The era of unrestricted data collection and free storage of information for website visitors is long gone.
Data is crucial to many organizations. However, with the amount of individual data on the internet, there are possibilities of abuse. About 92% of Americans are uncertain of their privacy while on the internet. Hence, there is a need for companies that gather data to ensure its security.
Since most of the data these websites collect and process are personal data of real people, they have to comply with certain laws set by the GDPR.
Thus, handling individual data comes with certain responsibilities. Companies that fail to observe these privacy laws face penalties like paying heavy fines. See Google CMP.
In this article, we’ll explore GDPR’s requirements on cookie usage and the best practices for setting up a Cookie Consent Banner on your websites.
Table of Contents
ToggleWhat are cookies?
Cookies are files websites gather to provide users with a more tailored customer experience. It’s a kind of technology that “remembers” information about visitors to improve the website and enhance the overall user experience of a website. It stores information like login information, shopping cart contents, wish lists, and more.
The primary function of text files is to monitor users’ activities on the application or website. This allows a website to target users with advertising, and suggestions for content based on their pattern of search. Plus it also serves for analytics purposes.
Cookies collect different types of data, the data that identifies individuals is referred to as personal data under the GDPR. GDPR rules monitor the collection and use of these personal data by introducing cookie consent.
How Does Cookie Consent Work?
Cookie consent works by websites setting up a cookie banner or popup when a user visits a website. It informs users of the cookies that are present and the information they collect before they decide to accept, reject or modify cookies based on preferences. This information is crucial in your Cookie Banner to allow users to decide whether to choose a certain cookie or share their data with the website.
However, it excludes strict and necessary cookies that are required for the website to function properly. For instance, when a user visits an online store, strict cookies must be approved for the user to add any item to the shopping bag. Cookies are essential to store and remembering such data. For strictly necessary cookies, user consent isn’t required.
Plus, users need to have the option of taking back their consent at any time. A “cookie widget” or callback button needs to be left by the cookie permission banner or pop-up so that the user will analyze their cookie preferences.
Cookie Consent Requirements Under GDPR
There are several requirements for GDPR cookies that are used to track users under the GDPR guidelines for collecting personal data.
Here are the fundamental cookie consent requirements for utilizing cookies legally under the GDPR:
- Discover the cookies on your site and which cookie category they belong to.
- Specify how you use cookies in your privacy and cookie policies.
- Clearly state your GDPR cookie consent language to users so they are aware of your privacy and cookie policies.
- Give users the option to give their precise and explicit consent to the use of cookies.
- After each user has given their consent, only deploy optional cookies.
- Give users a way to alter their cookie preferences at any time or to revoke their consent to all cookies.
- Respect the preferences and permissions of users. Keep retrievable logs of your users’ consent preferences.
How to Comply with the lawgoverning Cookies
Set laws regulate cookie usage in the European Union (EU). They are the ePrivacy Directive (ePD) and the General Data Protection Regulation (GDPR).
The ePrivacy Directive also called the EU cookie law, mandates that websites get users’ prior consent before storing cookies on their devices except for strict cookies that are vital for a website to function properly.
Under the GDPR, cookies are categorized as “online identifiers” and are a part of personal data. Consequently, businesses must obtain the user’s consent to collect information stored in cookies. Websites must obtain users’ consent before storing cookies on their browsers or face GDPR penalties.
The ePrivacy Directive and the GDPR set the requirements for cookie consent in the EU. Here are basic items to comply with the regulations governing cookies under the ePrivacy Directive and the GDPR:
- Get the user’s consent before using any cookies, except those that are strictly necessary.
- Provide clear and accurate information in plain language about the data each cookie tracks and its function before consent is obtained.
- Document and store consent obtained from users.
- Allow users to access your service even if they don’t want some cookies to be used.
- Make the process for users to revoke their consent just as simple as giving it in the first place.
How do I add a cookie consent banner to my website
A cookie consent banner is the cookie notice that pops up on a webpage and some applications when users visit for the first time. The purpose of the cookie alert is to alert users about potential cookies on the site, and their rights to accept or reject permission for them.
Most websites have a notification about cookie usage. If you own a website you’ll need to add a cookie consent notice.
How do you add a cookie consent banner to my website?
If your website uses cookies and your website is accessed by users in the EU, you need a cookie consent banner. Also, your cookie consent banner must comply with the GDPR requirements for “cookie consent”.
Next, there are various GDPR tools you can use to create cookie consent banners on your website. They include:
- Osano Consent Manager
- CookieScript Cookie Banner
- Popupsmart – Cookie Consent Creator
- Cookiebot
- CookieYes
- lubenda
- OneTrust
- QuantCast Choice
- Piwik Pro Consent Manager
- TrustArc Cookie Consent Manager
- Getsitecontrol
- Choose the placement of the Cookie Consent. You’ll see the available options to place the banner.
- Customize the layout of your Cookie Consent.
- Choose the color and scheme of your Cookie Consent. Select from their pre-set templates or use the Hex code to add your colors.
- Change the Learn More link to a customized URL.
- Select a compliance type. A great option is to tell users that you use cookies.
- Change the text of the Cookie Consent to suit your website.
Frequently asked questions
- What you need to include on your cookie consent banner
The goal of a cookie consent banner is to orient visitors on cookies and receive consent from them before they use your website.
For a straightforward process, your cookie consent notification must:
- Inform your users that your website stores cookies
- Explain the website’s use of cookies and its intended purpose in brief (it can be improving the user experience, tailoring advertising, etc.)
- Clearly state the action that signifies consent (if you are using a checkbox to request consent, ensure it isn’t pre-ticked).
- Be very visible
- Provide information on the categories of cookies, their purposes, their uses, and any associated third-party activity, or provide a link to your cookie/privacy policy.
- What does the GDPR say about cookies
Cookies are noted once in the EU’s GDPR, but the legislation affirms policies for the handling of personal data by websites. The most critical of these policies is the requirement to obtain end users’ clear and explicit consent before compiling their data. So, any cookie on your page that processes private data must stay inactive until they get the user’s consent.
- What is cookie policy under GDPR
A GDPR-compliant cookie policy informs your users of the data your website collects, the purposes for collecting data, the third parties with whom you share their data, the provider of the cookies, how you store and protect their data, and the methods by which users can access, migrate, request rectification or delete their data. The cookie policy on your website needs to be clear and simple for visitors to understand. It must also be accessible to your users.
Set up your cookie consent and stay compliant with GDPR
Setting up a cookie consent banner on your website is mandatory if you are operating from the EU or your website is accessed by users in the EU.
Plus, it doesn’t end with setting up a cookie consent banner, your cookie consent banner must comply with the regulations that govern cookie usage. If your banner does not comply with GDPR, you will face penalties like huge fines and lose a percentage of your company’s yearly income to fines.
With the information in this article, you’ll ensure your web page receives consent from users before using their information.