# [Cookie disclaimers vs. cookie consent](https://www.cookiebot.com/en/cookie-disclaimers-vs-cookie-consent-cookiebot-cmp/)
**The General Data Protection Regulation (GDPR) and ePrivacy Directive (ePR) affect how you as a website owner must obtain and store cookie consents from your visitors from the EU.**

· [Learn more about Cookiebot CMP](https://www.cookiebot.com/) · [Privacy Policy Generator](https://usercentrics.com/privacy-policy-generator/) · [Web CMP](https://usercentrics.com/website-consent-management/)

---
## Quick summary
Your website uses cookies and trackers that process personal data from users that visit your domain. This means that you must comply with the [General Data Protection Regulation (GDPR)](https://www.cookiebot.com/en/gdpr/) and the [European Data Protection Board’s (EDPB) guidelines on valid consent](https://www.cookiebot.com/en/edpb-guidelines/).

Valid consent is a –
- Freely given
- Specific
- Informed
- Unambiguous indication of a user's wishes

[EDPB guidelines on valid consent](https://www.cookiebot.com/en/edpb-guidelines/) clarify that scrolling and continued browsing is not considered valid consent, nor are cookie banners with pre-ticked checkboxes or cookie walls (forced consent conditioned on website access).

Your website’s consent solution must present users with a real choice of consent that lives up to the GDPR requirements above.

[Cookiebot CMP](https://www.cookiebot.com/) by [Usercentrics](https://usercentrics.com/) takes all the hard work out of protecting the privacy of your users by making your website compliant with the GDPR.

*Used by: Brand A, Brand B, Brand C*

---
## Cookie consent banners in detail
A **cookie banner** or **cookie consent banner**, on the other hand, is a sustainable and GDPR/ePR compliant approach to protecting the privacy of your website’s users – if it is done right, if it is implemented correctly.

A consent banner is the technology that enables your users to decide for themselves which categories of cookies and tracking they wish to consent to on your domain, and it is the technology that enables you, the website owner, to be fully compliant with the GDPR.

The [European Data Protection Board (EDPB)](https://edpb.europa.eu/edpb_en/) is the lead supervisor of GDPR enforcement in the EU.

The job of the EDPB is to adopt guidelines and issue decisions on how the GDPR is to be interpreted and applied in each EU member country by the national data protection authorities.

On May 4, 2020, the [EDPB adopted guidelines on valid consent](https://www.cookiebot.com/en/edpb-guidelines/) that clarify what kind of user actions on websites constitute GDPR compliant consent.

The [EDPB guidelines state](https://www.cookiebot.com/en/edpb-guidelines/) that –
- Scrolling, swiping or continued browsing on websites by users do not meet the GDPR requirements for a clear and affirmative prior consent.
- Cookie banners are not allowed to have pre-ticked checkboxes for the same reason as above.
- Cookie walls – i.e. forced consent as a condition for access to the website – is a non-compliant way of obtaining consent, since the consent is not considered freely given (i.e. valid).

### How do I make my website GDPR-compliant?
For your website to be compliant with the GDPR, you must –
1. obtain clear and unambiguous consent from your users ([see EDPB guidelines for more](https://www.cookiebot.com/en/edpb-guidelines/)),
2. prior to any processing of personal data,
3. after specifying all types of cookies and other tracking technology present and operating on its pages,
4. with no pre-ticked checkboxes on any cookie categories except necessary,
5. in easy-to-understand ways that enable users to consent and to revoke consent on each specific category of cookies,
6. to then be able to safely and confidentially document each user consent,
7. Consent must be renewed annually. However, some national data protection guidelines recommend more frequent renewal, e.g. 6 months. Check your local data protection guidelines for compliance.

---
## Examples of non-compliant cookie disclaimers for websites
Cookie disclaimers, the pop-up notifications on websites that leave no real consent for the user, are illegal under the [GDPR](https://www.cookiebot.com/en/gdpr/) and [EDPB guidelines](https://www.cookiebot.com/en/edpb-guidelines/).

A cookie disclaimer is exactly that – a disclaimer and nothing more.

Cookie disclaimers leave no real choice of consent for the user, as they don’t expose the cookies and tracking in operation on the website, their purpose and properties, or a choice of consenting to some cookies and not to others.

The following cookie disclaimers are non-compliant because they rely on the now-illegal **implied consent** or **soft opt in**, clarified as unlawful by the [EDPB guidelines of valid consent](https://www.cookiebot.com/en/edpb-guidelines/).

---
## Cookiebot CMP cookie banners, done right
We offer a high level of customization and autonomy for our customers when it comes to layout and make-up of the cookie banners. It is designed to be used in many different contexts, as well as live up to different national privacy laws and regulations.

To make sure that you use Cookiebot CMP in full GDPR compliance, you must leave **all cookie categories deselected by default** (except necessary cookies), so that users can exercise a clear and affirmative prior consent.

This cookie banner is compliantly implemented because -
- deselected cookie categories by default
- granular consent options with three different buttons
- a no-nudging layout that enables consent to be freely given
- the option for a detailed overview of type, provider, purpose and duration of each cookie
- an easy-to-understand text informing users of the personal data processing operations

---
## Frequently asked questions
What is personal data? 

GDPR defines personal data as any kind of information that can, directly or indirectly, be related to a living individual. This includes names, e-mail, phone number, home address, identification card numbers (social security, passport, driver's license), location data, IP addresses, search history and browser history. Websites often process some form of personal data through the use of cookies and trackers and must therefore obtain the consent of users before they can process their personal data.

[Learn more about website tracking and cookies.](https://www.cookiebot.com/en/website-tracking/)

---
## Resources
[General Data Protection Regulation (GDPR)](https://www.cookiebot.com/en/gdpr/)

[EDPB guidelines on valid consent](https://www.cookiebot.com/en/edpb-guidelines/)

[ICO’s updated guidelines](https://ico.org.uk/for-organisations/guide-to-pecr/cookies-and-similar-technologies/)

[ICO’s homepage](https://ico.org.uk/)

[CNIL’s updated guidelines](https://www.cnil.fr/en/cookies-and-other-tracking-devices-cnil-publishes-new-guidelines/)

[CNIL’s homepage](https://www.cnil.fr/en/home/)

[GDPR (official law text)](https://eur-lex.europa.eu/eli/reg/2016/679/oj/)

[ePrivacy Directive 2009 (official law text)](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32009L0136)

---

## Product
[Cookiebot™ Consent Solution](https://www.cookiebot.com/en/cookie-consent-solution/) · [Usercentrics for Wix](https://www.cookiebot.com/en/cookiebot-for-wix-by-usercentrics-app/) · [WordPress Plugin](https://www.cookiebot.com/en/new-wp-cookie-plugin/) · [Pricing](https://www.cookiebot.com/en/pricing/)

## Regulations
[DMA (EU)](https://www.cookiebot.com/en/digital-markets-act-dma/) · [GDPR (EU)](https://www.cookiebot.com/en/gdpr/) · [CCPA (California)](https://www.cookiebot.com/en/what-is-ccpa/) · [VCDPA (Virginia)](https://www.cookiebot.com/en/virginia-vcdpa/) · [LGPD (Brazil)](https://www.cookiebot.com/en/lgpd/) · [TCF v2.3 (IAB)](https://www.cookiebot.com/en/tcf/) · [Google Consent Mode](https://www.cookiebot.com/en/cookiebot-cmp-google-consent-mode/) · [Microsoft UET Consent Mode](https://www.cookiebot.com/en/microsoft-consent-mode-cmp/)

## Partners
[Become an affiliate](https://www.cookiebot.com/en/affiliates/) · [Become a partner](https://www.cookiebot.com/en/resellers/) · [Find a partner](https://www.cookiebot.com/en/cookiebot-reseller/)

## Resources
[Blog](https://www.cookiebot.com/en/blog/) · [Digital Markets Act Hub](https://www.cookiebot.com/en/digital-markets-act-dma-resources/) · [Google Consent Mode Hub](https://www.cookiebot.com/en/google-consent-mode-resources/) · [Google Consent Mode V2 Certification](https://courses.usercentrics.com/course/google-consent-mode-v2) · [Google Consent Audit Fixes](https://www.cookiebot.com/en/google-consent-audit-fixes/) · [Developer documentation](https://www.cookiebot.com/en/developer/) · [Cookiebot vs CookieYes](https://www.cookiebot.com/en/cookiebot-best-cookieyes-alternative/) · [Cookiebot vs OneTrust](https://www.cookiebot.com/en/onetrust-alternative/) · [Cookie Banner Cost Calculator](https://www.cookiebot.com/en/cookie-banner-pricing-calculator/)

## Company
[About us](https://www.cookiebot.com/en/about/) · [Careers](https://usercentrics.com/career/) · [Support](https://support.cookiebot.com/hc/en-us/)

---
[Privacy Policy](https://www.cookiebot.com/en/privacy-policy/) · [Terms of Service](https://www.cookiebot.com/en/terms-of-service/) · [Cookie Declaration](https://www.cookiebot.com/en/cookie-declaration/) · [Data Processing Agreement](https://www.cookiebot.com/en/data-processing-agreement/)

©2026 Cookiebot™ by [Usercentrics](https://usercentrics.com/)