Cookie banners have now become an indispensable part of the web browsing experience, thanks to privacy regulations like the GDPR in the EU and UK, CCPA/CPRA in the US, LGPD in Brazil, and similar privacy laws across the world. While cookie banners are necessary for compliance, in an increasingly privacy-conscious world, a cookie banner can also communicate your brand value and align with users’ expectations of transparency.

What is a cookie banner?

A cookie banner, cookie notice or cookie popup is a notification often displayed on a user’s first visit to a website that informs them about the cookies and trackers the site uses and asks for the user’s consent to store cookies on their devices.  You must have noticed the cookie banner when you visited this site.

A cookie consent banner by CookieYes
A cookie banner by CookieYes on the video game website Goat Simulator.

Before the advent of data privacy laws, websites often used a notice-only cookie banner that informed about cookie usage but did not ask users’ permission to load cookies on their devices. This started changing with the arrival of data privacy laws worldwide, especially the European Union’s General Data Protection Regulation (GDPR).

Is a cookie banner necessary on my website?

Yes, a cookie banner is most likely a necessity for your website. If your site has EU or UK visitors, you require a cookie banner to comply with GDPR. This applies to websites not just based in the EU or UK but with visitors from these regions.

Other data privacy regulations around the globe also mirror GDPR’s requirements and impact your use of cookies. These include Brazil’s LGPD, POPIA in South Africa, PDPL in Saudi Arabia, and PDPA in Singapore.

Cookie banner examples and best practices

Cookie banners can come in different layouts and styles according to the website’s design and branding. It’s important that cookie banners are user-friendly and privacy-compliant. Here are a few examples of GDPR-compliant cookie banners, powered by CookieYes CMP, a consent management platform trusted by over 1.4 million websites for cookie compliance.

Banner layout

Footer or header banners are often used by websites to request cookie consent. In a study of consent banners in the EU, close to 58% used bottom banners and 27 % used top banners, similar to a website header or footer (bar style). These banners are non-intrusive and do not interrupt the content or user experience of the website. 

A footer banner by CookieYes as seen on VideoScribe.
Simple header cookie banner on a website.
Simple header banners are also seen on websites.

Floating layout

Floating box layouts or popups are also seen on websites often placed in the left or right corner of the site. These types of banners are non-intrusive and can be aligned with the site’s aesthetic. 

A floating cookie banner by CookieYes
A floating cookie banner by CookieYes on Skoda’s website.

Popup layout

This layout is placed in the centre of the webpage and demands a user’s interaction before they can continue to the website. When using this layout, it’s important to give users the option to dismiss the popup or reject cookies easily. Otherwise, you may risk being non-compliant with cookie consent requirements in the EU and UK.

A cookie popup notice by CookieYes on a website.

Custom design

You can implement a simple cookie banner on your website that is not intrusive and also aligns with your website’s branding. On the other hand, you can add advanced CSS customizations and branding and tailor your banner to your website’s design.

Custom cookie banner on a website
A custom cookie banner by CookieYes on Playstack.

Granular control

Usability and ease of giving consent are important for the effectiveness of a cookie banner. Users should be able to easily control their cookie preferences on the banner or on the second layer.

Cookie settings for granular control
Cookie category preview gives users complete control of cookie settings.

Multilingual banner

Cookie notices should be made available to users in the language of your website or should be auto-translated in the case of multi-lingual websites. This ensures that your users are making an informed choice about cookie consent.

Multi-lingual cookie banner on a website
Display an auto-translated banner as per the user’s language preferences.

Mobile-responsive

Cookie banners should also be optimized for different devices. CookieYes banners are intuitive and can be tailored for mobile and tablet users, to give them a user-friendly banner.

Integration with Google Consent Mode

If you use Google Analytics or Google Ads for your website, you must implement a cookie banner that seamlessly works with Google Consent Mode. This will ensure that your analytics and marketing data are collected based on the consent provided by visitors and is passed to Google which then determines the behaviour of its tags and scripts.

IAB TCF cookie banner

If you run ads for your EU and UK audience using Google AdSense, Google Ad Manager and AdMob, you need a cookie banner that is compliant with IAB’s Transparency and Consent Framework. The TCF is an industry-approved framework to communicate consent choices between users, website publishers (like you) and ad tech vendors. With a TCF-compliant banner, you don’t risk GDPR non-compliance while using advertising.

Add a custom cookie banner
on your website in minutes

Try for free

14-day free trialCancel anytime

Cookie banner requirements in the EU

General Data Protection Regulation and the ePrivacy Directive (or EU cookie law) are the two main laws that govern the use of cookies in the European Union. Cookie guidelines published by various data protection authorities like the French CNIL and Irish DPC are also applicable to websites that cater to the respective EU countries.

A cookie consent banner is essential for compliance but is not sufficient on its own. Here’s a checklist that will help you implement a cookie consent mechanism on your website that is fully compliant with the GDPR.

GDPR cookie banner checklist

  • Display a custom cookie consent banner as per your website’s design
  • Provide a user-friendly layout optimized for different devices
  • Inform users about cookie usage in plain and jargon-free language 
  • Display auto-translated banner according to user’s browser language
  • Showcase different cookie categories used on your website
  • Provide granular options to accept/reject different cookie categories
  • Display ‘accept’ and ‘reject’ buttons on the banner
  • Auto-block third-party scripts till users give consent
  • Link to a compliant cookie policy on the cookie banner
  • Display a revocable cookie banner so users can easily withdraw consent
  • Record user consents for proof of compliance

Is cookie banner required in the US?

There are two things to remember before considering a cookie notice for a US-based website. Firstly, GDPR may apply to US websites. Even if your website is not based in the EU, but caters to users from the EU, you will have to comply with the GDPR. This means that your website is required to display a cookie consent banner.

Secondly, while the US does not have a federal data privacy law affecting the usage of cookies, state-level privacy laws in the US require an opt-out notice. US laws like the CCPA/CPRA in California establish rules to protect users’ personal data and give them rights over it. They require businesses to give users the right to opt-out of processing personal data (including cookies) for targeted advertising, sale of personal data and profiling. 

Similarly, Virginia’s CDPA, Utah’s UCPA, Colorado’s CPA, and Connecticut’s CTDPA also have opt-out requirements. Therefore if your website caters to traffic from these states, you have to display an opt-out cookie notice. 

CCPA/CPRA opt-out banner checklist

  • Inform users about your website’s use of third-party cookies
  • Inform users about their right to opt-out 
  • Have a ‘Do Not Sell/Share’ link to allow consumers to opt-out of the sale or sharing of their personal information.
  • Auto-block third-party scripts till the user opts out
  • Record user action for proof of compliance

CookieYes can help your website display a cookie opt-out notice and geo-target it for US or California users. If your website caters to both EU and US users, you can geo-target your banner and display both a GDPR cookie banner and a CCPA/CPRA opt-out cookie notice as per the user’s location.

CCPA cookie opt-out notice
A CCPA/CPRA opt-out notice powered by CookieYes.

This is the easiest part. With CookieYes CMP, you can implement a custom GDPR-compliant cookie banner within minutes. You can create a personalized banner with custom branding or stick to a simple cookie banner. 

The first step is to Sign up on CookieYes. It’s free for 14 days. You can cancel anytime. All you have to do is fill in your email address, your website domain and your password. You can get started with our cookie banner generator!

On signing up, you will be directed to a setup screen. Here you can select a cookie banner template and fully customize it. Or you can select the default (GDPR-compliant) banner, preview it on your website and head to the next step.

Customize and preview your cookie banner.

If you want to add personalization to your banner, you can customise it.

  • Layout: Select a banner layout, including all the examples above, and more. You can choose from different consent types, but we recommend ‘explicit consent’ for GDPR compliance.
  • Content: You can fully customize the banner text, button texts, content of the audit table and also add a link to your privacy policy/cookie policy. You can choose multiple languages for an auto-translated banner.
  • Colour: You can customize the colour of the cookie banner as well as the text to match your site’s design.
  • Behaviour: You can add a cookie widget to revisit consent, geo-target the banner, and display a cookie audit table.
  • CSS customizations: To further stylize the banner and modify its functionality, you can add custom CSS.

Now that you are happy with how your banner looks, you can activate it on your website. You have to copy the script and paste it between the <head> and </head> tags on your website.

copy cookie banner code from cookieyes app
Copy banner installation code and paste it on your website to activate.

Complicated? Access the CMS setup guides, follow the instructions and you will have a GDPR-compliant cookie consent banner on your website!

Country-wise cookie banner guidelines

Are there fines for non-compliant cookie banners?

Yes. In the EU, non-compliance with the GDPR can attract substantial GDPR fines. As the lawful basis for processing is one of the core principles of the GDPR, violations of consent can inflict monetary penalties. 

In 2022, the French regulator CNIL fined Google €150 million and Facebook  €60 million for making it difficult for users to refuse cookies with ease. The same year, beauty giant Sephora also faced $1.2 million in CCPA’s first-ever fine, for failure to process user requests to opt out of sale of their data.

While the fines may sound alarming, there is no need to worry. With the right cookie consent manager like CookieYes, compliance can be a cakewalk. 

Obtain cookie consent and
minimize your legal risk

Try for free

14-day free trialCancel anytime

Will cookie banner affect website SEO?

No. If implemented correctly cookie banners will not affect your SEO. If cookie banners are not intrusive, GoogleBot will be able to crawl your website. Google stresses avoiding intrusive interstitials and clarified that important notices like cookie banners will not negatively impact a site’s search performance (Here’s what Google’s John Mueller says.)

You should display your cookie banner on the top, side or footer of your page where it does not obstruct the content on the page. It should also be optimized for different devices so that the banner does not take up half the screen, for instance on mobile devices.

Cookie banner and cookie policy: What’s the difference?

Cookie banner or cookie notice is an alert or popup displayed on a website to request consent from visitors on the use of cookies, as required by privacy regulations such as the GDPR, LGPD, and CCPA. The banner will inform visitors that the website uses cookies and ask for the visitor’s permission to set cookies on their browser. 

Cookie policy is a detailed disclosure that explains a website’s use of cookies. It documents what cookies are, the types of cookies used on your website, why they are used and how these cookies are used to collect information from visitors. While privacy regulations may not explicitly require sites to have a cookie policy, it is often a standard practice adopted to respect user privacy and display transparency about data collection.

Do I need a cookie policy on my website?

Most likely, yes because it’s good practice. It also depends on whether your website caters to visitors from the EU or the US. The GDPR and the ePrivacy Directive require websites to inform users about how their data is collected and processed. As cookies are also part of GDPR’s definition of personal data, a cookie policy is important for websites in the EU, or websites that cater to users in the EU. You can create a separate cookie policy and link it to your cookie notice, so users can give their informed consent. 

In the US, CCPA/CPRA requires websites to disclose the collection and use of personal information through cookies. The law, however, does not require websites to have a separate cookie policy, you can include it within your privacy policy.

How to create a cookie policy for my website?

Creating a custom cookie policy can be quick and easy with CookieYes. You can scan your website for cookies and automatically generate a cookie audit table that is added to your cookie policy.

If you’ve already signed up on CookieYes. Follow these steps: 

Step 1. Head to the CookieYes Dashboard.

Step 2. Click on More > Cookie Policy Generator

Step 3. Customize the content of the cookie policy 

Step 4. Preview and generate the cookie policy

You can now copy the text or HTML and paste it within your privacy policy or as a separate page on your website. You can then go ahead and link it to your cookie banner.

Is my cookie banner compliant?

Lastly, if your website has a cookie banner, here’s a quick checklist to see if it’s compliant. If your banner has any of the following characteristics, it needs a revamp.

  • There is no clear information on all the cookie categories used.
  • The purpose of cookie usage is not stated.
  • It has pre-ticked boxes for cookies other than strictly necessary ones.
  • It does not have a reject button or option to customize cookie settings.
  • It blocks the user from browsing the site till they accept it.
  • Buttons are designed to nudge users to accept.
  • It does not link a cookie/privacy policy.
  • There is no option to consent to specific cookie categories.
  • It does not automatically block third-party scripts.
  • The user consent is not systematically recorded.

Sign up on CookieYes and create a free cookie banner and see for yourself!

Cookie banner FAQs

Why do cookies require consent?

Online identifiers like cookies, IP addresses, advertising IDs, pixel tags, account handles, device fingerprints, and radio frequency identification (RFID) tags, can be used in combination and used to create profiles of individuals and identify them. Hence, cookies can be considered personal data and are subject to privacy laws like the GDPR, LGPD (Brazil), CCPA, etc. 

What is GDPR cookie consent?

As per the GDPR, consent is one of the lawful bases for processing personal data in the EU. Websites use consent as the legal basis for storing and collecting data from cookies. What this means is that websites have to obtain consent from users before storing cookies on their devices. This is why cookie notifications are now oft-referred to as GDPR cookie consent banners.

According to Article 4 of GDPR, consent should involve a clear affirmative action and should be freely given, specific, informed and unambiguous. Article 7 states additional requirements – proof of consent, the ability to withdraw consent and that consent requests have to be easily accessible and use clear and plain language. To sum up, your website should display a GDPR-compliant cookie consent banner.

What is the EU cookie law?

The ePrivacy Directive or the EU cookie law is another set of rules that regulate the use of cookies. It requires that websites get users’ informed consent before storing cookies on their devices. The Directive makes an exception for strictly necessary cookies that are essential for the functioning of a website. The ePrivacy Directive supplements the GDPR and together comprises the EU cookie banner rules. 

How do I add cookie banner to my website?

To add a cookie banner to your website, you need to sign up for free on CookieYes CMP.

  1. Select a banner layout from the pre-built templates and customize it to your liking
  2. Copy the cookie banner installation code
  3. Paste the code on your website’s source code and publish

A cookie banner will be live on your website instantly! For detailed instructions to add a cookie banner to your website builder or CMS, follow these guides:

Cookie banner Wix, Cookie banner WordPress, Cookie banner Squarespace, Cookie banner Joomla, Cookie banner Shopify, Cookie banner Blogger, Cookie banner Weebly, Cookie banner Drupal, Cookie banner Magento, Cookie banner ImpressPages, Cookie banner Kajabi, Cookie banner Kartra, Cookie banner MODX

How do I add a cookie banner on Wix?

Implement a cookie banner on your Wix website in just 3 steps using CookieYes CMP, for free.

  1. Sign up and select a banner layout for your site
  2. Copy the cookie banner installation code
  3. Paste the code on your Wix website

For step-by-step instructions, follow Cookie banner Wix

How do I add a cookie banner to my WordPress site?

You can easily add a cookie banner to your WordPress website in just 3 simple steps using CookieYes CMP. 

  1. Sign up for free and select a cookie banner layout
  2. Copy the cookie banner installation code
  3. Paste the code on your website

For step-by-step instructions, follow Cookie banner WordPress

How do I add a cookie banner to Shopify?

To add a cookie banner on your Shopify website, sign up for free on CookieYes CMP, then: 

  1. Select and customize a cookie banner layout
  2. Copy the cookie banner installation code
  3. Paste the code on your Shopify website’s source code

For step-by-step instructions, follow Cookie banner Shopfiy

How do I add a cookie banner to Squarespace?

Add a cookie banner on your Squarespace website easily with CookieYes CMP. 

  1. Sign up for free and select a cookie banner layout
  2. Copy the cookie banner installation code
  3. Paste the code on your website’s source code

For step-by-step instructions, follow Cookie banner Squarespace

What should a cookie banner say?

Cookie banners should state the website’s use of cookies and the purposes for which they are used. The cookie banner text should use crisp, jargon-free language. 

In the second layer of a cookie banner, it should include detailed information about the different cookie categories, the purpose of each cookie, the duration it will be stored in a user’s device and if the website shares the data collected with any third parties.

How do I know if my website uses cookies?

Most websites use cookies. The easiest way to find out if your site uses cookies is to conduct a cookie scan. You can use the in-built scanner in CookieYes or can use this free cookie scanner. The scanner will crawl through your websites, activate hidden cookies and trackers, identify and categorize them and generate a cookie audit report.

Is cookie notice and cookie banner the same?

Cookie notice, cookie notification, cookie popup, cookie warning, cookie consent banner etc. are all different names for a cookie banner. The important thing to remember is, if your business falls under the scope of a privacy law that regulates cookies, you require a cookie banner on your website.

What are strictly necessary cookies?

Strictly necessary cookies are cookies that are exempt from cookie consent.  As the name suggests, they are essential for the website to function properly. For instance, they are cookies that are essential to access certain features of the website such as signing in, adding items to a shopping cart, or making online payments etc. 

What is valid consent?

For consent to be valid, it should  be:

  • Freely given: The user should have a genuine choice.
  • Specific and informed: You should explain the use of cookies, the purposes for which they are used, and how the user can withdraw consent at any time.
  • Unambiguous and affirmative: Consent should be given via a clear and positive action, such as clicking on the ‘Agree button’.

Hey,
are you an agency?

Deploy cookie banners on multiple client websites with our agency platform.

Partner with CookieYes

Up to 50% off on licenses