Cookie consent has become a major buzzword today with the strengthening of different cookie regulations. This article will help you explore all you need to know about cookie consent, like what they are, their importance, and what every website owner needs to do to make sure they have a proper cookie consent management system, and more.
Go ahead and learn all about it.
In simple words, cookie consent is a permission requirement that website owners need to seek from their visitors for activating cookies that process personal data on their website. This is because some cookies on a website collect data of its visitors. Some of these data are classified as personally identifiable and the website should inform and get permission from the visitors before using them.
Whether or not your website needs cookie consent from your users before activating cookies is based on two factors,
- Where your business is situated
- Where your website visitors are from
There are many different digital privacy laws around the world. While GDPR (General Data Protection Regulation) is for protecting the privacy of the citizens of the European Union, CCPA is for the residents of California. Seeking cookie consent is one of the major requirements of complying with any of these regulations.
Website cookies are primarily divided into two categories – first and third-party cookies. First-party cookies are set by the website visited by the user, whereas third-party cookies are set by the third-party elements present on the website such as chatbots, social media plugins, ads, etc.
These cookies are further divided by how they are needed for the functioning of a website. Certain cookies are necessary for the functioning of a website such as cookies for securely accessing the site, allowing eCommerce shops to hold items in cart while shopping online, etc.
These cookies are called necessary cookies and the majority of online privacy regulations allow websites to activate such cookies without visitors’ consent. All cookies other than necessary are considered non-necessary and need prior consent from users for activating them.
GDPR is by far the strictest regulation regarding cookie usage and online privacy.
Here’s what the Recital 30 of the European Union’s General Data Protection Regulation has stated about the online identifiers for profiling and identification.
“Natural persons may be associated with online identifiers provided by their devices, applications, tools, and protocols, such as internet protocol addresses, cookie identifiers, or other identifiers such as radio frequency identification tags. This may leave traces which, in particular when combined with unique identifiers and other information received by the servers, may be used to create profiles of the natural persons and identify them.”
This conveys that all kinds of online identifiers, including cookies that collect individuals’ personally identifiable data, are required to comply with the GDPR. Thus websites are required to obtain explicit consent from their users via cookie consent banners before placing cookies or online trackers on their terminal devices.
As per GDPR, merely displaying a cookie consent banner doesn’t guarantee compliance with the regulation. It is more about making users aware of the presence of cookies, what they do with their data, and ultimately allowing them to make an informed decision.
For creating a GDPR-compliant cookie consent banner you need to ensure the following points.
- Provide accurate information about the cookies that are being used on your website
- Let users give consent by a clear, affirmative action
- Allow refusal or withdrawal of consent anytime
- Keep a record of user consent
With GDPR and similar privacy regulations making it mandatory to display cookie consent banners, it is quite possible to find different types of cookie banners on different websites. If that’s making it hard for you to decide on how a GDPR compliant banner should look, here are some of the dos and don’ts you should consider while creating your cookie notice.
- Don’t – Notice only cookie consent banners
- Dos – Display ‘Accept’ and ‘Reject’ buttons along with the notice
- Don’t – Pre-ticked boxes
- Dos – Granular consent to opt-in or accept non-essential cookies
Pre-ticked boxes are indicative of implied consent, which is clearly against compliance. If your website is using cookies categorized as non-necessary, you need your users to express their consent in the form of affirmative action such as enabling a checkbox, toggling a button, etc.
- Don’t – Displaying only accept button
- Dos – Display ‘Accept’ and ‘Reject’ buttons with equal emphasis
Not displaying a reject button or playing down its importance on the banner attempts to nudge the user to accept the cookie notice. It is against the requirement that consent should be freely given.
- Don’t – Displaying cookie walls
- Dos – Allow access to website content that doesn’t use the cookies users have denied
Cookie walls are used to hide content from users until they accept cookies. It is not advised to display cookie walls or any other mechanisms that will prohibit users from accessing website contents.
- Don’t – Bundled cookie consent
- Dos – Allow granular level consent
Consent shouldn’t be sought in a bundle. You need to categorize all the types of cookies you use (such as necessary, functional, marketing, analytics, etc.) on your website and seek explicit consent from users.
- Don’t – Confusing language
- Dos – Crisp, concise, and jargon-free language
Lack of clarity in conveying cookie-specific information would result in users not making attempts to nudge an informed decision. Wordings such as OK’ ‘proceed’ or ‘continue’ may nudge users to move on with the default option, and not explore more options in the settings. Cookie notice should have unambiguous, concise, and jargon-free language.
- Don’t – Confusing icons or buttons
- Dos – Clean and user-friendly interface optimized for different devices
Using confusing icons such as ‘X’ to close the cookie banner, doesn’t specify what happens when a user clicks on that. Most close buttons accept cookies. This is against informed consent.
The majority of websites follow the best practices suggested by GDPR or similar regulations when it comes to creating cookie banners on their website. Let’s check out some of the finest examples of GDPR compliant cookie consent banners.
Following is a cookie banner from the popular travel website Airbnb. It has a descriptive cookie notice, and it informs the user of the underlying action when they click on either the ‘Cookie preferences’ button or the OK button.
Airbnb has included a very long and descriptive cookie banner that categorizes each of the cookies used on the website into multiple categories. Users can allow or withdraw consent for any cookies by toggling buttons.
Inside cookie preference, users are allowed to allow or deny the consent for categories other than strictly necessary cookies.
Inside their privacy settings/manage cookies page, they categorize cookies by clearly stating their purpose rather than including them in a category.
It’s time to get familiar with some of the cookie consent solutions that help your website with cookie compliance.
GDPR Cookie Consent Plugin for WordPress
For those of you who own a WordPress website and are looking for a cookie consent solution to make your GDPR compliance journey easier, the GDPR Cookie Consent plugin would be a great option.
Once you install the cookie consent plugin you can avail of the following features to make cookie management easy.
Refer to this article to learn more about WordPress and GDPR.
Customizable Cookie Banner
The plugin comes with options to customize every element of the cookie consent banner. You can change its appearance as a cookie popup, banner, or widget, add custom text for cookie banners and buttons, set color for background and text, and more.
The Cookie scanner is a very useful feature to detect all the cookies on your website so you can categorize them efficiently and provide relevant information to users prior to seeking consent.
You can perform frequent cookie scans and once the scan is completed you will be provided with a list of all the cookies on your website along with the cookie type and their description, etc.
You can download the information as a CSV or import it to the cookie list for displaying it to your users.
Auto-cookie Blocker for Third-Party Cookies
Third-party cookies can often be problematic when it comes to achieving cookie compliance. Since these are deposited on your website through plugins, ads, or services, it can be difficult to identify cookies on your website and manage them properly.
With the auto-cookie blocker functionality of the plugin, you can enable third-party cookies to be blocked automatically on your website only to be rendered by explicit consent from users.
Cookie consent has huge importance in a time when digital privacy is of major concern. If you own a website, it is of utmost importance to ensure your users’ privacy by engaging in the right privacy practices. Hopefully, the article helped you in finding all the relevant information needed to take the right actions toward providing a safe online experience for your users.
- Was this article helpful?
- Yes, thanks!Not really
November 8, 2022
I just came from a website that has two choices, “save and exit” and “accept all.” But only the ‘Accept all” can be clicked on. The other one does nothing. Seems agains the whole purpose.
There are some that don’t say ‘on,’ or ‘off; or ‘agree’ or ‘disagree’ and the colors are black and gray. What do those colors mean? Some are red and gray. Which means agreement? This whole thing is a mess, and I end up having to redo it each time I visit the site. Are they just trying to wear the viewer down to agree to all?
December 4, 2022
Greetings from Webtoffee!
Perhaps the cookie consent solution’s configuration is not done correctly on the website you mentioned. Some organizations utilize certain colour schemes to match the theme of their website. It is not often done on purpose to get site visitors to click “Accept” because it is not a legal gesture. If you have a website, always check that a proper consent solution is being used on it and that it has solid technical support.
August 21, 2022
This is extremely helpful, no matter what type of website you own. I mainly use WP and there are a few good plugins to help make sure your site is GDPR compliant, I also had to hire https://www.teamworkims.co.uk/gdpr/ because a large news site I operate almost got fined for compliance issues.
August 2, 2021
It is an amazing post and you explained in a detailed way. Nice to see this here. I will bookmark your blog for more details. Keep sharing the new things like this.