Since the European Union's General Data Protection Regulation (GDPR) and the ePrivacy Directive (the EU cookie law) came into effect, users must give cookie consent before websites store cookies in their browsers. You can get Cookie Consent through a cookie consent banner. So, you need to have a Cookie Banner on your website if you have users from the European Economic Area (EEA). The EEA includes the EU plus Iceland, Norway, and Liechtenstein.
What is a Cookie Consent Banner?
A cookie consent banner is a cookie notification or a cookie text on a website that pops up when a user first visits the website. A Cookie Consent banner gives users the choice to consent or deny their cookie preferences.
The scope of a Cookie Banner is to inform users about the use of cookies on the website and to collect their Cookie Consent. The Cookie Consent banner notifies the website users about the use of cookies, users’ rights regarding the use of cookies and their personal data management, and requests the users' consent to allow those cookies to collect their personal data.
See a summarized Cookie Consent banner checklist and requirements to ensure your website compliance with the GDPR, CCPA, and other privacy laws.
Cookie Consent Banner Checklist
1. Information about the cookies
Your Cookie Banner should inform website users that your website uses cookies, local storage, session storage, tracking pixels or other trackers to collect users’ personal information, for what purposes, the expiry date of the listed cookies, and other related information.
2. Clear and concise language
Use simple language without technical jargon to explain the use of cookies and why you need Cookie Consent.
Cookie notices should be presented to users in all languages that your website has. A multilingual banner ensures that your users will make an informed decision about cookie consent.
3. Prominence and visibility
Ensure that the Cookie Consent banner is clearly displayed on your website, and it could be easily noticed by users.
4. Link to your privacy policy
Your Cookie Banner must have a link to your Privacy Policy or Cookie Policy, where the user can find detailed information about the use of cookies and personal information, whether you share this information with third parties and other related data.
5. Explicit cookie consent
The Cookie Banner should collect explicit, also called opt-in cookie consent. Don’t use pre-ticked boxes. Cookie consent by scrolling or by continued browsing is not considered GDPR-valid consent. Read more about the GDPR-compliance checklist.
6. Accept and Reject buttons
Display both Accept and Reject buttons or checkboxes on the banner, so users have a free choice. Terms like Okay are not valid consent since it does not provide unambiguous action. Present users with equal choices for giving or rejecting consent, and both options should be easily visible on the Cookie Banner, without pressing any additional buttons.
7. Granular cookie consent control
Users should be able to easily control their cookie preferences on the banner directly or on the second layer by using a “Cookie Settings” button or link that directs users to a dedicated page where they can customize their preferences. Users could enable just some categories of cookies and disable other categories. Use a checkbox for different types of cookies.
An example of a CookieScript Cookie Banner with a gradual consent of categories of cookies.
8. Get cookie consent before placing cookies
You must get cookie consent PRIOR to setting cookies on users’ devices. Only strictly necessary cookies could be set immediately. The setting of the non-essential cookies should be delayed until after users give their consent.
9. Avoid cookie walls
The use of cookie walls is not allowed, so users can easily access your website even if they reject the use of cookies. Design the Cookie Banner in a way that it does not interfere with the user experience.
10. User consent recordings
Record user consents for proof of compliance. The Cookie Banner should be presented to the website user when they first visit the website. Cookie consent must be renewed no later that after12 months.
11. Cookie list
Show a cookie list on the second layer of your banner for complete transparency and cookie compliance.
12. Third-party cookie blocking
Third-Party Cookies are cookies that are stored under a different domain than you are currently visiting. Usuallt they are used to track users between websites and display more relevant ads between websites. Your cookie banner should block Third-Party Cookies by default until you get cookie consent from your website user to place Third-Party Cookies.
13. Responsiveness
Your cookie banner must be correctly displayed on all devices and platforms which can be used to access your website, including PCs, laptops, mobile phones, tablets, iPhones, iPads, etc.
14. Integration with Google Consent Mode
If your website uses Google Analytics or Google Ads, you must implement a cookie banner that is integrated with the latest version of consent mode, Google Consent Mode version 2 version 2. This will ensure that your analytics and marketing data are collected having the user’s consent. This information will be sent to Google which then adapts the behavior of its tags and scripts.
15. IAB TCF cookie banner
The Transparency and Consent Framework (TCF) was created by the Interactive Advertising Bureau (IAB) to standardize how businesses run targeted advertisements while also remaining in compliance with the GDPR. The TCF is an industry-approved legal framework to communicate consent choices between users, website publishers (your website), and advertisers. Having a TCF-compliant banner allows you to comply with the GDPR while using advertising. Use the latest version: IAB TCF 2.2.
16. Google-Certified CMP
From 2023, publishers must use a Google-certified Consent Management Platform (CMP) integrated with IAB’s TCF for the delivery of the cookie banner and cookie consent management. In order to use Google advertisement products like Google AdSense, Ad Manager, or AdMob. If you are using a CMP that is not present in the list of Google-certified CMPs, you can't use Google advertisement products.
The following cookie banner features are not obliged, but are definitely advantageous to have:
17. Geo-targeting
Your website could have users from different countries with different privacy laws. You can prepare several cookie banners for different privacy laws. The geo-targeting feature determines your website user’s location and automatically presents the correct cookie banner.
18. Seamless integration with CMS platforms
Your cookie banner should be easily integrated with the most popular CMS platforms like Google Tag Manager, WordPress, Shopify, Magento, etc. If you can't implement a cookie banner into your platform, oryou need to do much coding, then it is no use of such a banner.
19. Custom design and behavior
Some Consent Management Platforms like CookieScript allows you to create a custom design of your cookie banner that fits your company’s design or create custom behavior for your cookie banner.
20. Cross-domain cookie consent
Cross-domain cookie consent is useful when you want to collect Cookie Consent across multiple domains using a single cookie banner. This feature is helpful when you redirect users to multiple websites or domains. With cross-domain cookie consent, users see a cookie banner only once, and don’t have to make a cookie choice when they are redirected to a related domain. This helps to increase the user experience.
How to Get a GDPR-Compliant Cookie Consent banner?
Remember, that only a 100% correct cookie banner is a GDPR-compliant cookie banner. The most reliable solution for a valid Cookie Consent banner is to use a Consent Management Platform (CMP).
Use CookieScript CMP to create your perfect cookie banner with the following functionalities:
- Google-certified CMP. CookieScript is a Google-certified CMP partner and comes with a full IAB TCF v2.2 integration.
- Supports Google Consent Mode v2. If you want to use Google services (GA4, Google Ads, gtag, and Google Tag Manager) in the EU or EEA, you need to use a Google-certified CMP.
- Local Storagge and Session Storage scanning and blocking. GDPR and other privacy laws require blocking of cookies, Local Storagge and Session Storage until user consent is given. However, majority of CMPs do not offer this functionality. CookieScript blocks both Local Storagge and Session Storage.
- Multiple integrations. CookieScript CMP integrates easily with Google services automatically via Google Tag Manager, so you could use Google advertisement products easily. The CookieScript CMP is also integrated with other platforms, including content management systems such as Drupal, Magento, Shopify, WordPress, PrestaShop, etc., and analytics platforms, including Google Analytics 4.
- Fully customizable. CookieScript CMP allows cookie banner behavior adjustments, and design customization, and has a self-hosted code option.
- Language and jurisdiction support. CookieScript cookie banner and cookie declaration report is translated into 30+ languages and has geo-targeting.
- Custom design and behavior. You can personalize colors, fonts, text, and style, and adjust the banner to your website's design.
- Easy to set up. CookieScript CMP could be easily implemented in just a few steps in a privacy laws-compliant way using banner settings hints for different jurisdictions.
- Full compliance solution. CookieScript CMP comes with the Cookie Scanner, Privacy Policy Generator, script manager, and user consent manager. It blocks cookies, Third-Party Cookies, Local Storage and Session Storage, so you can be sure your website is compliant with the GDPR and other privacy regulations 100%!
Frequently Asked Questions
How does a cookie banner work?
The cookie consent banner presents a cookie notice to inform website users about the use of cookies, users’ rights regarding the use of cookies and their personal data management and requests the users' consent to allow those cookies to collect their personal data. The cookie banner should be presented to the website user when they first visit the website. Cookie consent must be renewed every 6 to 12 months. Use CookieScript CMP to create a GDPR and other privacy laws-compliant cookie banner.
Is a cookie banner required in the EU?
If your company is based in the EU or your site has users from the European Economic Area (EEA), you must have a cookie banner to comply with GDPR. A Cookie Consent banner gives users the choice to consent or deny the usage of cookies. The scope of a cookie banner is to inform users about the use of cookies on the website and to collect their cookie consent.
Is a cookie banner required in the US?
Firstly, GDPR could also apply to US websites. Even if your website is not based in the EU, but has users from the EU, you will have to comply with the GDPR. Secondly, while the US does not have a general federal data privacy law regulating the usage of cookies, state-level privacy laws like CCPA, CPRA, VCDPA, and others in the US require to have a cookie banner. Use CookieScript CMP to create a GDPR and other US privacy laws-compliant cookie banner.
What are cookie banner requirements to be compliant with the GDPR?
To be compliant with the GDPR, your cookie banner must provide information about the cookies used on the website, use clear and concise language, link to your Privacy Policy, be responsive, provide granular cookie consent control, and do not diminish the user experience. Your website should collect cookie consent for proof of compliance. Do not place cookies prior to getting cookie consent. Use CookieScript CMP to create a privacy laws-compliant cookie banner and collect and manage cookie consent for proof of compliance.