What does the General Data Protection Regulation says about users consent? How it must be given?
It must be taken into account that not every installation of cookies or similar technologies requires the consent of the user. With the exception of these “necessary” cookies, the consent of the interested party must be obtained in all cases.
In this respect, consent must be obtained expressly by clicking on the section “I accept” “I consent” or other similar terms, but this requirement may also be deemed to have been met by other means, such as by inferring it from an unambiguous conduct on the part of the user. Provided that the user has been given clear and precise information about the purposes and aims of the cookies and who will process the data obtained from them.
The first requirement for consent is that it be given freely and in an informed manner.
The manner in which consent is given may be varied. Of course, obtaining consent from the user by clicking on “I agree” will be much easier to demonstrate than obtaining consent through user behaviour.
When proving the adequacy of the consent obtained, you will have to pay attention to the way and the information that was given. That is, the clarity and accessibility of the information, as well as its quality.
Consent cannot be considered to have been obtained by inactive user behaviour. It must be the result of active behaviour.
The user must be informed in advance and clearly what action entails an acceptance of cookies (e.g., continue browsing).
It is worth noting that the action carried out by the user to access the second layer of information, if the layer system is chosen, or the navigation that the user has to carry out to access the relevant information will in no case be considered as acceptance of the cookies.
Another issue that deserves consideration and that many information society service providers seem to be unaware of is that the user must be able to oppose cookies.