Related to cookies:
- Users must be made aware of what their data will be used for and that they must give informed consent before their data can be stored.
- Users have to be told exactly why they need to accept cookies and what (if any) benefit they will gain from doing so. They should be aware of the cookies being used, their true purposes, and how they can manage them.
The crux, however, is the consent requirements. Like the Directive, GDPR considers freely given, informed, specific and unambiguous consent valid. It should also be withdrawable and provable.
cookie consent banner meets all the requirements of GDPR and includes a cookie icon for revoking consent
Opt-in and opt-out:
- The GDPR rules are very clear that users need to be able to opt in and out of any use of their data. Furthermore, the users need to be able to do this easily, especially opt out.
Opt-out for email communications from Flipboard
- To process sensitive personal data, you must get explicit consent from your users via opt-in methods.
Opt-in for email communications from Beats
Article 4 of the GDPR defines consent as
“‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her”
- That is, GDPR treats opt-in consent as valid only when it is freely given, informed, specific and unambiguous.
Reference:
https://www.cookielawinfo.com/gdpr-cookie-consent/