Sign in Start for free

What Is First and Second Layer Consent? Avoid Unnecessary Fines

We explain in simple terms how to comply with the obligation to inform at two levels and avoid common mistakes when collecting personal data, ensuring web data protection and meeting legal website requirements.
Núria Moreno Ambel
September 25, 2025

When we collect personal data , whether through forms, contracts, or apps , data protection regulations for websites require that affected individuals be informed transparently. To achieve this, the General Data Protection Regulation (GDPR) establishes the so called layered information system, which helps users understand what happens with their data without overwhelming them.

What does layered information mean?

The layered model is based on providing information at two levels:

First layer:
This is the most essential information, presented briefly and directly at the very moment the data is collected.

It includes:

  • Who the data controller is
  • The main purpose
  • The legal basis (consent, contract, legal obligation, etc.)
  • The person’s rights
  • A link or address to consult the second layer

The goal is to avoid overwhelming the user with long paragraphs so they can clearly decide whether to give consent.

Second layer:
This contains all the detailed, complete information required by law.

It includes:

  • Full identity and contact details of the controller
  • All purposes of processing and their legal bases
  • Possible data transfers to third parties
  • International data transfers
  • Data retention period
  • Extended rights and how to exercise them
  • Option to file a complaint with the supervisory authority

This second layer is usually hosted in the website’s privacy policy or in an equivalent document.n un documento de fácil acceso. También debe estar referenciada en el aviso legal en páginas web.

Why is layered consent so important?

Because it’s the way to guarantee transparency and respect the user’s autonomy. If we only provided the full information in one endless block of legal text, most people wouldn’t understand or read it.

Layered information makes it easier to understand, builds trust, and is also a direct requirement of the GDPR (principle of transparency, Article 12).

Benefits of Applying the Layered Model

  • Makes information easier to understand
  • Ensures consent is truly free and informed
  • Strengthens user trust
  • Helps comply with regulations and avoid fines

To enhance the experience, many websites combine this model with a visible cookie banner and cookie management tools. This allows for valid cookie consent and improves eCommerce legal compliance.

Conclusion

Incorporating layered information is not just a legal formality — it’s a best practice that shows commitment to privacy and respect for people. Remember: keep the first layer clear and brief; make the second layer complete and accessible. This way, your data processing will be transparent, legal, and responsible.

At Lawwwing, as a legal tech platform, we can help you generate a legal notice for your website, create a compliant privacy policy page, and implement tools such as a cookie banner or a WordPress cookie plugin for proper cookie management.

In this article
What does layered information mean?Why is layered consent so important?Benefits of Applying the Layered ModelConclusion
In this article
How can we help you?
If you have any questions, our specialists are here to assist you whenever you need it.
Live Chat
Share this article
Blog

Related Articles

Businesses trust Lawwwing to ensure their legal compliance, keeping their documents up-to-date and avoiding penalties.
cross