With the introduction of the General Data Protection Regulation (GDPR) in the EU and other privacy laws around the world, websites and online businesses need to comply with the privacy regulations. The most common method for compliance with privacy laws is by adding a Cookie Banner on the website and informing the users about the collection and management of their personal data.
A cookie is a small text file that a website stores on a user's device when they visit the website. Cookies remember information about the user's privacy preferences, browsing history, user's name or login credentials, and other data used by the website to improve the user's experience and enable certain features.
Cookies inform users about the collection and management of their personal data by providing a text inside a cookie, and that is exactly what it is called a cookie text. Read the article about the necessary details and the best practices for a cookie text, compliant with all major privacy laws.
What is Cookie Text?
The cookie text or cookie message is the actual text, written in the Cookie Consent banner, that informs about cookies used and for what purpose they are used.
Do not confuse the cookie text with the cookies themselves that are referred to here, even though cookies too are text files, or scripts.
The cookie text shouldn't also be confused with a Cookie Policy text or Cookie Policy message, which are detailed policy statements about the strategy of a company regarding the personal data management and privacy of its users. A Cookie Policy text is much broader than the cookie text, present in the pop-up.
If it seems that a cookie text is a simple and not important text, it's not true. A cookie text is basically the only tool a website has to get consent from users to drop cookies on their website. Knowing how important cookies can be for identifying users of interest and providing highly targeted ads that are more likely to convert to sales, it becomes clear just how critical cookie texts are. When the user visits a website for the first time, he will be asked for consent to use cookies before storing them on user devices. A Cookie Banner that informs users about the use of cookies and asks users permission to use cookies is a mandatory requirement.
Cookie texts are highly regulated by privacy laws. Different laws require different cookie texts (and different Cookie Policy statements). Cookie messages should inform website users about what cookies are deployed on the website, how they will be used, how long they will be stored, and how the users can manage them, especially the Third-Party Cookies.
Here is an example of a good and informative cookie text:
Cookie text in CookieScript consent pop-up
Cookie texts may contain several layers of information. The basic layer is displayed for all website users, while more interested users could unfold the text to read more details about different types of cookies used and different settings to give consent to them.
A cookie message, compliant with the privacy laws, should not only inform that your website uses cookies and then have an “OK” button, as sometimes could be found. This is not a valid cookie message, because it leaves no real choice of consent for the user. The user must have a choice to accept and reject cookies before storing them on their device.
Cookie Text for GDPR Compliance
The GDPR does not expressly mention cookies in its official document. However, any information that directly or indirectly links to a person is referred to as personal data in the GDPR. Cookies are considered personal data identifiers as they collect and process user data that can be used to identify a particular person.
The GDPR requires all websites using cookies to follow strict rules regarding the management of users' personal data and get explicit, or opt-out cookie consent before collecting any users' data. Strictly necessary cookies, that are needed for a website to function properly, are exempted from the GDPR cookie regulation.
The GDPR mandates that any cookie text on a web page must inform website users about the following details:
- Inform users about using cookies and their purpose when users visit the website.
- Allow users to accept and reject cookies before storing them on their devices.
- Obtain clear and unambiguous consent to use cookies and process the personal data of users.
- Obtain consent prior to any processing of personal data.
- Keep cookies blocked until the user gives consent (except strictly necessary cookies).
- Allow users to revoke Cookie Consent at any time.
- Safely and confidentially document each user's consent.
- Renew Cookie Consent every 6 or 12 months (it depends on the local data protection authority guidelines).
According to the GDPR, the cookie text must be “clear and unambiguous, easy-to-understand”. It means that the cookie texts should be written in simple and plain language, avoiding complex legal or technical terminology. The text should also link to the Privacy Policy or cookie policy for more detailed information.
Here is an example of a good and informative, GDPR compliant cookie text:
A GDPR compliant cookie message in a CookieScript consent banner
Cookie Text for CCPA Compliance
The requirements of the CCPA for personal data management resemble the GDPR in many ways. However, one of the main differences is that the CCPA does not require businesses to obtain consent before collecting personal data. That is, the CCPA requirements could be satisfied with the opt-out Cookie Consent model, simply informing users that the website uses cookies, and saving them to the user's devices. To refuse cookies, the user must take a specific action. In the case of the GDPR, the explicit, or opt-in, Cookie Consent mode should be used by default, when no cookies are set up until the user explicitly agrees to use them because that's a requirement for GDPR.
Thus, a CCPA compliant website doesn’t have to get user consent to use cookies. However, the website should provide a possibility for users to opt out of cookies that collect and sell their personally identifiable information to third parties. This requirement can be implemented via a “Do Not Sell My Personal Information” link or button, placed in the cookie text and the homepage.
To be CCPA compliant, a web page must have the following information:
- Inform users about using cookies and their purpose when users visit the website.
- Allow users to opt out of cookies that sell personal information through the “Do Not Sell My Personal Information” link or button.
- Link to the Privacy Policy or cookie policy for more detailed information about cookies and how to control them.
How to Show a Cookie Text on Your Website?
The easiest and most reliable way to show a cookie message on your website in a GDPR, CCPA, and other privacy laws-compliant way is by using a Consent Management Platform (CMP).
Choose CookieScript, which is one of the best CMP in the market. CookieScript offers privacy laws compliant templates for your cookie text that you can choose from and be sure your website is updated and privacy laws compliant. In addition, with CookieScript CMP you could also simply create a unique and professional Privacy Policy for your business or website.
CookieScript is translated into 30+ languages. Moreover, it is also possible to add any custom language and adjust all texts and cookie descriptions. Thus, if your web page is multilingual, your cookie message, Cookie Declaration, and Privacy Policy will be automatically translated.
In addition, with the help of geo-targeting, different cookie banners will be delivered to website users based on their geographic locations. So you could display different cookie messages for different users.
Choose CookieScript CMP, and we will take care of your cookie texts and compliance issues with privacy laws!
Frequently Asked Questions
What is Cookie Text?
The cookie text or cookie message is the actual text, written in the cookie consent banner, that informs about cookies used and for what purpose they are used. CookieScript offers privacy laws compliant templates for your Cookie Banner and cookie text, that could be translated into 30+ languages.
Should I accept cookies?
It depends on the type of cookies. Strictly necessary cookies are essential for websites to function normally, and should be accepted. Other cookies, such as Third-Party Cookies, that are used to track users between websites and display more relevant ads between websites, could be rejected. Disabling Third-Party Cookies will not affect the functionality of the website. See the guides here on how to enable or disable cookies for various browsers.
Why do I get cookie messages?
Because this is the requirement of GDPR, CCPA, and other privacy laws. Websites must inform users about cookies used and their purpose before using them. Cookie messages or cookie texts provide this information and let users choose to accept or reject cookies that could be stored on their devices. Use CookieScript to manage your cookie messages or texts.
Should I disable all cookies?
No, it is not recommended to disable all cookies since many websites may not function normally. There are strictly necessary cookies, which are essential for websites to function. Third-Party Cookies, which are used to track users between websites and display more relevant ads between websites, could be disabled without affecting the functionality of a website. See the guides on how to enable or disable cookies for various browsers.
Can deleting cookies cause problems?
There are a number of reasons you should consider deleting cookies on your browser, including avoiding security threats, keeping your private data away from third parties, having faster internet browsing, or avoiding targeted ads. However, deleting cookies could cause problems in accessing websites. Thus, it is not recommended to delete all cookies since a lot of websites will not function properly.
How to delete cookies?
See the guides on how to enable or disable cookies for Android, iPhone, iPad, Macbook, and various browsers. With CookieScript you can manage your cookies and cookie texts in a privacy laws compliant way.