Skip to content

The Legalities of ‘Reject All Cookies’ Options: What Your Business Should Know

Table of Contents

In Short

  • Non-essential cookies, such as those for analytics or advertising, require prior, valid consent under PECR rules.
  • Cookie banners must allow users to easily accept, reject, or manage cookies and ensure non-essential cookies remain inactive until consent is given.
  • Conduct cookie audits, provide clear cookie policies, and ensure banners meet legal standards to avoid regulatory fines and reputational risks.

Tips for Businesses

Ensure your cookie banner includes an equally prominent ‘reject all’ button alongside the ‘accept’ option. Regularly audit your website to classify cookies as essential or non-essential, and update your cookie policy to keep users informed. For complex compliance needs, consider seeking legal advice to ensure you meet PECR and UK GDPR standards.

Cookies are often a key tool for businesses operating in a digital space. However, their use is tightly regulated by legislation known as the Privacy and Electronic Communications Regulations (PECR) and the UK GDPR, where cookies may reveal personal data. A key requirement for businesses is to obtain valid consent for non-essential cookies. As such, companies often use ‘cookie banners’ with options to ‘reject all’ cookies – and you may wonder why this is the case. This article explores the legal framework for consent for cookies and some practical examples of how your business should obtain valid consent. 

When visiting a website, cookies are small text files that store information on a user’s device, such as a computer, tablet, or phone. They serve various purposes, from enabling websites to function efficiently to collecting useful data, such as user preferences, browsing history, or shopping cart items. 

Businesses often use different types of cookies, including essential and non-essential cookies. Essential cookies are necessary for a website to function correctly and do not require user consent. However, for non-essential cookies (such as those used for analytics and advertising), your business must obtain prior consent under PECR.

Consent must be freely given, specific, informed, and unambiguous and involve an explicit affirmative action by the user. Pre-ticked boxes, inactivity, or continued browsing are not valid consent. 

Your business must also provide clear and accessible information about cookies, including their purpose, the types of data they collect, their duration, and whether any third parties are involved. 

To comply with PECR, your business can use a cookie banner to obtain valid consent before placing non-essential cookies on users’ devices. A compliant cookie banner should provide clear, plain-language information about cookies and must appear when users first land on the website. A website should not use non-essential cookies absent valid user consent.

Your business must ensure that users can clearly see the options to accept, reject, or manage cookies – this is where a cookie banner can mention ‘reject all’ cookies so the user has an easy way to make their choice. Your banner must also allow users to manage their preferences and withdraw consent easily at any time.

Front page of publication
GDPR Essentials Factsheet

This factsheet sets out how your business can become GDPR compliant.

Download Now
Continue reading this article below the form
Need legal advice?
Call 0808 196 8584 for urgent assistance.
Otherwise, complete this form and we will contact you within one business day.

Which Risks Should Your Business Be Wary Of?

Many businesses may inadvertently breach PECR by failing to meet the legal requirements for cookies. 

Common pitfalls include deploying non-essential cookies before obtaining valid consent, relying on implied consent such as continued browsing (which is invalid), and failing to publish a clear and up-to-date cookie policy.

Your business should ensure it fully complies with PECR rules to avoid these risks. This can help your company avoid enforcement action, fines of up to £500,000 under PECR, and reputational damage.

Your business should take a proactive approach to ensure cookie compliance, and the following steps can help you:

  • conduct a full cookie audit to identify all cookies in use and determine whether they are essential or non-essential;
  • use a prominent cookie banner to ensure users can easily reject all non-essential cookies, manage their preferences, and withdraw consent;
  • ensure non-essential cookies remain inactive until users provide valid, explicit consent; and 
  • publish a clear and detailed cookie policy, providing users with transparent information about cookie purposes, duration, and any third parties involved.

Preparing a compliant cookie policy and banner can be challenging, and many businesses may find it tricky to navigate the complex PECR rules in practice. 

Given the complexity of PECR and UK GDPR compliance, businesses should consider working with a data protection lawyer and technical experts to ensure all processes are compliant. A lawyer can help draft compliant cookie policies, and technical teams can help you identify which cookies your business uses and implement effective consent management tools.

Key Takeaways

Using cookies creates mandatory legal responsibilities for businesses. PECR requires businesses to obtain valid, active consent before deploying non-essential cookies. Consent must be freely given, specific, informed, and unambiguous, involving a clear affirmative action. Implied consent, pre-ticked boxes, or continued browsing will not meet the legal standard. 

You can use a cookie banner to provide users with clear options to accept, reject, or manage cookies, ensuring that non-essential cookies do not activate until consent is given. Including a ‘reject all’ button that is as prominent can help you give your users clear choices. Breaching PECR cookie law rules carries various risks, so your business should seek legal advice if you need clarification on your legal obligations. 

If you need help understanding cookie law rules, our experienced data, privacy, and IT lawyers can assist you as part of our LegalVision membership. For a low monthly fee, you will have unlimited access to lawyers to answer your questions and draft and review your documents. Call us today on 0808 196 8584 or visit our membership page

Frequently Asked Questions

What is the PECR?

These are the Privacy and Electronic Communications Regulations, which, among other matters, regulate how businesses use cookies and similar technologies on users’ devices.

What is a cookie banner?

A cookie banner notifies users of cookie usage on a website. Your business can use a banner to provide transparent cookie information and request user consent. 

Register for our free webinars

GDPR Compliance Essentials for SMEs

Online
Ensure our business is compliant with GDPR and build trust with customers. Register for our free webinar.
Register Now

Preparing Your Business For Success in 2025

Online
Ensure your business gets off to a successful start in 2025. Register for our free webinar.
Register Now

2025 Employment Law Changes: What Businesses Should Know

Online
Ensure your business stays ahead of 2025 employment law changes. Register for our free webinar today.
Register Now
See more webinars >
Sej Lamba

Sej Lamba

Sej is an Expert Legal Contributor at LegalVision. She is an experienced legal content writer who enjoys writing legal guides, blogs, and know-how tools for businesses. She studied History at University College London and then developed a passion for law, which inspired her to become a qualified lawyer.

Qualifications: Legal Practice Course, Kaplan Law School; Graduate Diploma in Law, Kaplan Law School; BA, History, University College.

Read all articles by Sej

About LegalVision

LegalVision is an innovative commercial law firm that provides businesses with affordable, unlimited and ongoing legal assistance through our membership. We operate in Australia, the United Kingdom and New Zealand.

Learn more

We’re an award-winning law firm

  • Award

    2024 Law Company of the Year Finalist - The Lawyer Awards

  • Award

    2024 Law Firm of the Year Finalist - Modern Law Private Client Awards

  • Award

    2023 Economic Innovator of the Year Finalist - The Spectator

  • Award

    2023 Law Company of the Year Finalist - The Lawyer Awards

  • Award

    2023 Future of Legal Services Innovation - Legal Innovation Awards