Are pre-checked checkboxes allowed?

Sometimes we’ll get the question:

“Is there an option to have the categories on the cookie banner pre-checked?”.

The short answer is no, but it is more nuanced. And well…it is possible…

We understand this question for multiple reasons. First, pre-checked categories are everywhere and if it’s everywhere, you might think this is a valid way to comply with GDPR. Second, pre-checked categories are more interesting from a commercial point of view (at least at first glance) over unchecked categories.

Pre-checked checkboxes, why not and why would you?

Considering pre-checked categories will ask the user to opt-out, instead of opt-in, it contradicts the GDPR statement:

Recital (32): GDPR

Consent should be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the data subject’s agreement to the processing of personal data relating to him or her, such as by a written statement, including by electronic means, or an oral statement.

This could include ticking a box when visiting an internet website, choosing technical settings for information society services or another statement or conduct which clearly indicates in this context the data subject’s acceptance of the proposed processing of his or her personal data.

Silence, pre-ticked boxes or inactivity should not, therefore, constitute consent.

Consent should cover all processing activities carried out for the same purpose or purposes.

When the processing has multiple purposes, consent should be given to all of them.

If the data subject’s consent is to be given following a request by electronic means, the request must be clear, concise and not unnecessarily disruptive to the use of the service for which it is provided.

Even Reuters seems to ignore the GDPR.

For a live version, please visit the website or below URL. In most cases, opt-outs are not even possible (remember opt-in should be the default) or are diverted to the 3rd party, which is a lack of responsibility.

https://l3.evidon.com/site/1237/5669/6?lang=en

Are pre-checked categories really worth the risk if implemented on purpose?

We have described the various ways of not complying with the GDPR, whereby the pre-checked categories seem to be the most common option for website owners.

If a Reuters.com, an authoritative website with the means and legal know-how to comply with the GDPR, then why are they not compliant, but do make an effort? Are they missing below possibilities or is it a lack of respect for her users?

Is it worth the risk if it’s on purpose or are they not that informed as we like to believe? Pre-checked categories are not necessary to serve ads, to gather statistics, to be compliant and commercially viable as well. Be compliant, respect your users and optimize your website at the same time. They all benefit your website visitors.

Complying to GDPR and optimizing your website at the same time

Like we said earlier, GDPR will have great impact years to come. But there are possibilities to consider to comply with this regulation and come out on top.

A shortlist of positive impacts for your website.
– Blocking third parties will optimize your website, not loading unnecessary javascript and iFrames before consent and improve user experience.
– You can show non-personalized/personalized ads based on consent. Respect your users’ wished.
– Show your effort to your users by taking personal data seriously.
– Gather statistics by configuring your analytics tool for GDPR, no consent needed.
– Don’t complicate your banner, keep it simple.
– Segment your visitors based on consent. They are far more valuable.

Have any ideas about how GDPR can improve your website and/or business? Let us know!

Not convinced?

You can download the Free AutoCheck add-on for Complianz. This will check your categories by default. As stated before, this is not compliant and will not give you a 100% completion on our Complianz Dashboard. Please use at your own risk.
Warning

Join 1M+ users and install The Privacy Suite for WordPress locally, automated or fully customized, and access our awesome support if you need any help!

Complianz has received its Google CMP Certification to conform to requirements for publishers using Google advertising products.