What is cookie consent and why is it important?
Cookie consent is the permission a website asks from its visitors to store and use cookies to track their online activities.
Obtaining cookie consent is important because it:
- Ensures compliance with privacy regulations such as the General Data Protection Regulation (GDPR) in Europe and the California Consumer Privacy Act (CCPA) in the USA
- Protects user data and privacy
- Builds transparency and trust with your audience
Note: Websites with visitors from the EU or from California must follow stricter consent rules.
What types of cookies are there, and which ones require consent?
Cookies perform various functions on websites and are categorised by their purposes:
- Strictly necessary/essential cookies are essential for basic website operations, such as maintaining secure areas and retaining shopping cart contents. These cookies don't require consent but their functions should be explained to users.
- Preferences/functional cookies help websites remember user choices like language preferences and login information for an improved browsing experience.
- Statistics/analytics cookies, also known as performance cookies, gather anonymised data for analytics. These require user consent.
- Marketing/tracking cookies track users' online activities to deliver targeted advertisements and limit ad repetition. Marketing/tracking cookies usually involve third-party services and require user consent.
For more information on cookie classifications and the law around cookie consent, see Cookies, the GDPR, and the ePrivacy Directive - GDPR.eu.
How does GDPR impact cookie consent?
The GDPR establishes a higher standard for consent than the previous ePrivacy Directive.
Consent must be an explicit and informed action taken by the user. This means that implied consent, pre-ticked boxes, or messages like “By continuing to use this site, you accept cookies” are no longer valid. Users must have a genuine choice, and they must be able to refuse non-essential cookies without losing access to your website’s core functions.
How can I obtain GDPR-compliant consent?
To obtain GDPR-compliant cookie consent, you should:
- Display a clearly visible consent banner on the first visit.
- Obtain valid consent through an affirmative action (e.g., clicking 'accept') before dropping cookies.
- Offer unticked checkboxes for different purposes (except 'strictly necessary' cookies).
- Avoid cookie walls that deny access without consent.
- Provide clear information about data processing, the controller, and withdrawal rights.
- Allow easy consent withdrawal.
How are affiliate marketing cookies categorised?
In most cases, affiliate marketing cookies are categorised as 'Measurement' or 'Analytics' cookies and therefore require user consent before being set.
There is an exception for incentive-based publishers such as cashback or rewards sites. In these cases, affiliate cookies can be categorised as 'strictly necessary' because they are essential for the service to function.
How does Awin know if users give consent?
You can communicate consent status to Awin through the Awin Consent Signal Solutions or by using an IAB TCF-compatible solution.
For more information about Awin Consent Signals, see: Consent Solutions for Publishers.
Note: It's your responsibility to obtain cookie consent from users. Awin cannot offer any advice regarding consent banner contents or wording.
Awin's cookie policy is available here. You can also direct your visitors to Awin's Privacy Policy, specifically the section titled 'Awin Consumers' or end-users here.
