Skip to content
Platform|Embed
ContactAboutNewsReviewsBook a demo
Support
Custom templatesCreate templates in DocueReady-made legal templates150+ lawyer-made UK templatesElectronic signatureEffortless signing in secondsDocue DriveSecure, intelligent contract managementEmbedded Legal EngineEmbed templates into your own softwareEmbedded Sign EngineEmbed signing into your own software
Legal Templates
HubSpotSalesforcePipedriveOther systems
Pricing
SearchLog inBook a demo
PlatformEmbed
HomeLegal TemplatesPricingContactAboutNewsReviews
Book a demo

Already have an account? Sign in

  1. Legal Hub
  2. Cookie consent - best practices and top tips
0 % read

Cookie consent - best practices and top tips

Guide•Last updated 15 Oct 2024
Discover the best practices and top tips for implementing effective cookie consent on your website. Learn how to maintain user experience, while ensuring compliance with UK privacy laws.

Do I need to get cookie consent?

UK data protection and cookie laws require that users or subscribers consent to cookies being placed or used on their devices. Without cookie consent, the cookie use will not be compliant with cookie laws.

There is an exception to this in relation to “strictly necessary cookies”. Find out more about strictly necessary cookies via this guide.

What is consent?

The consent requirements that apply to cookie use are set out in the UK GDPR. Article 4(11) of the UK GDPR and states: ‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

For cookie consent to be valid, it must be:

  • Freely given - this means that website visitors should have the ability to enable or disable non-essential cookies, and this should be made this easy to do;

  • Specific - generic consent to the use of all cookie types will not be specific enough; and

  • Informed - website visitors must fully understand that their actions will result in specific cookies being set, and have taken a clear and deliberate action to give consent.

ICO guidance states that cookie consent must involve some form of unambiguous positive action – for example, ticking a box or clicking a link – and the person must fully understand that they are giving the consent. It goes on to say that “you cannot show consent if you only provide information about cookies as part of a privacy policy that is hard to find, difficult to understand, or rarely read. Similarly, you cannot set non-essential cookies on your website’s homepage before the user has consented to them”.

How do I get consent from individuals to use cookies?

You need to ensure that you have a consent mechanism in place for obtaining cookie consent that meets the minimum requirements set out above. To achieve this in practice, website owners must obtain consent by giving the user specific separate information about what they are being asked to agree to and providing them with a way to accept by means of a positive action to opt-in.

Websites often use a consent manager to enable website visitors to consent (or not consent) to different cookie types. A consent manager should allow website visitors to provide granular consent - this means that the visitor can choose which cookies to accept and consent to some, but not all, cookies if they wish. Website visitors should have the ability to customise their cookie consent settings and not be forced to consent to cookies e.g. by using pre-selected boxes that are set to “Accept”. Recital 32 of the UK GDPR also specifically bans pre-ticked boxes – silence or inactivity does not constitute consent.

Cookie consent must be separate from other matters and cannot be bundled with the acceptance of other terms and conditions - if it is bundled with consent to other terms and conditions it will not be compliant.

Withdrawing cookie consent

For consent to be valid, website visitors must have the ability to easily withdraw that cookie consent at any time. It is therefore important to ensure that the consent mechanism in place has the technical capability to allow users to withdraw their consent with the same ease that they gave it, otherwise it will not be compliant with the UK GDPR’s consent requirements.

Website owners must also provide information about how cookie consent can be withdrawn, and how cookies that have already been set can be removed, for example in the website consent mechanism or within a privacy or cookie notice. The consequences of withdrawing that cookie consent could be made clear to website visitors, for example, by explaining the impact on the functionality of the website if certain cookies are not used.

Sign up now to use Docue’s cookie notice and other privacy templates.

Author
Docue's Legal Team

Tags: cookie consent, gdpr cookie consent, consent manager


Related articles

Checklist•Updated 15 Oct 2024
Checklist for drafting a cookie notice that complies with UK cookie law
Guide•Updated 15 Oct 2024
Cookie notice vs privacy policy: key differences explained

Related legal templates

Cookie NoticePrivacy Notice (Website)Data Protection PolicyWebsite Terms of Use

About Docue

Docue gives you access to 150+ automated legal templates for all important business situations. Templates are maintained by experienced UK lawyers to stay up-to-date with English and Welsh legislation.

Features

  • Custom templates
  • Ready-made legal templates
  • Electronic signature
  • Contract management

Service

  • Pricing
  • Reviews
  • Integrations
  • Legal Hub
  • Support

Company

  • About
  • Contact
  • News
  • Solutions
  • Reviews

Other

  • Log in
  • Data Security
  • Privacy Policy
  • Terms of Use
  • Data Processing Agreement

Support site

Instructions for using the service and answers to frequently asked questions: help.docue.com/en

Customer Service

For business customers: support@docue.com

4.5
(143)
Google LogoReviews on Google
ISO logo

ISO/IEC 27001 certified

© 2026 Docue

•
  • Facebook
  • Instagram
  • Twitter
  • LinkedIn
  • Youtube
Choose country