Cookie Consent: The Ultimate Guide

Cookie consent has become a major buzzword today with the strengthening of different cookie regulations. This article will help you explore all you need to know about cookie consent, like what they are, their importance, and what every website owner needs to do to make sure they have a proper cookie consent management system, and more.

Go ahead and learn all about it.

In simple words, cookie consent is a permission requirement that website owners need to seek from their visitors for activating cookies that process personal data on their website. This is because some cookies on a website collect data of its visitors. Some of these data are classified as personally identifiable and the website should inform and get permission from the visitors before using them.

Whether or not your website needs cookie consent from your users before activating cookies is based on two factors,

  1. Where your business is situated
  2. Where your website visitors are from

There are many different digital privacy laws around the world. While GDPR (General Data Protection Regulation) is for protecting the privacy of the citizens of the European Union, CCPA is for the residents of California. Seeking cookie consent is one of the major requirements of complying with any of these regulations.

Website cookies are primarily divided into two categories – first and third-party cookies. First-party cookies are set by the website visited by the user, whereas third-party cookies are set by the third-party elements present on the website such as chatbots, social media plugins, ads, etc.

These cookies are further divided by how they are needed for the functioning of a website. Certain cookies are necessary for the functioning of a website such as cookies for securely accessing the site, allowing eCommerce shops to hold items in cart while shopping online, etc.

These cookies are called necessary cookies and the majority of online privacy regulations allow websites to activate such cookies without visitors’ consent. All cookies other than necessary are considered non-necessary and need prior consent from users for activating them.

GDPR is by far the strictest regulation regarding cookie usage and online privacy.

Here’s what the Recital 30 of the European Union’s General Data Protection Regulation has stated about the online identifiers for profiling and identification.

“Natural persons may be associated with online identifiers provided by their devices, applications, tools, and protocols, such as internet protocol addresses, cookie identifiers, or other identifiers such as radio frequency identification tags. This may leave traces which, in particular when combined with unique identifiers and other information received by the servers, may be used to create profiles of the natural persons and identify them.”

This conveys that all kinds of online identifiers, including cookies that collect individuals’ personally identifiable data, are required to comply with the GDPR. Thus websites are required to obtain explicit consent from their users via cookie consent banners before placing cookies or online trackers on their terminal devices.

As per GDPR, merely displaying a cookie consent banner doesn’t guarantee compliance with the regulation. It is more about making users aware of the presence of cookies, what they do with their data, and ultimately allowing them to make an informed decision.

For creating a GDPR-compliant cookie consent banner you need to ensure the following points.

  • Provide accurate information about the cookies that are being used on your website
  • Let users give consent by a clear, affirmative action
  • Allow refusal or withdrawal of consent anytime
  • Keep a record of user consent

With GDPR and similar privacy regulations making it mandatory to display cookie consent banners, it is quite possible to find different types of cookie banners on different websites. If that’s making it hard for you to decide on how a GDPR compliant banner should look, here are some of the dos and don’ts you should consider while creating your cookie notice.

  • Don’t – Notice only cookie consent banners
  • DosDisplay ‘Accept’ and ‘Reject’ buttons along with the notice

Using cookie banners only for notifying users regarding the use of cookies is inadequate. Along with notifying users, you need to allow them options to accept or deny cookies.

  • Don’t Pre-ticked boxes
  • Dos Granular consent to opt-in or accept non-essential cookies

Pre-ticked boxes are indicative of implied consent, which is clearly against compliance. If your website is using cookies categorized as non-necessary, you need your users to express their consent in the form of affirmative action such as enabling a checkbox, toggling a button, etc.

  • Don’tDisplaying only accept button
  • DosDisplay ‘Accept’ and ‘Reject’ buttons with equal emphasis

Not displaying a reject button or playing down its importance on the banner attempts to nudge the user to accept the cookie notice. It is against the requirement that consent should be freely given.

  • Don’t – Displaying cookie walls
  • Dos – Allow access to website content that doesn’t use the cookies users have denied

Cookie walls are used to hide content from users until they accept cookies. It is not advised to display cookie walls or any other mechanisms that will prohibit users from accessing website contents.

  • Don’t – Bundled cookie consent
  • Dos – Allow granular level consent

Consent shouldn’t be sought in a bundle. You need to categorize all the types of cookies you use (such as necessary, functional, marketing, analytics, etc.) on your website and seek explicit consent from users.

  • Don’t – Hidden cookie policy
  • Dos – Link to your cookie policy

Your cookie policy should not be buried deep inside your website. It should be visible to your website visitors. You can include a link to your cookie or privacy policy in the cookie notice. The user can then learn about cookie usage in detail.

  • Don’t – Confusing language
  • Dos – Crisp, concise, and jargon-free language

Lack of clarity in conveying cookie-specific information would result in users not making attempts to nudge an informed decision. Wordings such as OK’ ‘proceed’ or ‘continue’ may nudge users to move on with the default option, and not explore more options in the settings. Cookie notice should have unambiguous, concise, and jargon-free language.

  • Don’t – Confusing icons or buttons
  • Dos – Clean and user-friendly interface optimized for different devices

Using confusing icons such as ‘X’ to close the cookie banner, doesn’t specify what happens when a user clicks on that. Most close buttons accept cookies. This is against informed consent. 

Also Read: Privacy UX: Best UI/UX Practices for Cookie Consent Banners

The majority of websites follow the best practices suggested by GDPR or similar regulations when it comes to creating cookie banners on their website. Let’s check out some of the finest examples of GDPR compliant cookie consent banners.

AirBNB

Following is a cookie banner from the popular travel website Airbnb. It has a descriptive cookie notice, and it informs the user of the underlying action when they click on either the ‘Cookie preferences’ button or the OK button.

Cookie consent banner AirBNB
Cookie consent banner AirBNB

Airbnb has included a very long and descriptive cookie banner that categorizes each of the cookies used on the website into multiple categories. Users can allow or withdraw consent for any cookies by toggling buttons.

Cookie consent banner privacy settings
Cookie consent banner privacy settings

BBC

BBC has used a simple cookie policy that emphasizes the important wordings so that a user can understand the notice by simply taking a look at the banner.

Cookie consent banner BBC
Cookie consent banner BBC

Inside cookie preference, users are allowed to allow or deny the consent for categories other than strictly necessary cookies.

Cookie consent banner settings
Cookie consent banner settings

The Guardian

Guardian has a well-defined cookie banner compared to other websites. It informs why they use cookies on the cookie banner itself. No need to go to the privacy policy page to learn about that.

Cookie consent banner - The Guardian
Cookie consent banner – The Guardian

Inside their privacy settings/manage cookies page, they categorize cookies by clearly stating their purpose rather than including them in a category.

Cookiebanner settings
Cookiebanner settings

It’s time to get familiar with some of the cookie consent solutions that help your website with cookie compliance.

GDPR Cookie Consent Plugin for WordPress

For those of you who own a WordPress website and are looking for a cookie consent solution to make your GDPR compliance journey easier, the GDPR Cookie Consent plugin would be a great option.

Once you install the cookie consent plugin you can avail of the following features to make cookie management easy.

Refer to this article to learn more about WordPress and GDPR.

Customizable Cookie Banner

The plugin comes with options to customize every element of the cookie consent banner. You can change its appearance as a cookie popup, banner, or widget, add custom text for cookie banners and buttons, set color for background and text, and more.

Privacy/Cookie Policy Generator

This cookie consent plugin lets you create a cookie policy from scratch by offering you a customizable template. You can use the default text within the template or add your content to the policy.

Cookie Scanner

The Cookie scanner is a very useful feature to detect all the cookies on your website so you can categorize them efficiently and provide relevant information to users prior to seeking consent.

You can perform frequent cookie scans and once the scan is completed you will be provided with a list of all the cookies on your website along with the cookie type and their description, etc.

You can download the information as a CSV or import it to the cookie list for displaying it to your users.

Auto-cookie Blocker for Third-Party Cookies

Third-party cookies can often be problematic when it comes to achieving cookie compliance. Since these are deposited on your website through plugins, ads, or services, it can be difficult to identify cookies on your website and manage them properly.

With the auto-cookie blocker functionality of the plugin, you can enable third-party cookies to be blocked automatically on your website only to be rendered by explicit consent from users.

Also Read: Understanding WordPress Cookies

Conclusion

Cookie consent has huge importance in a time when digital privacy is of major concern. If you own a website, it is of utmost importance to ensure your users’ privacy by engaging in the right privacy practices. Hopefully, the article helped you in finding all the relevant information needed to take the right actions toward providing a safe online experience for your users.

Article by

Associate Product Manager @ WebToffee

Comments (4)

Got any query? Please leave a comment or reach out to our support

Your email address will not be published. Required fields are marked *