Best practice under UK GDPR and PECR is that: • Consent for non-essential cookies must be freely given, specific, informed and
unambiguous—no implied consent or pre-ticked boxes.
• The banner should clearly explain what cookies are used, for what purposes, and link
to a detailed cookie/privacy policy.
• Users should have granular control, for example separate toggles for performance,
functional and targeting cookies.
• It should be as easy to withdraw consent as to give it, typically via a persistent
“Cookie Settings” or similar link.
• The business should keep records of consent (who, what, when, how) for
accountability.
Tags: PECR, UK GDPR, granular consent, no implied consent, records of consent