Articles on: Settings

Explicit & Implied Consent

Users must be given a choice regarding how their data is tracked. This article explains the two main approaches to cookie consent, implied and explicit, and how they relate to privacy compliance.


Introduction


Cookies are used by almost every website to store information about visitors. These small files, often encrypted, live in browser directories and help site owners run essential functions, improve user experience, and gather analytics.


Depending on their source, cookies can be:



If your website uses cookies, you are required by privacy laws to have a cookie policy in place, alongside a general privacy policy.


Your cookie policy should:


  • Explain the purpose of each cookie.
  • State what data is collected and how it is used.
  • Disclose cookie duration (how long they remain stored).
  • Be kept up to date with evolving regulations like GDPR or CCPA.


Most importantly, users must be able to decide whether or not their data should be collected. This is where cookie consent modes come into play.



There are different ways of collecting consent, each with varying levels of strictness.


The two most common are:


  • Implied cookie consent
  • Explicit cookie consent



In this mode, users don’t need to explicitly click a button to provide consent. Instead, consent is assumed when they continue browsing the site — for example, by clicking a link, scrolling, or navigating to another page.


Key characteristics:


  • Consent is assumed by user behavior, not an explicit action.
  • Often called “the soft way” of consent.
  • Not recommended when using strict banner modes (e.g., Accept Only, Accept/Decline, or Preferences with strict settings) because any action counts as acceptance.



In this mode, consent is only recorded when the user explicitly interacts with the cookie banner. The banner remains visible until the user clicks an action button (e.g., Accept, Decline, or Preferences).


Key characteristics:


  • Consent requires a clear, affirmative action.
  • Default requirement under GDPR.
  • Often called “the hard way” of consent.
  • Provides stronger compliance and greater transparency.



Aspect

Implied Consent

Explicit Consent

Definition

Consent is assumed if users continue browsing (scroll, click, navigate).

Consent is given only when users click a banner button.

User Action Required

None (behavior counts as consent).

Yes (explicit choice required).

Compliance Level

Weaker, may not meet strict GDPR standards.

Strong, GDPR default requirement.

User Experience

Seamless, less disruptive.

More interruptive but transparent.

Risk

Higher legal and compliance risk.

Lower risk, higher legal protection.

Best For

Regions with looser privacy laws, or low-risk websites.

GDPR-regulated regions and sites handling sensitive data.


Video tutorial


Updated on: 29/09/2025

Was this article helpful?

Share your feedback

Cancel

Thank you!