Your cookie banner is illegal. AEPD compliance for 2026
Forbidden Practices
- β Pre-checked boxes
- β Cookie Walls (without alternative)
- β "Reject" button less visible
Mandatory Requirements
- β Visual Symmetry (Accept/Reject)
- β Granular Consent
- β Permanent access to settings
1. The Visual Symmetry Rule
This is the most critical change. It is no longer valid to place a giant green βACCEPT ALLβ button and a tiny text link to βrejectβ.
The AEPD requires that the action of rejecting cookies be at the same level and with the same ease as the action of accepting them. The user should not have to make more clicks to say βnoβ than to say βyesβ.
2. Google Consent Mode v2: The Technical Challenge
Google has updated its APIs to respect these decisions without losing all analytics data.
ad_storage='denied'
Google Ads will not read or write advertising cookies. No remarketing.
analytics_storage='denied'
GA4 will work in "ping" mode without cookies. You lose session ID, but keep event counts.
Implementation (Before loading GTM)
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
// 1. Set default state: ALL DENIED
gtag('consent', 'default', {
'ad_storage': 'denied',
'ad_user_data': 'denied',
'ad_personalization': 'denied',
'analytics_storage': 'denied'
});
// 2. Load GTM/GA4
// ...Only when the user clicks βAcceptβ, you trigger the update:
gtag('consent', 'update', {
'ad_storage': 'granted',
'analytics_storage': 'granted'
// ...
});3. Accessibility: The Forgotten WCAG 2.1
Your banner must be accessible by keyboard and screen readers.
- Visible Focus: When tabbing, you must see where you are.
- Color Contrast: Gray text on black background must have a 4.5:1 ratio.
- Semantics: Use
<button>, not<div onclick="...">.
4. Dark Patterns Audit
If your banner does this, change it now:
π΅βπ« Confusing Wording
"Accept to improve your experience" (Doesn't explain what you accept).
π Obstruction
"Reject" takes you to a new page where you have to uncheck 50 boxes one by one.
π» Visual Interference
Transparent banner background making legal text illegible.
5. Frequently Asked Questions (FAQ)
Can I use "Legitimate Interest" for cookies?
For advertising and analytics, NO. TCF v2.2 has eliminated legitimate interest for these purposes. Requires explicit consent.
If I use only technical cookies, do I need a banner?
You don't need consent (accept/reject banner), but you do need to inform (accessible cookie policy).
Does your banner scare users away?
We design ethical solutions that comply with the law and maximize acceptance rates.
Check My ComplianceFor complete ethical data management, discover how to implement Global Privacy Control (GPC) and secure your technical assets under GDPR Technical Security.