can download the Free AutoCheck add-on for Complianz. This will check your categories by default. As stated before, this is not compliant and will not give you a 100% completion on our Complianz Dashboard. Please use at your own risk.

Recent articles

The Privacy Suite for WordPress
Get compliant today with the only Privacy Suite made for WordPress


Popular articles

TTDSG, the New Cookie Law for Germany

As of December 1st, 2021 the Telecommunications-Telemedia Data Protection Act (Telekommunikation-Telemedien-Datenschutz-Gesetz) regulates the handling of cookies, local storage, cookieless tracking,  and other tracking technologies in

Read More

Cookieless Tracking and GDPR

In this article, we will have a closer look at cookieless and server-side tracking and how this affects your website’s configuration regarding privacy laws. The

Read More

Join our mailing list - 8 Tips & Tricks in your inbox over the next 8 weeks!