Article 7 of the GDPR states additional requirements that apply to the consent. These are:
- Consent requests must be accessible and in clear and plain language.
- Consent requests cannot be ‘bundled’ for instance, into the term and conditions.
- Users should be able to withdraw their consent to non-essential cookies at any time.
- Consent is demonstrable, it can be evidenced.