Cookie consent has become a major buzzword today with the strengthening of different cookie regulations. This article will help you explore all you need to know about cookie consent, like what they are, their importance, and what every website owner needs to do to make sure they have a proper cookie consent management system, and more.
Go ahead and learn all about it.
What is Cookie Consent?
In simple words, cookie consent is a permission requirement that website owners need to seek from their visitors for activating cookies that process personal data on their website. This is because some cookies on a website collect data of its visitors. Some of these data are classified as personally identifiable and the website should inform and get permission from the visitors before using them.
Does your Website Need Cookie Consent?
Whether or not your website needs cookie consent from your users before activating cookies is based on two factors,
- Where your business is situated
- Where your website visitors are from
There are many different digital privacy laws around the world. While GDPR (General Data Protection Regulation) is for protecting the privacy of the citizens of the European Union, CCPA is for the residents of California. Seeking cookie consent is one of the major requirements of complying with any of these regulations.
What Kind of Cookies Need Consent?
Website cookies are primarily divided into two categories – first and third-party cookies. First-party cookies are set by the website visited by the user, whereas third-party cookies are set by the third-party elements present on the website such as chatbots, social media plugins, ads, etc.
These cookies are further divided by how they are needed for the functioning of a website. Certain cookies are necessary for the functioning of a website such as cookies for securely accessing the site, allowing eCommerce shops to hold items in cart while shopping online, etc.
These cookies are called necessary cookies and the majority of online privacy regulations allow websites to activate such cookies without visitors’ consent. All cookies other than necessary are considered non-necessary and need prior consent from users for activating them.
GDPR and Cookie Consent
GDPR is by far the strictest regulation regarding cookie usage and online privacy.
“Natural persons may be associated with online identifiers provided by their devices, applications, tools, and protocols, such as internet protocol addresses, cookie identifiers, or other identifiers such as radio frequency identification tags. This may leave traces which, in particular when combined with unique identifiers and other information received by the servers, may be used to create profiles of the natural persons and identify them.”
This conveys that all kinds of online identifiers, including cookies that collect individuals’ personally identifiable data, are required to comply with the GDPR. Thus websites are required to obtain explicit consent from their users via cookie consent banners before placing cookies or online trackers on their terminal devices.
As per GDPR, merely displaying a cookie consent banner doesn’t guarantee compliance with the regulation. It is more about making users aware of the presence of cookies, what they do with their data, and ultimately allowing them to make an informed decision.
For creating a GDPR compliant cookie consent banner you need to ensure the following points.
- Provide accurate information about the cookies that are being used on your website
- Let users give consent by a clear, affirmative action
- Allow refusal or withdrawal of consent anytime
- Keep a record of user consents
Dos and Don’ts of a GDPR Compliant Cookie Consent Banner
With GDPR and similar privacy regulations making it mandatory to display cookie consent banners, it is quite possible to find different types of cookie banners on different websites. If that’s making it hard for you to decide on how a GDPR compliant banner should look like, here are some of the dos and don’ts you should consider while creating your cookie notice.
- Don’t – Notice only cookie consent banners
- Dos – Display ‘Accept’ and ‘Reject’ buttons along with the notice
- Don’t – Pre-ticked boxes
- Dos – Granular consent to opt-in or accept non-essential cookies
Pre-ticked boxes are indicative of implied consent, which is clearly against compliance. If your website is using cookies categorized as non-necessary, you need your users to express their consent in the form of affirmative action such as enabling a checkbox, toggling a button, etc.
- Don’t – Displaying only accept button
- Dos – Display ‘Accept’ and ‘Reject’ buttons with equal emphasis
Not displaying a reject button or playing down its importance on the banner attempts to nudge the user to accept the cookie notice. It is against the requirement that consent should be freely given.
- Don’t – Displaying cookie walls
- Dos – Allow access to website content that doesn’t use the cookies users have denied
Cookie walls are used to hide content from users until they accept cookies. It is not advised to display cookie walls or any other mechanisms that will prohibit users from accessing website contents.
- Don’t – Bundled cookie consent
- Dos – Allow granular level consent
Consent shouldn’t be sought in a bundle. You need to categorize all the types of cookies you use (such as necessary, functional, marketing, analytics, etc.) on your website and seek explicit consent from users.
- Don’t – Confusing language
- Dos – Crisp, concise, and jargon-free language
Lack of clarity in conveying cookie-specific information would result in users not making attempts to nudge an informed decision. Wordings such as OK’ ‘proceed’ or ‘continue’ may nudge users to move on with the default option, and not explore more options in the settings. Cookie notice should have unambiguous, concise, and jargon-free language.
- Don’t – Confusing icons or buttons
- Dos – Clean and user-friendly interface optimized for different devices
Using confusing icons such as ‘X’ to close the cookie banner, doesn’t specify what happens when a user clicks on that. Most close buttons accept cookies. This is against informed consent.
Examples of Cookie Consents
The majority of websites follow the best practices suggested by GDPR or similar regulations when it comes to creating cookie banners on their website. Let’s check out some of the finest examples of GDPR compliant cookie consent banners.
Following is a cookie banner from the popular travel website Airbnb. It has a descriptive cookie notice, and it informs the user of the underlying action when they click on either the ‘Cookie preferences’ button or the OK button.
Airbnb has included a very long and descriptive cookie banner that categorizes each of the cookies used on the website into multiple categories. Users can allow or withdraw consent for any cookies by toggling buttons.
Inside cookie preference, users are allowed to allow or deny the consent for categories other than strictly necessary cookies.
Inside their privacy settings/manage cookies page, they categorize cookies by clearly stating their purpose rather than including them in a category.
It’s time to get familiar with some of the cookie consent solutions that help your website with cookie compliance.
CookieYes GDPR Cookie Consent Plugin for WordPress
For those of you who own a WordPress website and are looking for a cookie consent solution to make your GDPR compliance journey easier, the CookieYes GDPR Cookie consent and Compliance Notice plugin would be a great option.
Once you install the cookie consent plugin you can avail of the following features to make cookie management easy.
Customizable Cookie Banner
The plugin comes with options to customize every element of the cookie consent banner. You can change its appearance (banner, popup, widget), add custom text for cookie banner and buttons, set color for background and text, and more.
The Cookie scanner is a very useful feature to detect all the cookies on your website so you can categorize them efficiently and provide relevant information to users prior to seeking consent.
You can perform frequent cookie scans and once the scan is completed you will be provided with a list of all the cookies on your website along with the cookie type and their description, etc.
You can download the information as a CSV or import it to the cookie list for displaying it to your users.
Third-party cookies can often be problematic when it comes to achieving cookie compliance. Since these are deposited on your website through plugins, ads, or services, it can be difficult to identify and manage them properly.
With the auto-cookie blocker functionality of the plugin, you can enable the third-party cookies to be blocked on your website only to be rendered by explicit consent from users.
CookieYes – Cookie Consent Solution for GDPR & CCPA Compliance
Following are the major features offered by the plugin in complying with the GDPR and CCPA regulations.
Fully Customizable Cookie Consent Banner
We have already mentioned the dos and don’ts of a GDPR compliant cookie consent banner. This cookie consent solution does a great job when it comes to creating a cookie consent banner that fulfills all the GDPR requirements.
CookieYes offers different types of banner templates for you to choose from, such as classic, banner, box, and recommended. When you choose the recommended option, CookieYes auto-recommends banner styles based on your website’s color scheme.
Granular Level Cookie Preferences
Within cookie preferences, you can set which cookie categories will be enabled or disabled by default before the users register their consent.
Cookie Consent Banner – Behavior
Based on your users’ location or action you can configure the behavior of the cookie consent banner. You can choose to show banners only for visitors from the EU, reload the page on consent action, or show a cookie audit table to your visitors.
Inside managed cookies, you can add new cookies, edit or delete existing cookies, and change their categories.
CookieYes lets you scan the website for cookies and displays the cookies on the dashboard on sign-up itself. However, you can manually initiate a scan procedure as well.
Cookie Consent Log
Once the consent is logged in, the anonymized IP addresses of the users who have given their consent and the cookie categories that they have given consent to will be recorded on the consent report page along with the date and time of their visit.
Cookie consent has huge importance in a time when digital privacy is of major concern. If you own a website, it is of utmost importance to ensure your users’ privacy by engaging in the right privacy practices. Hopefully, the article helped you in finding all the relevant information needed to take the right actions toward providing a safe online experience for your users.