# [What is a cookie notice and why do you need one?](https://www.cookiebot.com/en/cookie-notice/) **Everything you need to know to help you create a privacy-compliant cookie notice for your website.** · [Optimize your cookie texts for consent](https://www.cookiebot.com/en/cookie-texts/) · [Start your free trial of Cookiebot CMP!](https://admin.cookiebot.com/signup) · [Visit Cookiebot CMP](https://www.cookiebot.com/) A cookie notice, also known as a [cookie banner](https://www.cookiebot.com/en/cookie-banner/), cookie popup, or [consent banner](https://www.cookiebot.com/en/google-third-party-cookies/), is a combination of notification and potential agreement. It appears on websites, apps, and other digital platforms where data is collected, and outlines the types of [third-party cookies](https://www.cookiebot.com/en/google-third-party-cookies/) and other tracking technologies used on the site and what they’re used for. It also informs website visitors about the data collected via cookies, parties that may access the data, and other factors, depending on relevant privacy regulation requirements. Under European rules like the GDPR and ePD, websites must comply with more than just notification requirements. When collecting users' personal data, businesses have certain obligations regarding users' privacy, like not disclosing or selling the data to third parties without prior consent from users in many cases. Due to requirements from regulations like the [GDPR](https://www.cookiebot.com/en/gdpr/), [California Consumer Privacy Act (CCPA)](https://www.cookiebot.com/en/ccpa/), and other global privacy laws, a clear cookie notice is vital. It ensures organizations comply with privacy regulations but also serves as a best practice for user experience, independent of legal requirements. Furthermore, it helps build trust with users by transparently disclosing data usage practices. The notice informs visitors about cookie usage for a variety of purposes, including improving site experience, optimizing personalization, and other functions. Users should be able to accept or reject all cookies or customize preferences. It’s important to note that some cookies do not require user consent — those deemed “necessary” or “essential” for the website’s correct function, for example — but they should still be listed. Users should also be able to access detailed [cookie policy](https://www.cookiebot.com/en/cookie-policy/) information. --- ## What is a cookie notice? A cookie notice is a policy statement on your website that discloses details about the cookies used by the site, their types, and their purposes. --- ## Why do you need a cookie consent notice? Different regulations have specific requirements for your cookie notification, and you need to meet them for each regulation that’s relevant to your company’s operations and user base. The [GDPR](https://www.cookiebot.com/en/gdpr/) and the ePrivacy Directive mandate that users be informed about how their personal data is collected and processed. As [tracking cookies](https://www.cookiebot.com/en/tracking-cookies/) come under the scope of personal data under the GDPR, a cookie notice is required for websites of organizations that have visitors, customers, or users that reside in the European Union. It doesn’t matter if the company itself is located there,  what's important is the location of the users whose data is being processed. --- ## What should a cookie notice text include? While creating the cookie notice for your website, the cookie policy text should include a few key components. For starters, always use clear and concise language. Avoid legal jargon that may confuse the readers, though you should consult with qualified legal counsel and/or a privacy expert in drafting your cookie policy and notice content. [GDPR](https://www.cookiebot.com/en/gdpr/)-compliant cookie notices should provide a clear explanation of what cookies are in use on the website, and how, as well as what data they collect, for which purposes, and third parties that may access it. Information also needs to be provided about users’ rights and how to exercise them, including consent options and contacting the company to make a data subject access request. ### Requirements for a GDPR and ePrivacy compliant cookie notice - **Obtain explicit consent**: Ask users for permission before activating non-essential cookies. Consent must be a voluntary and active choice, with no pre-selected options or barriers. - **Provide clear information**: Clearly explain the types of cookies used, their purposes, and whether personal data is shared with third parties in an easy-to-understand manner. - **Offer granular control**: Enable users to choose which types of cookies, or even which specific cookies, to accept or reject, rather than an all-or-nothing approach. Users should be able to withdraw consent or change their preferences easily. - **Ensure accessibility:** Make the required notice and consent options easy to find and use, e.g. a consent banner centered on the page when users arrive at the site, or clear and prominent in the footer of every page, depending on regulatory requirements. - **Block cookies before consent**: Only activate essential cookies before the user gives consent. Non-essential cookies and trackers should be blocked until then. - **Maintain an audit trail**: Keep a secure record of users’ consent information. This enables users to change their preferences later on. And it is also necessary to provide in the event of an audit by data protection authorities, or data subject access request. - **Renew consent periodically**: Renew user consent regularly. The required time period for consent expiry will be different depending on relevant laws. Get new consent independent of time if your processing purposes or other key operations change. - **Ensure compliance with third-party cookies**: Some third-party cookies can be tricky to access, but the controller (website owner) is responsible for their compliance, too. Ensure that any third-party cookies or tracking technologies set by other companies also adhere to the cookie notice requirements. ### Requirements for a CCPA-compliant cookie notice Under the [CCPA](https://www.cookiebot.com/en/ccpa/), businesses are required to disclose to consumers the usage of cookies and other [tracking technologies](https://www.cookiebot.com/en/website-tracking/) on their websites. The CCPA also empowers consumers with specific rights to manage the personal data collected by businesses, while also imposing legal obligations on these businesses to limit and protect this data. - **Opt-out mechanism**: While the CCPA doesn't mandate prior consent, the website must offer an opt-out option for users to decline the sale or sharing of their personal information gathered via cookies, or use of their data for profiling or targeted advertising. This is typically provided through a prominent "Do Not Sell Or Share My Personal Information" link. - **Detailed cookie/opt-out policy**: Alongside the privacy policy, the website should have a dedicated cookie policy or "Opt-Out Preferences" page. This page should offer in-depth details about the types of cookies used, their purposes, and how users can exercise their opt-out rights. - **Accessibility**: The opt-out mechanism, like the "Do Not Sell" link, should be easy to find and use, usually located in the website footer. - **Consent for minors**: If the website collects personal information from children under 16, it must obtain consent from a parent or guardian before collecting or selling that data. - **Compliance monitoring**: A website should keep track of and securely maintain records of users’ consent information to demonstrate CCPA compliance when necessary. --- ## Cookie notice examples Cookie notices can have a variety of appearances, though there are certain best practices to follow when creating a consent banner to ensure that it is transparent, clear, and provides people with granular control while being user-friendly. Cookie banner text should inform users about the cookies the website is using and their purpose(s). It doesn’t have to provide all the information in the first layer. Granular details can be included in the second layer if it’s easily accessible to interested parties. Users’ options need to be equal, so if there’s an “Accept” button, there has to be a “Reject” one as well, and both need to be comparable in size, location, appearance, and accessibility. --- ## Cookie consent notice plugins for WordPress WordPress is the world’s most popular website builder and website management platform. Therefore, there are a variety of [cookie notice WordPress plugins](https://www.cookiebot.com/en/new-wp-cookie-plugin/) that will do most of the work for you. Cookiebot CMP is a comprehensive cookie consent management platform (CMP) that delivers the following: - helps achieve compliance with data privacy regulations and frameworks like the [GDPR](https://www.cookiebot.com/en/gdpr/), ePrivacy Directive, and [CCPA](https://www.cookiebot.com/en/ccpa/) - automatically scans websites and detects all cookies and trackers in use and updates your implementation - enables you to generate a customized cookie consent banner to notify users and obtain consent - provides centralized cookie management from a single dashboard --- ## Cookie management: how Cookiebot can help Cookiebot CMP also integrates seamlessly on websites with other tools and plugins such as [Google Consent Mode](https://www.cookiebot.com/en/google-consent-mode/) and [Google Tag Manager](https://www.cookiebot.com/en/google-tag-manager/). Making it a convenient solution for implementing robust cookie consent across an entire website while enabling you to continue with other marketing operations. Don’t just take our word for it, experience it for yourself. We offer a free 14-day trial! --- ## Frequently asked questions What is the [GDPR](https://www.cookiebot.com/en/gdpr/)? The [GDPR](https://www.cookiebot.com/en/gdpr/) — or General Data Protection Regulation — is a data privacy law that regulates personal data processing for residents of the European Union. It grants users rights to consent to, reject, rectify, delete, and access their data. Consent under the [GDPR](https://www.cookiebot.com/en/gdpr/) must be freely given, specific, informed, and unambiguous. What is personal data? The [GDPR](https://www.cookiebot.com/en/gdpr/) defines personal data as any kind of information that can be related, directly or indirectly by inference, to a living individual. This includes names, addresses, social security and passport numbers, emails, phone numbers, location data, IP addresses, browser and search history, and more. --- ## Resources *Used by: Brand A, Brand B, Brand C* [Visit Cookiebot CMP](https://www.cookiebot.com/)  for a compliant and wholesome cookie notice solution. Inform yourself on rules and implications of [the European GDPR](https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX%3A32016R0679&from=EN)  and how it impacts your website. Learn more about the [EDPB guidelines for valid consent](https://www.cookiebot.com/en/edpb-guidelines/)  in the EU Update yourself on [the repercussions of the Facebook/Cambridge Analytica scandal](https://www.theguardian.com/technology/2019/mar/17/the-cambridge-analytica-scandal-changed-the-world-but-it-didnt-change-facebook/)  , one year later. Get a comprehensive overview of [the Russian interference in the 2016 US presidential election](https://www.nytimes.com/2019/04/19/opinion/mueller-report-trump-russia.html)  . Take a look at [“Ad Tech Surveillance on the Public Sector Web”](https://www.cookiebot.com/media/1136/cookiebot-report-2019-ad-tech-surveillance-2.pdf)  , Cybot’s detailed and revelatory report into the hidden tracking of EU citizens. Read about the [US political debate around breaking up of tech giants](https://www.theguardian.com/us-news/2019/mar/11/elizabeth-warren-facebook-ads-break-up-big-tech/)  . [How does targeted ads actually work](https://www.nytimes.com/interactive/2019/04/30/opinion/privacy-targeted-advertising.html?action=click&module=Opinion&pgtype=Homepage)  ? Here’s a cool and explanatory investigation into the science behind targeted ads by the New York Times. --- ## Product [Cookiebot™ Consent Solution](https://www.cookiebot.com/en/cookie-consent-solution/) · [Usercentrics for Wix](https://www.cookiebot.com/en/cookiebot-for-wix-by-usercentrics-app/) · [WordPress Plugin](https://www.cookiebot.com/en/new-wp-cookie-plugin/) · [Pricing](https://www.cookiebot.com/en/pricing/) ## Regulations [DMA (EU)](https://www.cookiebot.com/en/digital-markets-act-dma/) · [GDPR (EU)](https://www.cookiebot.com/en/gdpr/) · [CCPA (California)](https://www.cookiebot.com/en/what-is-ccpa/) · [VCDPA (Virginia)](https://www.cookiebot.com/en/virginia-vcdpa/) · [LGPD (Brazil)](https://www.cookiebot.com/en/lgpd/) · [TCF v2.3 (IAB)](https://www.cookiebot.com/en/tcf/) · [Google Consent Mode](https://www.cookiebot.com/en/cookiebot-cmp-google-consent-mode/) · [Microsoft UET Consent Mode](https://www.cookiebot.com/en/microsoft-consent-mode-cmp/) ## Partners [Become an affiliate](https://www.cookiebot.com/en/affiliates/) · [Become a partner](https://www.cookiebot.com/en/resellers/) · [Find a partner](https://www.cookiebot.com/en/cookiebot-reseller/) ## Resources [Blog](https://www.cookiebot.com/en/blog/) · [Digital Markets Act Hub](https://www.cookiebot.com/en/digital-markets-act-dma-resources/) · [Google Consent Mode Hub](https://www.cookiebot.com/en/google-consent-mode-resources/) · [Google Consent Mode V2 Certification](https://courses.usercentrics.com/course/google-consent-mode-v2) · [Google Consent Audit Fixes](https://www.cookiebot.com/en/google-consent-audit-fixes/) · [Developer documentation](https://www.cookiebot.com/en/developer/) · [Cookiebot vs CookieYes](https://www.cookiebot.com/en/cookiebot-best-cookieyes-alternative/) · [Cookiebot vs OneTrust](https://www.cookiebot.com/en/onetrust-alternative/) · [Cookie Banner Cost Calculator](https://www.cookiebot.com/en/cookie-banner-pricing-calculator/) ## Company [About us](https://www.cookiebot.com/en/about/) · [Careers](https://usercentrics.com/career/) · [Support](https://support.cookiebot.com/hc/en-us/) --- [Privacy Policy](https://www.cookiebot.com/en/privacy-policy/) · [Terms of Service](https://www.cookiebot.com/en/terms-of-service/) · [Cookie Declaration](https://www.cookiebot.com/en/cookie-declaration/) · [Data Processing Agreement](https://www.cookiebot.com/en/data-processing-agreement/) ©2026 Cookiebot™ by [Usercentrics](https://usercentrics.com/)