ODO24 Logo
ODO24 Logo
ODO24 Logo
GDPR questions and answers

GDPR: QUESTIONS AND ANSWERS

Category:
Cookie Files

How long does cookie consent remain valid and when can consent be requested again after a previous refusal?

ANSWER

The validity period of consent for the use of cookies, as well as the time that must pass before requesting consent again following a previous refusal, should be determined by the controller, taking into account the purpose for which personal data is processed and the expectations of the data subjects.

At the same time, displaying the cookie consent request again should not disrupt the user's activities while using the website, regardless of whether the user previously granted or refused consent.

The Czech supervisory authority indicates that, as a general rule, a period of 12 months can be considered a reasonable period during which consent for the use of cookies remains valid.

If a user has refused to provide consent, the consent request should not be presented again for at least 6 months from the date of the previous request.

This period may be shorter if:

  • one or more processing circumstances have changed significantly;
  • the controller is unable to determine the status of the previous consent or refusal (for example, if the user has deleted the cookies stored on their device).

A significant change in processing circumstances may include new processing purposes or another change where it can reasonably be assumed that a user who previously refused consent may change their decision (for example, a significant reduction in the number of controllers and processors involved, or a change of the analytics cookie provider resulting in personal data no longer being transferred outside the EU).

Consent for the processing of personal data through cookies is granted for a specific purpose and in relation to specific entities (controllers). For this reason, a change relating to individual cookies cannot be considered a material change in the processing itself.

It should be noted, however, that in the event of a significant change in the processing circumstances affecting users who previously consented to the processing of their personal data, it will be necessary to ask those users to provide new consent for processing under the changed circumstances.

It is also worth referring to the recommendations of the French supervisory authority.

According to CNIL, as a general rule, it is necessary to remember the choices made by the user, regardless of whether the choice was consent or refusal. This ensures that the user is not forced to repeatedly answer the same question.

For this reason, CNIL recommends storing the choice expressed by the user so that the question is not repeated for a certain period of time.

The retention period for the stored information about the user's choice should be assessed individually, taking into account the nature of the website or application and the characteristics of its users.

As a general rule, retaining information about the user's choice for a period of 6 months is considered good practice.

Show all
PreviousNext

Read also:

07 June 2026

Przygotuj się na atak phishingowy, nim będzie za późno

07 June 2026

TikTok a RODO w sektorze publicznym – czego urzędy mogą dowiedzieć się z niemieckich zaleceń dla instytucji

02 June 2026

Czy do spełnienia wymogów ustawy o krajowym systemie cyberbezpieczeństwa (KSC / NIS2) potrzebne jest Security Operations Center (SOC)?

Kalkulator analizy ryzyka

Sprawdź, jaki poziom ryzyka wiąże się z przetwarzaniem danych przez wybrany zasób

Receive a free package of 4 tutorials and 4 e-learning trainings
The controller of your data is ODO 24 sp. z o. o.
How long is cookie consent valid – when to ask again? | ODO 24 | ODO 24