Ready for the new Google Consent Mode v2?

Starting from March 13, 2024 you have to use Google Consent Mode v2 to comply with the latest regulations

×
Latest News, Updates, Tutorials and much more

Blog

Cookie Notice

What is a Cookie Notice?

Read the article to learn more about the cookie notice and whether is it required to have a cookie notice by the privacy laws.

What is a Cookie Notice?

A cookie notice is a statement, that outlines the types and use of cookies on a website. A cookie notice appears when a user visits a website and informs the user that the website is using cookies or other tracking technologies that collect and process personal data, and for what purposes. A website cookie notice is also called a Cookie Consent notice, Cookie Consent banner, or pop-up.

A cookie notice could simply inform the user of the use of cookies, while a Cookie Banner asks users for consent to use cookies. So, to be correct, a Cookie Banner is a cookie consent notice. The Cookie Consent notice informs a user about the use and types of cookies, and the user must make a choice whether he allows the collection and processing of his personal data. A website cookie notice appears when a user first visits a website and should be accessible at any time to change the user's choice regarding the usage of his personal data management.

When collecting users' personal data, businesses have certain obligations regarding users' privacy, like not disclosing or selling the data to the third-parties. So a website Cookie Consent notice is in fact a mutual agreement between a website and its users, and a safeguard against third-party tracking.

A cookie notice can also be defined as a Cookie Policy statement on a website that discloses details about cookies used by the site, their types, and their purposes. The Cookie Policy notice provides information about opting out of non-necessary cookies and managing cookie preferences.

Do I Need a Cookie Consent Notice?

If your website uses cookies and you collect data from European Union users, then you must have a cookie notice for GDPR on your website, as expressed in the GDPR and ePrivacy Directive. The GDPR and the ePrivacy Directive (the EU Cookie Law) require websites to disclose details about the use of cookies, if the websites collect and process users' personal data, and for what purposes.

A website cookie notice is required by the GDPR and ePrivacy Directive. A cookie notice is also required by the CCPA, VCDPA, and CPA, which regulate personal data processing in the USA.

Thus, your website needs a GDPR notice on the website if it uses cookies, especially Third-Party Cookies, set up by Google Analytics, YouTube, Facebook, and other popular third-party providers, that track users across other websites for advertising purposes.

You can’t control who visits your website. So even if your business is based outside the EU or USA, your website could be reached by EU or USA users, and if their personal data is collected, your website needs to have a cookie notice. Violating the GDPR, CCPA, or other privacy laws could lead to fines.

CookieScript can help you to create a customized cookie notice and provides a pre-built and dynamic Cookie Policy and Privacy Policy. A user has the ability to opt-in or opt-out of certain cookie categories directly from your cookie notice or Privacy Policy page.

Cookie Notice Text

The cookie notice for your website should use concise, clear, and plain language, avoiding legal jargon.

A GDPR and CCPA compliant website cookie notice should include the following features:

  • The disclosure that your website uses cookies.
  • Detailed information about the usage of cookies. Here you could explain who sets these cookies, if they are first-party or Third-Party Cookies, and how users' personal data is being processed by your website.
  • Button to accept cookies and to reject cookies. Inform your users of their right to withdraw the cookie consent at any time.
  • List of cookie categories and their properties. This includes strictly-necessary cookies, performance cookies, functionality cookies, and advertising cookies. Provide the type and the primary function of each of them.
  • Possibility of selecting just specific cookie types;
  • Link to the website's Cookies Policy;
  • List of all third parties with whom it shares data. Website users could want to share their personal data with you, but not want to share their personal data or have their browsing activities tracked by third parties, so they should have the possibility to allow first-party cookies, and block Third-Party Cookies.

GDPR Requirements for Cookie Notice

The GDPR requires informing users about how their personal data is collected and processed. The cookie notice for GDPR should be displayed on every page of a website, and the user should have the possibility to change his choice regarding the usage of his personal data at any time.

A GDPR compliant cookie notice on the website should have the following features:

  • Obtain explicit, clear and unambiguous consent from its users to process their personal data.
  • Obtain consent BEFORE any processing of personal data.
  • Should not have any pre-ticked checkboxes of cookie categories.
  • Provide a list of cookie categories and a possibility to select just some cookie categories.
  • Safely and confidentially store each user's consent.
  • Have a list of all third parties with whom it shares data.
  • Have a link to the website's Cookies Policy.

CCPA Requirements for Cookie Notice

Websites are required to inform users on how they collect and process their personal information, and for what purposes. The CCPA does not require a separate Cookie Policy page. A Privacy Policy of a business could have a cookie policy section that covers the use of cookies.

The CCPA requirements are not as strict as the GDPR requirements. For example, under the CCPA, it is enough to have an implied cookie notice, meaning that a user must actively deny processing his personal data, otherwise it is allowed to collect and process the personal data. The usage of pre-ticked checkboxes of cookie categories is also allowed. The CCPA does not require to have a link to the website's Cookies Policy.

However, a CCPA compliant cookie notice should have the following features:

  • Option to decline cookies.
  • Cookie categories, allowing users to consent for different cookie categories separately.
  • List of all third parties with whom it shares data.
  • Inform users of their rights.
  • Category of personal information the site collects or sells.

Cookie Notice Example

CookieScript cookie notice informs the user that the website uses cookies, provides a possibility to accept or reject cookies, and provides a link to Cookie Policy. The cookie notice also has dedicated sections, allowing managing cookie preferences, including Cookie Declaration, selecting specific types of cookies, and advertising cookies.

Cookie notice by CookieScript Cookie notice by CookieScript

The Cookie Declaration table shows a cookie category description and information about every cookie used on the website. The Cookie Declaration table could be shown inside the banner or in a new popup window. Read more about the Cookie Declaration inside the cookie consent banner.

The About cookies tab provides brief information about cookies and informs the user about his right to accept or reject cookies, which could be done anytime.

The Advertising settings tab informs a user about the purposes, features, and vendors of advertising cookies.

CookieScript is officially certified by IAB Europe and comes with a full IAB TCF 2.0 integration. IAB Europe Transparency & Consent Framework (TCF) 2.0 is a framework that allows the provision of targeted advertising and compliance with GDPR at the same time.

CookieScript Consent Management Platform provides fully customizable GDPR and CCPA compliant cookie notices. It provides the following benefits for the websites:

  • Scans your website for cookies and tracking pixels.
  • Categorizes and adds descriptions to your cookies.
  • Maintains a full history of user consent (as required by privacy laws).
  • Allows users to withdraw consent at any time.
  • Blocks cookies until users agree to the Cookie Consent and the Privacy Policy.
  • Provides a cookie declaration that includes a Cookie Provider and third-parties information.

Frequently Asked Questions

What is a Cookie Notice?

A website cookie notice is a statement that outlines the types and use of cookies on a website. A cookie notice could also be called a cookie consent notice. The cookie consent notice informs a user about the use and types of cookies or other tracking technologies that collect and process personal data, and for what purposes, and the user must choose whether to allow his personal data processing.

Is cookie notice required?

Yes, if your website uses cookies that collect and process users' personal data, then you are required to have a cookie notice on your website. A website cookie notice is required by the GDPR and ePrivacy Directive, if you have EU users. A cookie notice is also required by the CCPA, VCDPA, CPA, and other privacy laws, which regulate personal data processing in the USA.

New to CookieScript?

CookieScript helps to make the website ePrivacy and GDPR compliant.

We have all the necessary tools to comply with the latest privacy policy regulations: third-party script management, consent recording, monthly website scans, automatic cookie categorization, cookie declaration automatic update, translations to 34 languages, and much more.