Read the article to learn more about the cookie notice and whether is it required to have a cookie notice by the privacy laws.
What is a Cookie Notice?
When collecting users' personal data, businesses have certain obligations regarding users' privacy, like not disclosing or selling the data to the third-parties. So a website Cookie Consent notice is in fact a mutual agreement between a website and its users, and a safeguard against third-party tracking.
Do I Need a Cookie Consent Notice?
A website cookie notice is required by the GDPR and ePrivacy Directive. A cookie notice is also required by the CCPA, VCDPA, and CPA, which regulate personal data processing in the USA.
You can’t control who visits your website. So even if your business is based outside the EU or USA, your website could be reached by EU or USA users, and if their personal data is collected, your website needs to have a cookie notice. Violating the GDPR, CCPA, or other privacy laws could lead to fines.
Cookie Notice Text
The cookie notice for your website should use concise, clear, and plain language, avoiding legal jargon.
A GDPR and CCPA compliant website cookie notice should include the following features:
- Detailed information about the usage of cookies. Here you could explain who sets these cookies, if they are first-party or Third-Party Cookies, and how users' personal data is being processed by your website.
- Button to accept cookies and to reject cookies. Inform your users of their right to withdraw the cookie consent at any time.
- List of cookie categories and their properties. This includes strictly-necessary cookies, performance cookies, functionality cookies, and advertising cookies. Provide the type and the primary function of each of them.
- Possibility of selecting just specific cookie types;
- Link to the website's Cookies Policy;
- List of all third parties with whom it shares data. Website users could want to share their personal data with you, but not want to share their personal data or have their browsing activities tracked by third parties, so they should have the possibility to allow first-party cookies, and block Third-Party Cookies.
GDPR Requirements for Cookie Notice
The GDPR requires informing users about how their personal data is collected and processed. The cookie notice for GDPR should be displayed on every page of a website, and the user should have the possibility to change his choice regarding the usage of his personal data at any time.
A GDPR compliant cookie notice on the website should have the following features:
- Obtain explicit, clear and unambiguous consent from its users to process their personal data.
- Obtain consent BEFORE any processing of personal data.
- Should not have any pre-ticked checkboxes of cookie categories.
- Provide a list of cookie categories and a possibility to select just some cookie categories.
- Safely and confidentially store each user's consent.
- Have a list of all third parties with whom it shares data.
- Have a link to the website's Cookies Policy.
CCPA Requirements for Cookie Notice
The CCPA requirements are not as strict as the GDPR requirements. For example, under the CCPA, it is enough to have an implied cookie notice, meaning that a user must actively deny processing his personal data, otherwise it is allowed to collect and process the personal data. The usage of pre-ticked checkboxes of cookie categories is also allowed. The CCPA does not require to have a link to the website's Cookies Policy.
However, a CCPA compliant cookie notice should have the following features:
- Option to decline cookies.
- Cookie categories, allowing users to consent for different cookie categories separately.
- List of all third parties with whom it shares data.
- Inform users of their rights.
- Category of personal information the site collects or sells.
Cookie Notice Example
Cookie notice by CookieScript
The Cookie Declaration table shows a cookie category description and information about every cookie used on the website. The Cookie Declaration table could be shown inside the banner or in a new popup window. Read more about the Cookie Declaration inside the cookie consent banner.
The About cookies tab provides brief information about cookies and informs the user about his right to accept or reject cookies, which could be done anytime.
The Advertising settings tab informs a user about the purposes, features, and vendors of advertising cookies.
CookieScript is officially certified by IAB Europe and comes with a full IAB TCF 2.0 integration. IAB Europe Transparency & Consent Framework (TCF) 2.0 is a framework that allows the provision of targeted advertising and compliance with GDPR at the same time.
CookieScript Consent Management Platform provides fully customizable GDPR and CCPA compliant cookie notices. It provides the following benefits for the websites:
- Scans your website for cookies and tracking pixels.
- Categorizes and adds descriptions to your cookies.
- Maintains a full history of user consent (as required by privacy laws).
- Allows users to withdraw consent at any time.
- Provides a cookie declaration that includes a Cookie Provider and third-parties information.
Frequently Asked Questions
What is a Cookie Notice?
Is cookie notice required?