What is a cookie banner?
A cookie banner is a display notice that appears when users visit a website for the first time, or when new consent information is required. It is also known as a cookie consent banner or cookie notice. Cookies banners have two purposes:
- to obtain users’ consent for the collection of their personal data
Cookie banners most commonly appear as a popup on a portion of the screen, or covering much of the screen, commonly known as a cookie wall. They can also appear as a floating bar at the top or bottom of the screen. The interactive features enable visitors to learn information about cookie and data use and make consent choices so they have control over their personal information. Users choose whether to consent or decline the collection of their data.
Do I need a cookie banner on my website?
Privacy banners today are unlike the early, simple cookie consent popups that only had an “Ok” button.
Now, your websites’ end-user consent solutions need to meet more strict cookies banner requirements, the demands of more educated consumers, evolving technology.Here are three key reasons why your website likely needs a cookie banner.
1) A lot of data privacy legislation focuses on end-user consent
Emerging data privacy laws around the world are increasingly focused on end-user consent, from the EU’s GDPR, to Brazil’s LGPD, South Africa’s POPIA, Thailand’s PDPA, Malaysia’s PDPA, and many others on the horizon. However, each law has specific requirements and nuances.
Consent is the new standard for the evolving privacy-focused Internet, and nowhere is this more apparent than on a website’s cookie consent banner.
Your website is a dynamic system making use of the personal and sometimes sensitive data of real people through cookies and similar tracking technologies.
Your website is just one domain among the millions, but balancing data privacy and a data-driven internet economy starts small. Data privacy regulations aren’t generally based on how big a website or company is, and consumers are increasingly concerned about access to their data everywhere.
It matters that your website’s consent banners are the best in the industry. Additionally, data privacy enforcement is growing teeth, and legal liability for ignoring the consent rights of end-users has become a risky business around the world and for websites, apps, and connected devices.
2) Consent is becoming a consumer demand and a metric of brand reputation
Cookie consent is no longer just a tiresome chore from a dusty EU directive. It’s recognized as a consumer demand almost as much as a legal requirement, with 80% of consumers saying they’ve left a brand because it was using their data without their consent.
Akin to sustainability markings on product packaging, a high quality consent management solution on a website now signals respect for privacy, good customer relations, and data protection awareness. Metrics that help build brand reputation in an increasingly digital world where nearly all companies are also digital companies.
Balancing your website’s need for data and conversions against the growing public and legal demand for data protection and privacy can be difficult.
But as a world-leading consent management platform, Cookiebot CMP automates the compliance process for you, balancing data privacy and data-driven business with trusted and reliable technology that is intuitive and easy to use for your end users.
3) Google and the digital industry are shifting towards consent
Google Consent Mode is a new core feature that enables your website run all its integrated Google services, like Google Tag Manager, Google Tag Manager 360 and Google Analytics, based on the consent state of your end user. It provides conversion modeling and basic measurements for your website even if users say no to cookies and trackers via your consent banner.
The launch of Google Consent Mode and Google’s decision to stop using third-party cookies in Chrome by the end of 2024 (though that date has already been changed once) are clear signals that the adtech industry is moving away from unconsented mass harvest of personal data towards a model that not only respects end-user consent but puts it at its center of operations.
Making sure that you can provide the best consent banners for your end users is important, since cookie consent banners are becoming central mechanisms for controlling analytics, ads, and marketing services across the digital ecosystem.
Making sure that your website has the best consent management platform available on the market — one that integrates seamlessly with Google Consent Mode — is vital to thrive in a sustainable internet economy based on end-user consent.
Learn more and achieve privacy compliant user consent.
How does a cookie consent banner work?
A cookie consent banner plays a dual role in privacy compliance and data collection. It shares information with users and enables them to take action regarding their personal data.
Sharing information with users via a cookies consent banner
- essential cookies, without which the website won’t work as intended
- non-essential cookies, including for statistics, user preferences and customizations, marketing and advertising and third-party
- what choices the user has regarding their data
Taking action with a privacy banner
A cookie banner gives users a way to inform the website about whether or not it can collect their personal data, and often, at a granular level, which specific data and for what purposes it can be used. This is usually in the form of buttons with the following consent options:
- Confirm or Accept
- Decline or Reject
- Customize or Manage Preferences
Once the user has chosen, their cookie preferences get recorded in a consent management platform and securely stored for future visits to the website, or in the event of an audit by data protection authorities.
Types of cookie consent banners
There are two main types of cookie consent banners based on the data privacy regulations that they help organizations comply with: opt-in consent and opt-out consent.
Opt-in consent banner
Opt-out consent banner
Most state-level data privacy laws in the US require a cookies banner that complies with the opt-out consent model, which applies to personal data collected from adults. Some laws require the data collector to give users the option to opt out of having their personal data collected at any time. Even though prior consent isn’t required, it is mandatory to notify visitors about data collection and usage as well as their rights.
What are the requirements for a cookie banner?
Cookie banners must comply with the provisions under data privacy laws like the GDPR, ePrivacy Directive and California Consumer Privacy Act (CCPA), and the requirements for each can be different. Basic cookie consent requirements for banners are:
- details about the website’s cookie usage, explained in simple, non-legal language that anybody should be able to understand
- contact information for the company, and, where relevant, how to exercise user rights under relevant regulations
Let’s take a closer look at what a GDPR cookie banner under the GDPR/ePrivacy Directive or the CCPA/California Privacy Rights Act (CPRA) should look like.
What should an EU law compliant cookie consent banner contain?
The GDPR and ePrivacy Directive are the two main regulations that govern data privacy for personal data collected from users in the EU. They apply to all companies who collect data from EU-based users, even if the companies are located outside the EU.
User consent must be explicit under the GDPR, which means EU-based users must receive an opt-in consent banner when they first visit a website, app, etc. Further, consent under the GDPR must be freely given, specific, informed and unambiguous.
Requirements for privacy banners compliant with the ePrivacy Directive and GDPR are:
- Option to reject cookies: Users must be given the choice to reject cookies easily, with a “Reject” or “Decline” button beside the opt-in button. Both options must be comparable in appearance and equally accessible. Declining cookies should not result in any penalties and users should still be able to use the website.
- Granular control over cookie preferences: For consent under the GDPR to be specific to a purpose, users must have the option to customize their cookie preferences if they wish. Some users may want to allow non-essential cookies for one purpose but reject non-essential cookies for another purpose. Offering granular choices on your GDPR compliant cookie banner enables users to have more control over how their personal information is used. Users must also be able to change or withdraw these choices in the future.
Link to policies: Users who want to know more about your detailed cookie or privacy policies must be able to access them with a clear link from the cookie consent banner.
EU laws compliant cookie banner example:
GDPR cookie banner checklist
Our GDPR-compliant cookie banner checklist can help you achieve compliance with EU laws. Download a copy to get started on legally collecting consent from users in the EU.
What should a cookie consent banner under the CCPA and CPRA contain?
The CCPA and CPRA govern the personal data collected from residents of California and apply to businesses that:
- have a gross annual revenue that exceeds US $25 million
- receive, process, or transfer data from 100,000+ California residents annually, or
- earn at least 50% of annual revenue from selling or sharing the personal data of California residents.
If a company that meets these thresholds collects personal data from California residents, it must display an opt-out cookie banner when users visit their website for the first time.
Requirements for cookie banners compliant with the CCPA/CPRA provide:
- Information about cookie usage: The cookie banner must inform users about cookies the website uses and the intended purposes for collecting personal information. It must also inform users if the website shares any information with third parties.
- Option to opt out of personal data being sold: The CCPA/CPRA require a cookie consent banner to include a link with prescribed language that says “Do Not Sell Or Share My Personal Information”.
It’s vital to note that an organization can sell the personal information of a user under the age of 16 years only with explicit consent. If the organization knows that it is collecting data from a “known child”, i.e. a user under the age of 16, it must provide opt-in consent for the sale of personal information. Consent for access to children’s data must be provided by a parent or legal guardian. An opt-out button or link is not compliant with the CCPA for the sale of personal information belonging to users below the age of 16.
CCPA compliant cookie banner example
Best practices for cookie banner design
Good design makes it easy for users to understand the information on your cookie banner and take action to opt in (or out), making your cookie banner effective, user-friendly and more likely to be compliant. Your cookie banner should:
Cookie banner design do’s:
- use fonts and text sizes that are easy to read
- match your brand colors and style for visual consistency
- include your corporate logo for easy visual recognition
- use clear labels on buttons that make it apparent what users’ options are
- display the banner prominently on the screen, without overtaking all of it
- employ accessibility best practices, e.g. be compatible with screen readers and other assistive technologies
Cookie banner design don’ts:
- use poorly contrasting colors that make the text illegible (especially the “Decline” option)
- use pre-checked consent boxes for non-essential cookies
- make the “Reject” setting difficult to find or hide it behind a link
- use suggestive colors, sizes, or styles on buttons to encourage users to accept cookies
- blur the website behind the banner so that users can’t browse without accepting cookies
Can I control cookies on my website without a cookie banner?
A cookie consent banner and cookie scanner takes the hard part out of compliance
Cookiebot CMP is a mature technology that has been evolving and improving for many years. Today, it’s the most powerful tool on the market for detecting tracking technologies in operation on websites and to control these based on genuine end-user consent.
Cookie use is a potential privacy risk and a legal liability for your website because they can track, store and share behavior about your end users.
Cookies used on a website are dynamic and often change. On average, a website has 20 cookies in use. It’s important to stay up to date on which cookies and other trackers are in use at any given time to comply with regulations and accurately inform users.
Here’s why it’s very difficult to control cookies and manage end-user consent on your website manually.
72% of all cookies are set by fourth parties and loaded by third parties, i.e. “trojan horses” that website owners cannot find without a deep-scanning technology like Cookiebot CMP.
18% of all cookies are set by fifth parties or deeper.
50% of “trojan horses” will have changed between visits, meaning that they can be different cookies altogether, collecting different data for different agents, and making the legal responsibility of the website owner impossible to live up to, without a consent management platform like Cookiebot CMP.
99% of all cookies are used to track website visitors or to provide targeted ads.
Source: Beyond the Front Page 2020
Do you know what cookies your website uses and how they affect privacy compliance?
How do I install a cookie banner on my website?
Achieving compliance with global data privacy regulations can be complex. A consent management platform (CMP) such as Cookiebot’s™ simplifies the process, helping you collect cookie consent from users no matter where they’re located.
Cookiebot CMP is designed for anyone to use and doesn’t require a lot of technical expertise. Once you set up your account, you can be up and running in 3 simple steps:
- Add your website to the Cookiebot CMP.
- Customize your cookie consent banner — design, content and languages — or select a banner from one of our predefined options.
- Add the cookie banner and declaration to your website using a script or one of the available integrations.
Read our Getting Started guide for a more detailed explanation of the setup.
Why choose Cookiebot™?
Compliance and technology for a sustainable internet economy
Cookiebot CMP launched in Denmark in 2012 to help balance data privacy and data-driven business on websites around the world.
Today, Cookiebot CMP is a world-leading solution for websites to get true end-user consent. Its unrivaled website scanner and full cookie control enables compliance with major data privacy laws around the world, including the EU’s GDPR, California’s CCPA/CPRA, Brazil’s LGPD, South Africa’s POPIA and many others.
What sets Cookiebot CMP apart is its unmatched scanning technology that detects all cookies and trackers in use on your website.
Integrating with Google Consent Mode, available as a WordPress plugin and an Umbraco app, as a Google Tag Manager Standard Tag and in full compliance with the IAB’s TCF and CCPA Compliance Frameworks, Cookiebot CMP is your all-round solution for data protection compliance.
Used by small, medium and enterprise domains alike, as well as investigative researchers, the Cookiebot CMP scanning technology is unrivaled in its powers to uncover tracking on websites.
After finding all cookies, we empower end users with a genuine choice of consent through modern and easy-to-use cookie consent banners that offer granular cookie control and consent solutions to fit data privacy law requirements.To match the technology inside of Cookiebot CMP, the next generation of cookie banners bring a whole new level of ease of use and customizability with modern designs that integrate seamlessly with any website, no matter shape, size, or layout.
Toggles for easy cookie consent
As part of our mission to make end-user consent as effortless as possible, the new generation of cookie banners come with the choice of controlling all cookie categories with toggles on the first and second layers. Easy and recognizable designs bring smoother end-user consent experience to your website.
Optimized for better usability and higher conversion rates
With a modern look and feel, the new generation of cookie banners from Cookiebot CMP make the user consent journey effortless and intuitive, to help obtain more data, as well as being fully WCAGcompliant (Web Content Accessibility Guidelines).
Cookiebot CMP balances data privacy and data-driven business to help your website respect and protect your users’ right to privacy, while also getting the data you need for marketing operations and ad revenue.
Fully flexible and customizable
The new generation of cookie banners are the most customizable cookie banners online, and come in three-button, two-button, and one-button versions to enable compliance with major data privacy laws around the world.
Cookie banners can be built to fit any color and design scheme on your website and can feature your business logo for seamless integration.
Optimized for mobile
Increasingly, domains are visited from smartphones and tablets, and it’s vital that your website’s cookie banner works just as well there as on the desktop version.
The new cookie banners are fully responsive and optimized for mobile use, so your end users are always presented with a great design and user experience, no matter how they visit your domain.
Achieve seamless compliance with major data privacy regulations
The cookie banners from Cookiebot CMP are the product of significant research and development to find the just right solution for a completely transparent cookie overview with true prior consent at its core.
Just like the old banners, the new cookie banners provide your website with plug-and-play compliance for major data privacy laws like the EU’s GDPR, California’s CCPA/CPRA, Brazil’s LGPD, South Africa’s POPIA and many others.
The new generation of cookie banners also support the IAB’s TCF and CCPA Compliance Framework.
All our banners always support the IAB TCF, including the latest version 2.2.
A cookie banner is a tool that displays an interface on a website where end users can decide which cookies and trackers they will allow to be activated during their visit. It is where user consent is obtained and where users are notified about cookie and personal data use. The functions performed by cookie banners are required by several major data privacy laws in the world, including the EU’s General Data Protection Regulation (GDPR).
Under the EU’s GDPR, cookie banners must provide users clear information about data collection and use, as well as user rights and how to exercise them. Banners must also give end users a genuine choice of saying “yes” or “no” to cookies that process and share personal data. A GDPR-compliant cookie banner is not allowed to have pre-ticked checkboxes or to nudge users towards accepting cookies.
If you have cookies on your website, then a cookie banner is most likely necessary and legally mandatory under many privacy laws. If your website has users from inside the EU, a GDPR-compliant cookie banner that enables users to say “yes” or “no” to cookies is a legal requirement. Other major data privacy laws also require cookie consent banners, such as Brazil’s LGPD, South Africa’s POPIA, Malaysia’s PDPA and more.
Cookie banners must give end users full transparency into the tracking and collection of personal data that is happening on your domain, including what cookies and trackers are in use, what kinds of data they collect, third parties that they share the personal data with, as well as the technical details and provider of the cookies in use.
Try Cookiebot CMP for free and get the world’s most powerful website scanner and automatic cookie consent popups for plug-and-play compliance with all major data privacy laws, such as the EU’s GDPR, California’s CCPA, Brazil’s LGPD and many more.
A “GDPR banner” or cookie banner must be able to manage end-user consents and control all cookies and trackers in use on your website. Developing your own is difficult and risky, since 72% of all cookies are set by fourth parties that are loaded by third parties, which website owners cannot find without deep-scanning technology.