Practise vocabulary for GDPR-compliant cookie banners, consent management platforms, dark patterns, and ePrivacy.
0 / 5 completed
1 / 5
Why is the phrase 'By continuing to use this site, you agree to cookies' not valid GDPR consent?
GDPR Article 7 and Recital 32: consent requires 'a clear affirmative act' — pre-ticked boxes, scrolling, or continued browsing do not constitute valid consent. The user must actively do something to indicate agreement, such as clicking a clearly labelled 'Accept' button.
2 / 5
A 'dark pattern' in cookie consent refers to:
Regulators have issued significant fines for cookie dark patterns. Examples: 'Accept All' one click, 'Manage Preferences' hidden behind multiple menus; 'I agree' vs 'I don't want to use the full service'; nudge techniques using colour to make reject less prominent.
3 / 5
A Consent Management Platform (CMP) in the IAB TCF (Transparency and Consent Framework) manages:
IAB TCF CMPs create a binary consent string (TC string) passed to ad tech vendors through the browser. The string encodes: which legal bases apply, which purposes are consented to, and which vendors are permitted. Hundreds of ad tech vendors rely on TC strings.
4 / 5
Under ePrivacy Directive rules, which cookies do NOT require user consent?
The cookie consent exemption applies to cookies that are strictly necessary for the provision of the explicitly requested service. Analytics, advertising, personalisation, and social media cookies all require consent — even if first-party and even if they don't identify individuals.
5 / 5
Legitimate interest as a legal basis cannot be used for cookie-based advertising because:
Lex specialis: ePrivacy Directive Article 5(3) requires prior informed consent for non-essential cookie storage/access, regardless of which GDPR legal basis the downstream processing uses. Court of Justice and regulators have confirmed this — legitimate interest cannot substitute for cookie consent.