Cookie Consent: The Ultimate Guide

Last updated on August 21, 2021

Cookie Consent: The Ultimate Guide

Cookie consent has become a major buzzword today with the strengthening of different cookie regulations. This article will help you explore all you need to know about cookie consent, like what they are, their importance, and what every website owner needs to do to make sure they have a proper cookie consent management system, and more. 

Go ahead and learn all about it. 

What is Cookie Consent?

In simple words, cookie consent is a permission requirement that website owners need to seek from their visitors for activating cookies that process personal data on their website. This is because some cookies on a website collect data of its visitors. Some of these data are classified as personally identifiable and the website should inform and get permission from the visitors before using them.

Does your Website Need Cookie Consent?

Whether or not your website needs cookie consent from your users before activating cookies is based on two factors,

  1. Where your business is situated
  2. Where your website visitors are from

There are many different digital privacy laws around the world. While GDPR (General Data Protection Regulation) is for protecting the privacy of the citizens of the European Union, CCPA is for the residents of California. Seeking cookie consent is one of the major requirements of complying with any of these regulations.

What Kind of Cookies Need Consent?

Website cookies are primarily divided into two categories – first and third-party cookies. First-party cookies are set by the website visited by the user, whereas third-party cookies are set by the third-party elements present on the website such as chatbots, social media plugins, ads, etc. 

These cookies are further divided by how they are needed for the functioning of a website. Certain cookies are necessary for the functioning of a website such as cookies for securely accessing the site, allowing eCommerce shops to hold items in cart while shopping online, etc. 

These cookies are called necessary cookies and the majority of online privacy regulations allow websites to activate such cookies without visitors’ consent. All cookies other than necessary are considered non-necessary and need prior consent from users for activating them. 

GDPR and Cookie Consent

GDPR is by far the strictest regulation regarding cookie usage and online privacy. 

Here’s what the Recital 30 of the European Union’s General Data Protection Regulation has stated about the online identifiers for profiling and identification.

“Natural persons may be associated with online identifiers provided by their devices, applications, tools, and protocols, such as internet protocol addresses, cookie identifiers, or other identifiers such as radio frequency identification tags. This may leave traces which, in particular when combined with unique identifiers and other information received by the servers, may be used to create profiles of the natural persons and identify them.”

This conveys that all kinds of online identifiers, including cookies that collect individuals’ personally identifiable data, are required to comply with the GDPR. Thus websites are required to obtain explicit consent from their users via cookie consent banners before placing cookies or online trackers on their terminal devices.

As per GDPR, merely displaying a cookie consent banner doesn’t guarantee compliance with the regulation. It is more about making users aware of the presence of cookies, what they do with their data, and ultimately allowing them to make an informed decision.

For creating a GDPR compliant cookie consent banner you need to ensure the following points. 

  • Provide accurate information about the cookies that are being used on your website 
  • Let users give consent by a clear, affirmative action
  • Allow refusal or withdrawal of consent anytime
  • Keep a record of user consents

Dos and Don’ts of a GDPR Compliant Cookie Consent Banner

With GDPR and similar privacy regulations making it mandatory to display cookie consent banners, it is quite possible to find different types of cookie banners on different websites. If that’s making it hard for you to decide on how a GDPR compliant banner should look like, here are some of the dos and don’ts you should consider while creating your cookie notice. 

  • Don’t – Notice only cookie consent banners
  • Dos    – Display ‘Accept’ and ‘Reject’ buttons along with the notice

Using cookie banners only for notifying users regarding the use of cookies is inadequate. Along with notifying users, you need to allow them options to accept or deny cookies. 

  • Don’t Pre-ticked boxes
  • Dos  – Granular consent to opt-in or accept non-essential cookies

Pre-ticked boxes are indicative of implied consent, which is clearly against compliance. If your website is using cookies categorized as non-necessary, you need your users to express their consent in the form of affirmative action such as enabling a checkbox, toggling a button, etc. 

  • Don’tDisplaying only accept button
  • Dos –  Display ‘Accept’ and ‘Reject’ buttons with equal emphasis

Not displaying a reject button or playing down its importance on the banner attempts to nudge the user to accept the cookie notice. It is against the requirement that consent should be freely given.   

  • Don’t – Displaying cookie walls 
  • Dos  – Allow access to website content that doesn’t use the cookies users have denied

Cookie walls are used to hide content from users until they accept cookies. It is not advised to display cookie walls or any other mechanisms that will prohibit users from accessing website contents. 

  • Don’t – Bundled cookie consent
  • Dos  – Allow granular level consent

Consent shouldn’t be sought in a bundle. You need to categorize all the types of cookies you use (such as necessary, functional, marketing, analytics, etc.) on your website and seek explicit consent from users.

  • Don’t – Hidden cookie policy
  • Dos  – Link to your cookie policy

Your cookie policy should not be buried deep inside your website. It should be visible to your website visitors. You can include a link to your cookie or privacy policy in the cookie notice. The user can then learn about cookie usage in detail. 

  • Don’t –  Confusing language
  • Dos  –  Crisp, concise, and jargon-free language 

Lack of clarity in conveying cookie-specific information would result in users not making attempts to nudge an informed decision. Wordings such as OK’ ‘proceed’ or ‘continue’ may nudge users to move on with the default option, and not explore more options in the settings. Cookie notice should have unambiguous, concise, and jargon-free language. 

  • Don’t – Confusing icons or buttons
  • Dos  – Clean and user-friendly interface optimized for different devices

Using confusing icons such as ‘X’ to close the cookie banner, doesn’t specify what happens when a user clicks on that. Most close buttons accept cookies. This is against informed consent. 

Examples of Cookie Consents

The majority of websites follow the best practices suggested by GDPR or similar regulations when it comes to creating cookie banners on their website. Let’s check out some of the finest examples of GDPR compliant cookie consent banners. 

AirBNB

Following is a cookie banner from the popular travel website Airbnb. It has a descriptive cookie notice, and it informs the user of the underlying action when they click on either the ‘Cookie preferences’ button or the OK button. 

Cookie consent banner AirBNB
Cookie consent banner AirBNB

Airbnb has included a very long and descriptive cookie banner that categorizes each of the cookies used on the website into multiple categories. Users can allow or withdraw consent for any cookies by toggling buttons.

Cookie consent banner privacy settings
Cookie consent banner privacy settings

BBC

BBC has used a simple cookie policy that emphasizes the important wordings so that a user can understand the notice by simply taking a look at the banner. 

Cookie consent banner BBC
Cookie consent banner BBC

Inside cookie preference, users are allowed to allow or deny the consent for categories other than strictly necessary cookies. 

Cookie consent banner settings
Cookie consent banner settings

The Guardian

Guardian has a well-defined cookie banner compared to other websites. It informs why they use cookies on the cookie banner itself. No need to go to the privacy policy page to learn about that. 

Cookie consent banner - The Guardian
Cookie consent banner – The Guardian

Inside their privacy settings/manage cookies page, they categorize cookies by clearly stating their purpose rather than including them in a category. 

Cookiebanner settings
Cookiebanner settings

It’s time to get familiar with some of the cookie consent solutions that help your website with cookie compliance. 

CookieYes GDPR Cookie Consent Plugin for WordPress

For those of you who own a WordPress website and are looking for a cookie consent solution to make your GDPR compliance journey easier, the CookieYes GDPR Cookie consent and Compliance Notice plugin would be a great option.

Once you install the cookie consent plugin you can avail of the following features to make cookie management easy.

Customizable Cookie Banner 

The plugin comes with options to customize every element of the cookie consent banner. You can change its appearance (banner, popup, widget), add custom text for cookie banner and buttons, set color for background and text, and more.

Privacy/Cookie Policy Generator 

This cookie consent plugin lets you create a cookie policy from scratch by offering you a customizable template. You can use the default text within the template or add your content to the policy.

Cookie Scanner 

The Cookie scanner is a very useful feature to detect all the cookies on your website so you can categorize them efficiently and provide relevant information to users prior to seeking consent. 

You can perform frequent cookie scans and once the scan is completed you will be provided with a list of all the cookies on your website along with the cookie type and their description, etc.

You can download the information as a CSV or import it to the cookie list for displaying it to your users.

Auto-cookie Blocker for Third-Party Cookies

Third-party cookies can often be problematic when it comes to achieving cookie compliance. Since these are deposited on your website through plugins, ads, or services, it can be difficult to identify and manage them properly. 

With the auto-cookie blocker functionality of the plugin, you can enable the third-party cookies to be blocked on your website only to be rendered by explicit consent from users. 

CookieYes – Cookie Consent Solution for GDPR & CCPA Compliance

CookieYes is a leading cloud solution for cookie management that adds a customizable cookie banner to your site so that users can easily give consent or reject the site’s use of cookies. Plus its built-in scanner scans your website for cookies and automatically blocks all the non-essential cookies until obtaining users’ consent.

Following are the major features offered by the plugin in complying with the GDPR and CCPA regulations.

Fully Customizable Cookie Consent Banner

We have already mentioned the dos and don’ts of a GDPR compliant cookie consent banner. This cookie consent solution does a great job when it comes to creating a cookie consent banner that fulfills all the GDPR requirements. 

CookieYes offers different types of banner templates for you to choose from, such as classic, banner, box, and recommended. When you choose the recommended option, CookieYes auto-recommends banner styles based on your website’s color scheme.

CookieYes Cookie consent banner setup
Cookie consent banner setup

When it comes to customization, you are provided with tons of options. You can choose from a  suitable layout, display the banner in your preferred language (24 different languages are currently available), add custom content for banner, title, button text, privacy policy, etc. You can also see your website’s preview as you make changes to the banner. 

Cookie consent banner settings
Cookie consent banner settings

Granular Level Cookie Preferences

Within cookie preferences, you can set which cookie categories will be enabled or disabled by default before the users register their consent. 

Granular consent settings for cookies by CookieYes
Granular consent settings

Based on your users’ location or action you can configure the behavior of the cookie consent banner. You can choose to show banners only for visitors from the EU, reload the page on consent action, or show a cookie audit table to your visitors. 

Cookie consent banner behavior settings by CookieYes
Cookie consent banner behavior settings

Inside managed cookies, you can add new cookies, edit or delete existing cookies, and change their categories.

CookieYes automatically scans the website for cookies and displays the cookies on the dashboard on sign-up itself. However, you can manually initiate a scan procedure as well. 

The consent log allows you to keep a record of users who have given consent to the use of cookies on your website. 

Once the consent is logged in, the anonymized IP addresses of the users who have given their consent and the cookie categories that they have given consent to will be recorded on the consent report page along with the date and time of their visit.

Cookie consent log by CookieYes
Cookie consent log

Conclusion

Cookie consent has huge importance in a time when digital privacy is of major concern. If you own a website, it is of utmost importance to ensure your users’ privacy by engaging in the right privacy practices. Hopefully, the article helped you in finding all the relevant information needed to take the right actions toward providing a safe online experience for your users.