Logo Logo

The General Data Protection Regulation (GDPR) affects how your website may track visitors from the EU.

Try our free compliance test to check if your website’s use of cookies and online tracking is GDPR/ePR compliant.

Cookie texts for GDPR compliant consent banners

Bridging the divide between your website’s cookies and the privacy of your users is done by clear and honest cookie texts and cookie consent message – through trust-building communication.

Your website uses cookies and other tracking technology. This is no secret. But how you choose to communicate this fact to your users makes a world of difference. It is not just about GDPR compliance, it is about respecting the private, autonomous lives of your users.

It’s also about what image you communicate of yourself and your domain to your visitors: are you one to help protect their personal data or are you one to pass them on to third-parties with hidden intentions?

The privacy paradox is real, science shows. The burden of protecting user privacy shouldn’t be left on their shoulders, but rather thought of as an integral part of your website upon arrival.

Exactly, what is a cookie text/cookie message?

The cookie text or cookie message, as it is interchangeably referred to, is the actual text – the written content – in the cookie consent banners that communicates to a website’s users about its use of cookies. It’s not the cookies themselves that are referred to here, even though cookies too are text files, or “scripts”, as they are called in the developer-lingo.

It is also not the same thing as a cookie policy text or cookie policy message, which are policy statements about the overall strategy and position of a company regarding the privacy of its users. It is much broader than the subject of this blogpost.

No, here we’re talking about the cookie text or cookie message – that is, the text on the cookie banner.

A cookie message example:

valid consent banner gdpr compliance

The GDPR compliant Cookiebot cookie consent message and its cookie consent text.

The consent banner is a permanent fixture on most websites in the world by now, a year after the European General Data Protection Regulation (GDPR) came into effect.

However, there are many, many ways that websites around the world choose to declare their cookies and tracking. There are many, many different cookie messages on websites too.

Non-compliant cookie text and cookie banners

Many cookie messages (in fact many cookie banners as a whole) are still non-compliant with the GDPR. These leave no real choice of consent for the user and explain poorly how their personal data is being handled by the website.

A cookie message should not only read that your website uses cookies - period - and then have an “okay”-button.

If you are curious about how your website becomes GDPR compliant – click here.

Another cookie message example:

gdpr compliance valid consent banner

A cookie consent text needs to be clear, honest and to-the-point.

Cookie text for GDPR compliance

The GDPR mandates that all websites with visitors from the EU have to –

The “clear and unambiguous prior consent” happens in our option to opt-in or opt-out of the different cookie categories (preferences, statistics, marketing), while the “specifying all types of cookies” happens in our cookie declaration and depository (our comprehensive overview of all known cookies and their purpose).

That is the Cookiebot consent banner as it is known and used on hundreds of thousands of websites around the planet.

Try it for free here.

But the GDPR mandates more than that – it dictates that your website must inform its users “in easy-to-understand ways” and thus “enable users to consent and to revoke consent.

This is where the cookie text or cookie message comes in. It is the point at which you must state the underlying truth of tracking on your website.

How you do it can make a real difference for your users, and empower them with real, informed choice of consent.

It needs to be easy to read, easy to understand, i.e. plain and simple.

An example of our cookie message scripts:

Cookie message scripts from our Cookiebot consent and compliance solution

Cookie message scripts load the cookie consent banner with its cookie text.

Cookie texts and cookie messages, examples

The cookie text’s first of foremost job is to inform the users of the facts that –

The cookie text or cookie message is the main way of communicating to your visitors that you use e.g. analytics or marketing cookies to make your website and its services better and smarter, while at the same time protecting their privacy, giving them a real choice of how their data should be used.

It is this balancing act that the cookie text is supposed to express: making your users understand, perhaps even appreciate, that you use cookies to optimize their website experience, while at the same time making sure that you guard their data and thus their privacy with the utmost care.

The Cookiebot customizable cookie text and cookie message

A look at the Cookiebot customizable cookie text. It comes with preset text that is meant to inform clearly and explicitly about the use and purpose of cookies.

Users might see it as a cookie warning message, but the intent is not to warn, scare and induce fear in the end-users – rather to show how their privacy is integrated in your website’s function, as much so as the advertisements and analytics.

“Keep the text short, precise and appealing” if you choose to customize the text yourself. Avoid cake-related jokes. Make your cookie text and cookie messages sincere and honest. The more transparent, the better cookie consent for the users to make.

How to show a cookie message on your website

Subscribing to Cookiebot means implementing and operating a software-as-a-service directly from the cloud in three easy steps.

Once you’ve completed the three steps and filled out the content of your cookie consent banner, the cookie text or cookie message will show up automatically when a user lands on your website.

It is important to complete all three steps in order to be fully GDPR compliant.

Our Cookiebot solution uses JavaScripts to run and manage your user consents and their specific choices. They remember those individual choices for a year, after which they will ask for renewed consent. This way, you won’t spam your visitors.

Privacy paradox: cookie messages vs information avoidance

Have you ever heard of the privacy paradox?

A recent study out of Harvard University tested the “privacy paradox”, i.e. how people express the importance of their privacy, yet act in ways that are in direct opposition to those strongly held beliefs.

The experiment found that people are, indeed, inconsistent about their privacy: they are willing to pay for privacy, but they are also willing to trade off their privacy for small amounts of money.

The study hints at an explanation too: people choose not to know about the consequences of their actions in order to obtain bonuses. It is known as “information avoidance” – people keep their head in the sand and avoid information about how their behavior will affect their lives.

“Even people who are willing to pay to keep their Facebook data private also have a strong preference to avoid thinking about privacy in the first place”, Dan Svirsky, the researcher behind the study said to the New York Times and added that “lots of people don’t want to think about this stuff.”

Privacy paradox is a scientifically studied phenomenon of human behavior at Harvard University

The "privacy paradox" makes it hard for us to keep our own privacy intact.

Cookie texts and cookie messages are real and concrete solutions here and now.

In other words, the visitors and users of your website do care about their privacy, they just don’t want to think about it all the time.

The consent fatigue phenomenon is a clear symptom of information avoidance. Your users just click at whatever pops up out of exasperation of constantly being forced to face their own privacy matters, especially when faced with bad, non-compliant cookie messages and cookie texts.

You, as the website owner, are undoubtably aware of the weary and frustrated reaction of end-users towards cookie banners online. “I just click accept, cause I’m so tired of seeing them”, is an all-too common response in conversations on this subject matter.

Cookiebot saw this problem many years ago.

That’s why we developed the solution we have today: one that does not leave the difficult, uncomfortable, anxiety-inducing decisions of privacy and surveillance in the hands of the users.

“Anything that relies on people taking it upon themselves to protect their data is doomed”, Svirsky argues to the New York Times.

To respect the agency and autonomy of your users without putting the burden on them to protect themselves is not only the GDPR compliant balance that ad blockers and private search browsers fail to strike, it’s the very uniqueness of the Cookiebot solution.

A technology that lies between the website owner and their visitors as a watermark of transparency and certification, a guarantee that their privacy is protected by default.


Try Cookiebot for free here.

Need help at fully GDPR compliant implementation of Cookiebot?

The official GDPR law text

Take a good, hard look at the privacy paradox study conducted at Harvard Business School

You Care More About Your Privacy Than You Think, says the NY Times 

GDPR, cookies and consent

New CCPA configuration 

Cookiebot offers CCPA compliance!



Make your website’s use of cookies and online tracking compliant today

Try for free