Here you will learn everything you need to know about our cookie management solution:
⚙️ Take a look at this demo to see how the iubenda Privacy Controls and Cookie Solution works.
The ePrivacy Directive 2002/58/EC (or Cookie Law) was established to put guidelines in place for the protection of electronic privacy, including email marketing and cookie usage, and it still applies today.
💡The Cookie Law actually applies not only to cookies but more broadly speaking to any other type of technology that stores or accesses information on a user’s device (e.g. pixels tags, device fingerprinting, unique identifiers etc.). For simplicity, all such technologies, including cookies, are commonly defined as trackers. However, in this guide, the term cookie(s) and tracker(s) will be used interchangeably.
You can think of the ePrivacy Directive as currently “complementing” the GDPR in a sense, rather than being repealed by it.
Strictly speaking, if you use cookies you need to consider Cookie Law compliance before you look to the GDPR. That’s because the Cookie Law is what is called in legal jargon a “lex specialis” which means that it takes precedence over the GDPR.
Directives, generally speaking, set certain agreed-upon goals and guidelines in place with Member States being mandated to implement these directives into national legislation..
Regulations, on the other hand, are legally binding across all Member States from the moment they are put into effect and they are enforced according to union-wide established rules.
With that said, the ePrivacy Directive is, in fact, going to be repealed soon by the ePrivacy Regulation. The ePrivacy Regulation is expected to be finalized in the near future and will work alongside the GDPR to regulate the requirements for the use of cookies, electronic communications, and related data/privacy protection.
The Regulation is expected to maintain values similar to the Directive with much of the same guidelines applying.
The implementation of the Cookie Law depends on the legislation under which the site/app operates.
In general, the Cookie Law will apply to you if:
Under the Cookie law, organizations that target users from the EU must inform users about data collection activities and give them the option to choose whether it’s allowed or not.
This means that if your site/app (or any third-party service used by your site/app) uses cookies or similar technologies, you must first obtain valid consent prior to the installation of those cookies, except where they fall into the exempt category.
In practice, you’ll need to:
For further details on the Cookie Law, we invite you to read our documentation and the official statements from the country you might be affiliated with or targeting. Great guidance can be accessed through the Article 29 Working Party (which is a group comprised of various data protection regulators that aim to simplify Europe’s diversity):
Here are the links to each countries specific application of the ePrivacy directive:
The iubenda Privacy Controls and Cookie Solution allows you to manage all aspects of the Cookie Law, in particular:
You can collect consent via multiple mechanisms including continued browsing, scrolling, and/or specific clicking actions. Keep in mind though that allowed consenting actions may differ depending on the Member State law.
Below you will find all necessary steps to use iubenda to make sure you comply with the Cookie Law.
Click on Generate now under Dashboard > [Your website/app] > Privacy Controls and Cookie Solution:
This will take you directly to the configuration panel of your cookie banner/consent banner:
Once saved, you’ll get a similar code snippet:
<script type="text/javascript">
var _iub = _iub || [];
_iub.csConfiguration = {
"siteId": XXXXXX, // your siteId,
"cookiePolicyId": YYYYYY, // your cookiePolicyId,
"lang": "en"
};
</script>
<script type="text/javascript" src="https://cs.iubenda.com/autoblocking/3095420.js"></script>
<script type="text/javascript" src="///cdn.iubenda.com/cs/iubenda_cs.js" charset="UTF-8" async></script>
<script type="text/javascript">
var _iub = _iub || [];
_iub.csConfiguration = {
"lang": "en",
"siteId": XXXXXX, //use your siteId
"cookiePolicyId": YYYYYY, //use your cookiePolicyId
"banner": {
"position": "float-top-center",
"acceptButtonDisplay": true,
"customizeButtonDisplay": true
}
};
</script>
<script type="text/javascript" src="//cdn.iubenda.com/cs/iubenda_cs.js" charset="UTF-8" async></script>
Simply copy and paste it into the head
tag of your website’s HTML as the first element. Alternatively, you can use one of our plugins: currently we have plugins available for WordPress, Joomla!, PrestaShop and Magento.
Don’t use the code shown above, it’s just a sample code. Instead, use the code attached to your cookie policy, which you can obtain by following the steps listed above. For information on how to configure or customize the banner or to better understand how to access all of the available options, please read the documentation on the cookie banner/consent banner.
The remote configuration feature simplifies the implementation process by allowing most changes made in the Privacy Controls and Cookie Solution configurator to apply directly to your website without the need for re-embedding. However, some changes, such as using a custom CSS, the TCF tile, and US laws support, still require re-embedding the code. In any case, when saving your Privacy Controls and Cookie Solution configuration, you will be notified whether the changes will apply directly or if re-embedding the code is necessary.
Please note:
For new users, remote configuration is enabled by default. For legacy users (or users with an existing configuration), remote configuration is disabled by default. In both cases, you can manage and enable/disable this feature directly from the configurator.
The Privacy Controls and Cookie Solution also allows you to indicate whether or not you’d like to apply GDPR protections to the following:
Here’s an example: a US-based e-commerce site has different sections available to users in the US and in Europe. They want to apply GDPR protections (i.e. show the cookie banner/consent banner) to just their EU-based users.
This is possible by checking the Request consent to EU users only located in Privacy Controls and Cookie Solution > Edit > GDPR. Once you check this option (in code gdprAppliesGlobally:false
), you’ll be able to automatically detect the user country (in code countryDetection:true
).
Here’s the Privacy Controls and Cookie Solution snippet you’ll get:
<script type="text/javascript">
var _iub = _iub || [];
_iub.csConfiguration = {
"siteId": XXXXXX, // your siteId,
"cookiePolicyId": YYYYYY, // your cookiePolicyId,
"lang": "en"
"gdprAppliesGlobally": false,
"countryDetection": true,
};
</script>
<script type="text/javascript" src="https://cs.iubenda.com/autoblocking/3095420.js"></script>
<script type="text/javascript" src="///cdn.iubenda.com/cs/iubenda_cs.js" charset="UTF-8" async></script>
<script type="text/javascript">
var _iub = _iub || [];
_iub.csConfiguration = {
"lang": "en",
"siteId": XXXXXX, //use your siteId
"cookiePolicyId": YYYYYY, //use your cookiePolicyId
"gdprAppliesGlobally": false,
"countryDetection": true,
"banner": {
"position": "float-top-center",
"acceptButtonDisplay": true,
"customizeButtonDisplay": true
}
};
</script>
<script type="text/javascript" src="//cdn.iubenda.com/cs/iubenda_cs.js" charset="UTF-8" async></script>
If you choose to request consent to EU users only, but prefer to implement your own country detection system, you’ll have to set gdprApplies:false
on pages where consent is not required.
For more details about consent collection settings, see our advanced guide.
If you are EU-based, it is mandatory that you apply the protections to all users and not just users based in the EU.
According to the Data Protection Working Party, a European think tank and advisory body on data protection and privacy, few categories of cookies are exempt from the consent requirement. Therefore, all other codes that install or can install cookies must be preemptively blocked before consent is obtained.
For more information and a technical guide on how and when to block codes, see our introduction to the prior blocking of scripts and the guide on manual tagging.
In most cases, cookies may process personal data, and record-keeping requirements arising from the GDPR apply. Many Data Protection Authorities across the EU have therefore strengthened their requirements and aligned their rules on cookies and trackers with the requirements of the GDPR.
The Cookie and Consent Preference Log is now available in our Privacy Controls and Cookie Solution.
Simply integrate this feature with one click, and you can easily store and manage GDPR proofs of your users’ consent preferences.
To activate the Cookie and Consent Preference Log, simply upgrade to the 50,000 page views Privacy Controls and Cookie Solution plan or higher.
💡 Not sure if you need the Cookie and Consent Preference Log? Take this 1 minute quiz to find out
You don’t need to configure anything as, once activated, the feature is included by default whitin the Privacy Controls and Cookie Solution. Just click on Log under Dashboard > [Your website/app] > Privacy Controls and Cookie Solution:
In this section, you can view and manage the logs of cookie preferences collected:
*Cookie preference logs are built into every new plan. Even the free version..