The cookie banner/consent form is not GDPR compliant

[fungiboletus]

Hei,

This is one of my pet peeves, but your cookie banner/privacy policy content form is not GDPR compliant.

NATS uses cookies to ensure you get the best experience on our website. Continuing to use this site assumes compliance with our Privacy Policy. Got it!

Here I'm citing the GDPR law text:

Consent should be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the data subject's agreement to the processing of personal data relating to him or her, such as by a written statement, including by electronic means, or an oral statement. This could include ticking a box when visiting an internet website, choosing technical settings for information society services or another statement or conduct which clearly indicates in this context the data subject's acceptance of the proposed processing of his or her personal data. Silence, pre-ticked boxes or inactivity should not therefore constitute consent. Consent should cover all processing activities carried out for the same purpose or purposes. When the processing has multiple purposes, consent should be given for all of them. If the data subject's consent is to be given following a request by electronic means, the request must be clear, concise and not unnecessarily disruptive to the use of the service for which it is provided.

The "Silence, pre-ticked boxes or inactivity should not therefore constitute consent." is important. It should be also possible to refuse.

If you plan to respect the GDPR law, you may want to fix your consent form. If you don't plan to, you could remove it because it's not valid.

Have a nice day.