---
title: "EU ePrivacy cookie banner UX test cases"
canonical_url: "https://www.sorena.io/artifacts/eu/eprivacy-directive/banner-ux-test-cases"
source_url: "https://www.sorena.io/artifacts/eu/eprivacy-directive/banner-ux-test-cases"
author: "Sorena AI"
description: "source-linked cookie banner UX tests for Article 5(3) ePrivacy consent: reject all, pre-ticked boxes, withdrawal, cookie walls, analytics toggles, and consent evidence."
published_at: "2026-05-09"
updated_at: "2026-05-26"
keywords:
  - "EU ePrivacy Directive"
  - "cookie banner UX"
  - "Article 5(3)"
  - "reject all"
  - "pre-ticked boxes"
  - "cookie walls"
  - "analytics cookies"
  - "consent evidence"
  - "ePrivacy"
  - "cookie consent"
---
**[SORENA](https://www.sorena.io/)** - AI-Powered GRC Platform

[Home](https://www.sorena.io/) | [Solutions](https://www.sorena.io/solutions) | [Artifacts](https://www.sorena.io/artifacts) | [About Us](https://www.sorena.io/about-us) | [Contact](https://www.sorena.io/contact) | [Portal](https://app.sorena.io)

---

# EU ePrivacy cookie banner UX test cases

source-linked cookie banner UX tests for Article 5(3) ePrivacy consent: reject all, pre-ticked boxes, withdrawal, cookie walls, analytics toggles, and consent evidence.

*Test Cases* *EU*

## EU ePrivacy Directive Cookie banner UX test cases

Use these test cases to check whether a cookie banner lets users make, refuse, change, and prove Article 5(3) consent choices before non-essential storage or access occurs.

Built for privacy, product, analytics, marketing, engineering, and CMP owners who need concrete pass/fail checks rather than generic cookie-banner advice.

These EU ePrivacy banner UX test cases focus on storage of, or access to, information on a user's terminal equipment under Article 5(3). Each test states the user journey, the expected result, the evidence to keep, and what the test proves about consent quality.

## Test the Article 5(3) trigger before testing the banner

Start each test run by classifying the technologies loaded on the page. Article 5(3) is triggered when the service stores information on, or gains access to information already stored in, a user's terminal equipment unless a narrow technical or strictly necessary exemption applies.

Do not limit the inventory to browser cookies. EDPB technical-scope guidance covers storage and access patterns such as JavaScript-triggered network calls, tracking pixels, tracked URLs, local storage, application identifiers, and some IP-based or device-derived signals when they originate from terminal equipment.

- Pass: before any choice, only cookies or similar technologies classified as transmission-only or strictly necessary are set or read.
- Fail: analytics, advertising, social, A/B testing, personalization, affiliate, or tracking pixels fire before consent unless a documented exemption applies.
- Evidence: network logs, browser storage snapshots, tag-manager version, CMP configuration, cookie inventory, purpose classification, and the exemption rationale for every item allowed before consent.
- What this proves: the banner is not being used to ask for consent after the terminal-equipment access has already happened.

Sources for this answer:

- [Directive 2009/136/EC amendment to Article 5(3) ePrivacy Directive](https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX%3A02009L0136-20201221&ref=sorena.io) - Grounds the Article 5(3) test: consent is required for terminal-equipment storage or access unless the activity is transmission-only or strictly necessary for a user-requested service.
- [EDPB Guidelines 2/2023 on Article 5(3) ePrivacy Directive](https://www.edpb.europa.eu/system/files/2023-11/edpb_guidelines_202302_technical_scope_art_53_eprivacydirective_en.pdf?ref=sorena.io) - Supports testing cookies, JavaScript, tracking pixels, tracked URLs, local processing, identifiers, and other terminal-equipment access patterns, not only classic cookies.
- [WP29 Opinion 04/2012 on Cookie Consent Exemption](https://ec.europa.eu/justice/article-29/documentation/opinion-recommendation/files/2012/wp194_en.pdf?ref=sorena.io) - Supports separating strictly necessary cookies from consent-required cookies by purpose and by the service explicitly requested by the user.

## Reject-all and equal-choice first-layer test

Open the page in a clean browser profile and inspect the first banner layer. If the layer offers an accept-all action for non-essential cookies, the test should look for a comparably available refuse, reject, or continue-without-accepting action at the same decision point.

The EDPB Cookie Banner Taskforce treated missing reject options and designs that push users toward consent as core banner issues. The test should therefore evaluate placement, wording, contrast, keyboard focus order, and whether refusal keeps the user on the requested content without non-essential storage or access.

- Pass: the first layer presents accept and reject choices with clear wording, usable controls, and no misleading visual hierarchy that makes refusal hard to find or read.
- Fail: the first layer has Accept all plus Settings only, hides refusal in paragraph text, makes the reject text unreadable, or implies that the site cannot be used unless the user accepts.
- Evidence: screenshots at desktop and mobile widths, accessibility tree or tab-order capture, computed contrast for competing controls, CMP event logs, and a network trace showing non-essential tags remain blocked after rejection.
- What this proves: the user had a genuine refusal path before consent-required terminal-equipment access occurred.

Sources for this answer:

- [EDPB Cookie Banner Taskforce report](https://www.edpb.europa.eu/system/files/2023-01/edpb_20230118_report_cookie_banner_taskforce_en.pdf?ref=sorena.io) - Supports first-layer reject testing, pre-consent blocking, and review of misleading link, colour, and contrast patterns in cookie banners.
- [EDPB Guidelines 05/2020 on consent](https://www.edpb.europa.eu/sites/default/files/files/file1/edpb_guidelines_202005_consent_en.pdf?ref=sorena.io) - Supports the equal-choice test because valid consent requires real choice, control, and refusal without detriment.

## Pre-ticked boxes and granular purpose-toggle test

Click into the settings layer and inspect every purpose, vendor, and technology toggle. Consent-required purposes should start off by default; the user's active selection should be needed before those purposes are enabled.

The test should also check granularity. If analytics, advertising, personalization, social plug-ins, and A/B testing are bundled behind one switch, the evidence should explain whether each purpose is being accepted separately or whether a single toggle is forcing consent to unrelated purposes.

- Pass: consent-required categories and vendors are off by default, necessary items are visibly separated, and the user can accept one non-essential purpose without accepting all others.
- Fail: any opt-in box is pre-ticked, opt-out wording requires the user to deselect agreement, or a broad bundled toggle silently enables several non-essential purposes.
- Evidence: clean-profile screenshots of default settings, exported CMP configuration, purpose-to-tag map, vendor list, and a before-and-after storage diff for each toggle.
- What this proves: consent was an affirmative, purpose-specific action rather than silence, inactivity, or a hidden opt-out construction.

Sources for this answer:

- [EDPB Cookie Banner Taskforce report](https://www.edpb.europa.eu/system/files/2023-01/edpb_20230118_report_cookie_banner_taskforce_en.pdf?ref=sorena.io) - Supports treating pre-ticked opt-in boxes in cookie-banner settings as invalid consent for Article 5(3) purposes.
- [EDPB Guidelines 05/2020 on consent](https://www.edpb.europa.eu/sites/default/files/files/file1/edpb_guidelines_202005_consent_en.pdf?ref=sorena.io) - Supports testing for affirmative action, granularity, informed choice, and rejection of pre-ticked or opt-out consent patterns.

## Withdrawal and change-my-choice test

After accepting non-essential cookies, test whether the same user can find a persistent route to change or withdraw consent. The route can be a footer link, privacy settings control, account setting, or CMP icon, but it must be available without unusual effort and without lowering the service level.

The withdrawal test is not complete when the UI flips a toggle. It should also confirm that consent-dependent tags stop, future reads or writes are blocked, downstream suppression signals are sent where used, and any deletion or retention behavior is documented.

- Pass: a user can withdraw consent through the same website or app interface with effort comparable to giving consent, and non-essential tags stop after withdrawal.
- Fail: withdrawal requires calling support, sending email, waiting for office hours, clearing browser storage manually, accepting degraded content, or hunting through unrelated pages.
- Evidence: screen recording from accept to withdraw, timestamps, CMP consent-string changes, network traces before and after withdrawal, suppression logs, and the user-facing text that explained withdrawal before consent.
- What this proves: consent remains reversible and under user control after the first banner decision.

Sources for this answer:

- [EDPB Guidelines 05/2020 on consent](https://www.edpb.europa.eu/sites/default/files/files/file1/edpb_guidelines_202005_consent_en.pdf?ref=sorena.io) - Supports testing that withdrawal is as easy as giving consent, available through the same electronic interface, free of charge, and without lower service levels.
- [Directive 2009/136/EC amendment to Article 5(3) ePrivacy Directive](https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX%3A02009L0136-20201221&ref=sorena.io) - Supports treating consent and withdrawal controls as part of the same terminal-equipment access compliance record.

## Cookie-wall and access-without-consent test

Load a page that uses a blocking overlay, paywall-like consent gate, or content-hidden-until-accept pattern. The test should check whether the user can access the requested service or content without consenting to non-essential storage or access.

Do not convert this into a national-law rule. The grounded EU-level test is narrower: when access to a service or functionality is conditional on consenting to terminal-equipment storage or access that is not necessary for that service, the consent-choice record is weak because the user lacks a genuine choice.

- Pass: refusal leaves the requested content or an equivalent non-tracking version available, and only strictly necessary technologies run.
- Fail: all content is blocked behind an Accept cookies button, refusal causes a service downgrade tied to non-essential tracking, or the only alternative is to leave the site.
- Evidence: screenshots of the blocked and refused states, tag traces after refusal, product rationale for any necessary cookies, and records showing whether an equivalent non-consent path exists.
- What this proves: cookie consent was not made a condition for access to content or functionality that does not require those non-essential technologies.

Sources for this answer:

- [EDPB Guidelines 05/2020 on consent](https://www.edpb.europa.eu/sites/default/files/files/file1/edpb_guidelines_202005_consent_en.pdf?ref=sorena.io) - Supports cookie-wall testing where access to services or functionality is made conditional on terminal-equipment storage or access consent.
- [EDPB Cookie Banner Taskforce report](https://www.edpb.europa.eu/system/files/2023-01/edpb_20230118_report_cookie_banner_taskforce_en.pdf?ref=sorena.io) - Supports checking whether banner wording or design gives users the impression that consent is required to access website content.

## Analytics-toggle and exemption test

Analytics requires its own test because teams often misclassify it as necessary. First-party audience measurement may be lower risk, but it should not be treated as exempt unless the implementation matches documented conditions such as limited audience-measurement purposes, no cross-checking with other processing, single-publisher scope, IP truncation, limited tracker lifetime, user information, and an objection mechanism.

When those conditions are not met, analytics should behave like any other consent-required purpose: off before consent, controlled by a clear toggle, blocked after rejection, and stopped after withdrawal.

- Pass: exempt analytics has documented conditions and an objection route, or non-exempt analytics is off until the user actively enables it.
- Fail: analytics fires before consent because the team labels it necessary without an exemption analysis, shares identifiers across publishers, cross-checks with customer files, or uses third-party behavioral analytics as a necessary service cookie.
- Evidence: analytics vendor configuration, IP truncation setting, tracker lifetime, data-sharing and cross-site controls, objection UI, purpose map, and network proof that analytics follows the recorded choice.
- What this proves: the analytics toggle or exemption is based on the actual implementation rather than a generic analytics label.

Sources for this answer:

- [CNIL Sheet 16: Use analytics on your websites and applications](https://www.cnil.fr/en/sheet-ndeg16-use-analytics-your-websites-and-applications?ref=sorena.io) - Supports analytics-specific testing for consent, refusal, objection, limited purposes, IP truncation, tracker lifetime, and limits on cross-checking.
- [WP29 Opinion 04/2012 on Cookie Consent Exemption](https://ec.europa.eu/justice/article-29/documentation/opinion-recommendation/files/2012/wp194_en.pdf?ref=sorena.io) - Supports testing analytics against strict-necessity and purpose limits rather than assuming audience measurement is automatically exempt.

## Consent-evidence test for audit and complaints

The final test is whether the organization can prove what the user saw, what the user chose, and what the technology did as a result. A correct-looking banner is not enough if the team cannot reconstruct the consent workflow at the time of the session.

Keep the evidence minimal but sufficient. EDPB consent guidance supports keeping records that show how consent was obtained, when it was obtained, what information was presented, and how the workflow met the criteria for valid consent.

- Pass: the record links the banner version, wording, purposes, vendors, user choice, timestamp, jurisdiction/language variant, and tag behavior for the same release.
- Fail: the team can only point to the current CMP configuration, cannot show the text shown at the time, or stores broad consent logs without the purpose and workflow context needed to prove validity.
- Evidence: versioned banner copy, screenshots, CMP settings export, consent receipt or event record, tag-manager release, storage and network trace, withdrawal log, and source-linked test result.
- What this proves: the organization can demonstrate valid consent and explain why each consent-dependent technology was enabled or blocked.

Sources for this answer:

- [EDPB Guidelines 05/2020 on consent](https://www.edpb.europa.eu/sites/default/files/files/file1/edpb_guidelines_202005_consent_en.pdf?ref=sorena.io) - Supports keeping enough consent records to demonstrate how and when consent was obtained and what information was shown.
- [EDPB Cookie Banner Taskforce report](https://www.edpb.europa.eu/system/files/2023-01/edpb_20230118_report_cookie_banner_taskforce_en.pdf?ref=sorena.io) - Supports preserving banner-specific evidence because cookie complaints are assessed against concrete practices and national ePrivacy implementations.

*Recommended next step*

*Placement: before sources*

## Use these ePrivacy tests as a consent QA checklist

Sorena can turn these cookie banner UX checks into cited test scripts, owner assignments, CMP evidence requests, and release gates for Article 5(3) ePrivacy work.

- [Open Research Copilot for EU ePrivacy](/solutions/research-copilot.md): Ask source-linked questions about cookie banner UX, Article 5(3), analytics toggles, and consent evidence using the cited sources on this page.
- [Talk through implementation](/contact.md): Review your cookie banner test cases, CMP records, analytics settings, and ePrivacy evidence gaps with Sorena.

## Primary sources

- [Directive 2009/136/EC amendment to Article 5(3) ePrivacy Directive](https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX%3A02009L0136-20201221&ref=sorena.io) - Primary Article 5(3) source for consent before terminal-equipment storage or access and the transmission-only or strictly necessary exceptions.
  - Quote: "storing of information, or the gaining of access"
- [EDPB Cookie Banner Taskforce report](https://www.edpb.europa.eu/system/files/2023-01/edpb_20230118_report_cookie_banner_taskforce_en.pdf?ref=sorena.io) - Grounds the banner UX tests for first-layer reject options, pre-ticked boxes, misleading link design, deceptive contrast, and complaint evidence.
  - Quote: "Cookie Banner Taskforce"
- [EDPB Guidelines 05/2020 on consent](https://www.edpb.europa.eu/sites/default/files/files/file1/edpb_guidelines_202005_consent_en.pdf?ref=sorena.io) - Grounds consent-quality tests for free choice, cookie walls, affirmative action, withdrawal, and proof of consent.
  - Quote: "free, specific, informed and unambiguous"
- [EDPB Guidelines 2/2023 on Article 5(3) ePrivacy Directive](https://www.edpb.europa.eu/system/files/2023-11/edpb_guidelines_202302_technical_scope_art_53_eprivacydirective_en.pdf?ref=sorena.io) - Grounds the technical scope of cookie-banner testing beyond cookies, including storage, access, JavaScript, identifiers, pixels, tracked URLs, and local processing.
  - Quote: "technical scope of Art. 5(3)"
- [WP29 Opinion 04/2012 on Cookie Consent Exemption](https://ec.europa.eu/justice/article-29/documentation/opinion-recommendation/files/2012/wp194_en.pdf?ref=sorena.io) - Grounds strict-necessity and cookie-exemption analysis, including why purpose and implementation matter more than cookie type alone.
  - Quote: "Cookie Consent Exemption"
- [CNIL Sheet 16: Use analytics on your websites and applications](https://www.cnil.fr/en/sheet-ndeg16-use-analytics-your-websites-and-applications?ref=sorena.io) - Grounds analytics-specific testing for consent, opt-out operation, purpose limits, IP truncation, tracker lifetime, and restrictions on cross-checking.
  - Quote: "Use analytics on your websites and applications"
- [European Commission ePrivacy factsheet](https://digital-strategy.ec.europa.eu/en/library/eprivacyeu-towards-future-proof-legal-framework-online-privacy?ref=sorena.io) - Commission context for ePrivacy as online-privacy and device-control policy material without adding national cookie-banner rules.
  - Quote: "future proof legal framework for online privacy"

## Related Topic Guides

- [Are cookie walls allowed under the EU ePrivacy Directive?](/artifacts/eu/eprivacy-directive/faq/cookie-walls.md): FAQ answer on cookie walls under the EU ePrivacy Directive, covering freely given consent, refusal and withdrawal paths, banner evidence, and national-law caveats.
- [Do Analytics Cookies Require Consent under the EU ePrivacy Directive?](/artifacts/eu/eprivacy-directive/faq/analytics-cookies.md): FAQ answer on analytics cookies under Article 5(3) ePrivacy, limited analytics exemptions, configuration evidence, consent logs, and national-law caveats.
- [ePrivacy cookie consent vs DSA ads obligations: source-limited comparison](/artifacts/eu/eprivacy-directive/eprivacy-vs-dsa-ads.md): Compare ePrivacy cookie and tracking-consent duties with DSA ads workstreams without merging consent, transparency, and evidence obligations.
- [ePrivacy Directive vs GDPR: cookies, communications, consent, and evidence](/artifacts/eu/eprivacy-directive/eprivacy-directive-vs-gdpr.md): Compare the EU ePrivacy Directive and GDPR across subject matter, lex specialis overlap, terminal equipment, communications confidentiality, marketing, consent, enforcement, and evidence.
- [EU cookie banner requirements under the ePrivacy Directive](/artifacts/eu/eprivacy-directive/eu-cookie-banner-requirements.md): EU ePrivacy cookie banner requirements for non-exempt cookies and trackers: prior consent, reject choices, no pre-ticked boxes, withdrawal, analytics limits, cookie walls, and evidence logs.
- [EU ePrivacy analytics cookies: consent, exemption, and evidence guide](/artifacts/eu/eprivacy-directive/analytics-cookies.md): source-linked guide to analytics cookies under EU ePrivacy: Article 5(3) scope, when consent is usually needed, limited analytics exemptions, consent records, and evidence gaps.
- [EU ePrivacy Applicability Test for Cookies, SDKs, Pixels, Communications, and Marketing](/artifacts/eu/eprivacy-directive/applicability-test.md): A concrete EU ePrivacy Directive applicability test for electronic communications services, terminal-equipment storage or access, cookies, SDKs, pixels, local storage, direct marketing, GDPR overlap, and evidence.
- [EU ePrivacy Article 5(3) terminal equipment test](/artifacts/eu/eprivacy-directive/article-5-3-terminal-equipment-test.md): A source-linked Article 5(3) test for cookies, pixels, local identifiers, device APIs, strictly necessary exceptions, and consent evidence.
- [EU ePrivacy Confidentiality of Communications: Article 5 controls](/artifacts/eu/eprivacy-directive/confidentiality-of-communications.md): Article 5 confidentiality guide for EU ePrivacy communications, traffic data, metadata, terminal-equipment access, consent limits, and GDPR interplay.
- [EU ePrivacy consent-log evidence workflow for cookies and trackers](/artifacts/eu/eprivacy-directive/consent-log-evidence-workflow.md): Build an ePrivacy consent-log workflow that records cookie and tracker decisions, banner versions, consent signals, withdrawals, vendor evidence, and audit-ready outputs.
- [EU ePrivacy Cookie Scope Classifier Workflow](/artifacts/eu/eprivacy-directive/cookie-scope-classifier-workflow.md): Classify cookies, pixels, SDKs, local storage, device identifiers, and analytics tracers under Article 5(3) ePrivacy rules, with consent and exemption evidence outputs.
- [EU ePrivacy direct-marketing consent checklist](/artifacts/eu/eprivacy-directive/direct-marketing-consent-checklist.md): Checklist for ePrivacy Directive direct-marketing messages: consent, soft opt-in, sender identity, opt-out handling, proof records, suppression, and national-law caveats.
- [EU ePrivacy Directive compliance calendar for cookies, consent, and marketing](/artifacts/eu/eprivacy-directive/deadlines-and-compliance-calendar.md): source-linked ePrivacy calendar covering Directive milestones, Article 5(3) cookie reviews, consent evidence, direct marketing checks, and national-law follow-up.
- [EU ePrivacy Directive Compliance Checklist](/artifacts/eu/eprivacy-directive/checklist.md): A concrete ePrivacy checklist for terminal equipment access, cookie consent, exemptions, banner UX, direct marketing, confidentiality, GDPR interplay, and evidence records.
- [EU ePrivacy Directive Compliance Guide for Cookies, Marketing, and Communications](/artifacts/eu/eprivacy-directive/compliance.md): Practical ePrivacy Directive compliance checks for terminal equipment, communications confidentiality, cookie consent, exemptions, direct marketing, evidence, and national-law caveats.
- [EU ePrivacy Directive Cookies and Consent: Article 5(3), exemptions, and banner evidence](/artifacts/eu/eprivacy-directive/cookies-and-consent.md): Cookie consent guide for the EU ePrivacy Directive: Article 5(3) scope, strictly necessary and transmission exemptions, consent UX, withdrawal, logs, analytics caveats, and GDPR interplay.
- [EU ePrivacy Directive direct marketing rules for electronic mail](/artifacts/eu/eprivacy-directive/direct-marketing-rules.md): source-linked guide to Article 13 ePrivacy Directive rules for electronic mail marketing, prior consent, customer soft opt-in, opt-out handling, sender identity, and Member State caveats.
- [EU ePrivacy Directive Enforcement and Fines](/artifacts/eu/eprivacy-directive/enforcement-and-fines.md): Source-grounded guide to ePrivacy Directive enforcement, national penalties, competent authorities, GDPR interplay, cookie-banner risk, and evidence limits.
- [EU ePrivacy Directive FAQ: cookies, consent, marketing, GDPR interplay](/artifacts/eu/eprivacy-directive/faq.md): Answers to recurring EU ePrivacy Directive questions on Article 5(3), terminal-equipment access, cookie consent, exemptions, analytics, direct marketing, GDPR interplay, national enforcement, and evidence.
- [EU ePrivacy Directive Member State Cookie Rules](/artifacts/eu/eprivacy-directive/member-state-cookie-rules.md): How to evidence EU ePrivacy cookie compliance when Article 5(3) is implemented through Member State law and national authority practice.
- [EU ePrivacy Directive Metadata and Location Data Guide](/artifacts/eu/eprivacy-directive/metadata-and-location-data.md): source-linked guide to EU ePrivacy Directive rules for traffic data, location data, anonymisation, consent, value-added services, Article 5(3) overlap, and national-law limits.
- [EU ePrivacy Directive penalties and fines: national enforcement caveats](/artifacts/eu/eprivacy-directive/penalties-and-fines.md): source-linked guide to ePrivacy Directive penalty exposure, national transposition caveats, cookie enforcement evidence, consent defects, and GDPR overlap limits.
- [EU ePrivacy Directive Requirements: cookies, communications and marketing](/artifacts/eu/eprivacy-directive/requirements.md): source-linked map of EU ePrivacy Directive requirements for communications confidentiality, terminal-equipment access, consent, traffic and location data, and direct marketing.
- [EU ePrivacy Directive vs GDPR: cookies, communications, marketing, and evidence](/artifacts/eu/eprivacy-directive/eprivacy-vs-gdpr.md): Compare the EU ePrivacy Directive and GDPR by trigger, consent standard, lex specialis overlap, enforcement caveats, and evidence outputs for cookies, device access, communications, and marketing.
- [EU ePrivacy Directive vs UK PECR: source-limited cookie and marketing comparison](/artifacts/eu/eprivacy-directive/eprivacy-vs-uk-pecr.md): Compare EU ePrivacy Directive rules with a source-limited UK PECR workstream for cookies, terminal equipment, direct marketing, consent, soft opt-in, and evidence.
- [EU ePrivacy soft opt-in FAQ for email marketing](/artifacts/eu/eprivacy-directive/faq/soft-opt-in.md): When Article 13(2) soft opt-in can support EU customer email marketing, including existing-customer, similar-offer, opt-out, sender-identity, suppression-list, and national-law checks.
- [EU ePrivacy soft opt-in marketing checklist](/artifacts/eu/eprivacy-directive/soft-opt-in-marketing.md): source-linked checklist for using the EU ePrivacy Directive soft opt-in exception for customer email marketing, opt-outs, sender identity, suppression records, and national-law caveats.
- [EU ePrivacy soft opt-in marketing review workflow](/artifacts/eu/eprivacy-directive/soft-opt-in-marketing-review-workflow.md): Review whether an EU electronic-mail marketing send can rely on the ePrivacy soft opt-in, with checks for customer relationship evidence, similar products, opt-out, sender identity, suppression records, and national-law caveats.
- [EU ePrivacy Strictly Necessary Cookie Exemptions](/artifacts/eu/eprivacy-directive/strictly-necessary-exemptions.md): source-linked guide to the Article 5(3) ePrivacy exemptions for transmission cookies, requested-service cookies, analytics caveats, evidence, and national-law checks.
- [Is a reject-all button required for EU ePrivacy cookie consent?](/artifacts/eu/eprivacy-directive/faq/reject-all-button.md): Standalone FAQ answer on EU ePrivacy reject-all and refuse options for cookie banners, including equal prominence, deceptive UX, consent evidence, withdrawal, and national-law caveats.
- [Strictly Necessary Cookies under the EU ePrivacy Directive](/artifacts/eu/eprivacy-directive/faq/strictly-necessary-cookies.md): FAQ answer on when EU ePrivacy Article 5(3) allows cookies without consent, with grounded examples, analytics caveats, evidence records, and national-law cautions.
- [What should CMP consent logs retain under the EU ePrivacy Directive?](/artifacts/eu/eprivacy-directive/faq/cmp-consent-logs.md): FAQ answer on CMP consent logs for EU ePrivacy cookie consent: retained fields, consent validity signals, banner versioning, refusal and withdrawal events, proof limits, and national-law caveats.


---

[Privacy Policy](https://www.sorena.io/privacy) | [Terms of Use](https://www.sorena.io/terms-of-use) | [DMCA](https://www.sorena.io/dmca) | [About Us](https://www.sorena.io/about-us)

(c) 2026 Sorena AB (559573-7338). All rights reserved.

Source: https://www.sorena.io/artifacts/eu/eprivacy-directive/banner-ux-test-cases