At first, according to the Office, it is important to distinguish whether personal data is processed via "technical cookies" or "non-technical cookies". If the website only uses technical cookies that are necessary for its own operation, there is no need to use a cookie bar, however, the website users have to be informed of this fact (including a recommended list of cookies used and their purpose). If there is related processing of personal data, such information must also comply with the requirements of the GDPR.
Consent with use of non-technical cookies / cookie bar
A cookie bar is required for all other non-technical cookies. The cookie bar must meet certain requirements to ensure that the visitor to the website is not influenced in its choice of whether to give or not to give a consent. The buttons to agree or disagree with non-technical cookies should therefore be placed in the same layer of the cookie bar, ideally in the first layer. At the same time, the buttons should also be of comparable visual design, i.e. they should not be of a different colour or size.
While it is always necessary to obtain the user's consent before using non-technical cookies, it is not excluded that the related processing of personal data may be based on other grounds, such as the legitimate interests of the controller (typically in case of analytical and statistical cookies). However, if such processing should be based on consent, it is necessary that the consent obtained through the cookie bar meets the GDPR requirements for specific, free, informed and unambiguous consent.
Recommended period of validity of the consent
For more information, please contact: