Logo Logo

The EU's GDPR and California's CCPA both affect how your website is allowed to handle the personal data of users.

Try our free website scan to see how your website tracks and handles personal information.

Consent management platform like Cookiebot protects the privacy of users.

Updated February 3, 2020.

A consent management platform (CMP) is a piece of software that websites across the world can use to protect the privacy of their users from unwanted data collection and invasive third-party trackers.

A consent management platform like Cookiebot is the security guarantee for users that your website is in compliance with data protection laws like the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA).

A CMP lets users know that they are in control of their own data and privacy.

What is a consent management platform (CMP)?

Consent management platforms or CMPs deal with – as their name implies – the control of user consent on websites regarding the collection and handling of personal information.

Most data privacy laws around the world regulate the way businesses, organizations, governments and the likes are allowed to collect and use the personal data of individuals. The two most prominent examples are the European General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

There are many different consent management platforms for websites to use in order to obtain compliance with the data privacy laws, each with a different technology for managing user consent.

A consent management platform like Cookiebot works by scanning your entire website to find all the cookies, trackers and similar technology present.

Then it pauses all and holds everything back (apart from those strictly necessary for the website’s basic functioning) and empowers the users and visitors to make their choice of consent via a consent banner as to which categories of cookies, they wish to set in operation.

In other words, Cookiebot’s consent management platform is a two-way protection: for the privacy of end-users and the legal compliance of your website.

Cookiebot enables both GDPR and CCPA compliance.

What is the GDPR?

It is the data protection law that is binding in all twenty-seven member states of the European Union.

It came into effect in May 2018 and has since caused a fundamental change to the make-up of the commercial Internet, not just in the EU, but globally, since the GDPR applies to any company or website across the globe, if they have visitors from inside the EU (called “extraterritorial reach”).

The GDPR regulates how data controllers (websites, companies, organizations, anyone who handles other people’s data) are allowed to collect and process personal data on individuals within the EU.

Consent management platform like Cookiebot enables GDPR compliance.

A consent management platform like Cookiebot enables GDPR compliance for your website, regardless of where in the world you might be based.

Of the various legal bases for processing, the first and most widely applied is the condition of consent. This means that to collect and process personal data, your website must first obtain the informed and unambiguous consent of the data subject in the EU.

Read more about the GDPR here.

This is typically done through… a consent management platform!

What is the CCPA?

California Consumer Privacy Act (CCPA) is a statewide law that took effect on January 1, 2020 and regulates how the personal information of California residents are allowed to be collected, handled and sold by businesses all over the world.

CCPA empowers California users with a right to know what personal information a business has collected from them, a right to have that data deleted, and a right to opt out of having their data sold to third parties.

CCPA compliance through a consent management platform with Cookiebot

A consent management platform like Cookiebot ensures CCPA compliance for businesses all over the world.

In order to be in compliance with the CCPA, a website has to inform its users of the categories of personal information it collects (at or before the point of collection), feature a Do Not Sell My Personal Information (DNSMPI) link on the website and provide information on how users can exercise their rights to deletion.

Cookiebot enables CCPA compliance for websites with a CCPA specific configuration, which detects when a user is from California and then presents them with a CCPA compliant cookie declaration featuring the legally required DNSMPI link.

Read more about the CCPA here.

Try Cookiebot for free today.

Why should I use a consent management platform?

Most websites in the world have third-party cookies imbedded, even if the website owner or controller is not aware of it.

Everything from social media plugins to embedded videos will typically bring dozens of invasive third-party trackers with them that harvest data from your visitors and sell these to other companies, unbeknownst and unconsented by the users themselves.

Unless you have a website with only strictly necessary cookies (which, frankly, is very unlikely), you are legally obligated to not only inform your users about what tracking technologies are present on your website, you must also obtain their explicit consent for the activation of these.

It requires substantial time, work and technical insight to not only become aware of the extent of cookies and trackers on your domain, but also to control them in compliance with the EU’s GDPR and California’s CCPA.

It’s a lot of work to keep up with the constantly changing landscape of data privacy compliance and the ever-evolving specs of online tracking, which is exactly why a consent management platform like Cookiebot exists.

It’s not just to make things easier for websites, it’s also to ensure real and thorough compliance for true data privacy protection.

This drives Cookiebot every day.

Okay, so what do I get out of using a consent management platform?

A consent management platform like Cookiebot gives you total control of all things cookies and trackers and consent and legal compliance.

At Cookiebot, we spend the better part of our days developing and fine-tuning the ground-breaking software that is unique and crafted specifically to protect the privacy of your end-users, making your website compliant with the GDPR’s consent requirements and the CCPA's information and opt out requirements.

A consent management platform like Cookiebot provides you and your domains with several functions that will transform the privacy framework around your website.

Automated cookie scan and declaration

Our consent management system performs automated scans of your website. These deep scans find literally every type of cookie and similar tracking technology (HTTP/Javascript cookies, HTML5 Local Storage, Flash Local Shared Object, Silverlight Isolated Storage, IndexedDB, ultrasound beacons, pixel tags and more).

The scanning technology developed at Cookiebot is unlike any other on the market – we do really find every single cookie and similar tracking technology – even the cookies and trackers you had no idea was hiding in the deepest subpage on your domain.

This is not an insignificant advantage to other consent management platforms – it is a decisive difference and a key feature of real compliance that Cookiebot enables your website to ensure its visitors that you do indeed know and control all cookies and trackers.

Cookie consent banner

Using the cookie declaration that the scanner creates from its exhaustive findings, our consent management platform then creates a consent banner that pops up on any page of your website, when the user arrives for the first time.

Cookiebot informs the users about the cookies and trackers, the make-up of first and third-party technology present, and empowers them with a choice between four categories (three are optional, one strictly necessary and mandatorily pre-checked).

European privacy law compliant consent banner from Cookiebot.

A European privacy law compliant consent banner from Cookiebot.

According the highest legal body in the EU – the Court of Justice of the European Union (CJEU) – no website consent banners are allowed to have pre-checked checkboxes. Users have to affirmatively opt in and consent to the processing of their data by ticking the boxes of a consent banner themselves.

A consent management system like Cookiebot enables your website to be compliant with the GDPR and the ePrivacy Directive, as well as the CJEU ruling, since our consent banners are highly customizable and work to fit myriads of global privacy laws, from the GDPR to the California Consumer Privacy Act (CCPA) to the LGPD of Brazil.

Cookie declaration for CCPA compliance

To be compliant with the CCPA, websites must have an updated cookie declaration with a Do Not Sell My Personal Information link for users to opt out of third-party data sales.

A consent management platform like Cookiebot enables CCPA compliance.

A CCPA compliant cookie declaration by Cookiebot.

Using a CMP with automatic geotargeting like Cookiebot, you can rest assured that your website presents its users with the right data privacy solution, whether they are from inside the EU or California.

Automatic cookie control

Cutting-edge technology in the business of consent management platforms allows Cookiebot to automatically control all the cookies and trackers on your website.

This is different from self-defense privacy tools like ad blockers and VPNs that can be employed by your end-users themselves (and often break the website).

A consent management provider doesn’t put the responsibility of protecting their privacy on the end-users’ shoulders – rather, as required by the GDPR, it helps websites make their own privacy framework compliant.

With a consent management platform like Cookiebot, you are in full control of which cookies are set on your website - instead of leaving it up to your users to opt in and out of hundreds of third-party cookie providers.

Cookiebot can be implemented in two different ways: automatically or manually.

For automatic implementation, you simply need to download Cookiebot from the cloud and implement a few lines of JavaScript at the top of your website’s source code. If you don’t know a lot about your websites programming and how it works, this is probably the right option for you.

For manual implementation, you will need to manually mark up the cookie-setting script tags on your website in order to be able to control its cookies and trackers. If you want more insight and agency into exactly how Cookiebot will run on your domain, you can opt in for the manual implementation.

Want to know more about the core functions of Cookiebot?

What are the consequences of using a consent management platform?

Besides ensuring compliance with the GDPR and CCPA, a consent management platform provides you with a real difference when it comes to privacy and security.

The Internet has changed a lot since the early 2000s – behavioral advertisement based on profiling and data abuse proliferate the commercial Internet and a great privacy awakening has been rolling across the world since the scandalous revelations about Cambridge Analytica.

We are all becoming critical users, just like we have become critical consumers when it comes to organic foods and recycling.

A consent management platform is an effective weapon against the rampant surveillance capitalism.

Surveillance on the Internet is real and pervasive – using a consent management platform can make your website a safe private space.

Privacy is not a trend.

This much is confirmed by the global data protection laws emerging across the world (CCPA // LGPD // GDPR), and the readiness of great scholars, like Shoshana Zuboff, to put into words the very real dangers that we face as a democratic society if we don’t act on the threat of data abuse now.

By using a consent management platform like Cookiebot on your website, you choose not only to comply with global privacy laws, you also make your website – your tiny corner of the endless Internet – a safe space from malicious ad tech giants who otherwise collect and sell intimate details of personal information for profit.

You effectively opt-out of the surveillance markets that power massive data abuse, breaches, misinformation and algorithmically controlled echo chambers.

You cut the ties between your website and the black data markets.

Yeah, but don't I also lose all of my Google Analytics by using a consent management platform?

Using a consent management provider like Cookiebot will not break your website, that’s the whole point of our product. We have developed a unique piece of technology that balances strong, genuine data protection with nuanced integration that takes care to not compromise the operation of your domain.

However, when it comes to the EU, the GDPR and the CJEU’s ruling on what constitutes valid consent in the EU are very clear: you must obtain the explicit consent of your users, if your process any data.

This will have implications on your analytics, but on the other hand, not using a consent management platform can have even worse implications, such as heavy fines, bans from processing data and the abuse of your visitors’ data.

There is no way around protecting the privacy of your user, and no way around dealing with the content – first or third party regardless – of your website.

Using a consent management platform like Cookiebot can make both as easy and effortless as locking your front door.


What is the GDPR?

What do I need to know about GDPR and cookies?

What is the CCPA?

What is the LGPD?

What is valid consent in the EU, according to the CJEU ruling?

Shoshana Zuboff on surveillance capitalism 

What is behavioral advertisement? 

Cambridge Analytica and the Great Privacy Awakening

We are becoming critical users

Make your website’s use of cookies and online tracking compliant today

Try for free