Cookie Consent Psychology: What Makes Users Say Yes or No?

Cookie banners have become a routine part of the web experience, appearing on nearly every site to request permission for tracking, analytics, or personalisation. If you, like us, care about compliance and user experience, knowing what drives a user to accept, reject, or customise cookies would be interesting. This blog attempts to explore the intersection of cookie consent psychology, law and user experience. It also breaks down the factors behind acceptance and rejection rates while revealing how the structure of your cookie banner shapes every decision. 

What is a cookie banner?

Cookie banners inform users that cookies are used on a website and provide them with choices on how their data is handled. They are the front-facing layer of a website’s compliance with privacy laws. 

Global privacy laws such as the GDPR, ePrivacy Directive, CCPA, PECR, LGPD, and PIPEDA mandate transparency and user control over data collection. 

Although specific requirements for cookie banners vary by jurisdiction, they share a common goal to enable informed consent.

Cookie banners serve as a practical tool to achieve it by clearly communicating what data is collected, how it will be used, and giving users meaningful options to accept, reject, or customise their preferences.

What is cookie consent?

Cookie consent is the permission to use cookies, which are small data files used to track behaviour, personalise content, or gather analytics on an online platform.

Consent must be informed, unambiguous, explicit, and freely given, especially under laws like GDPR and CCPA/CPRA.

A user’s choice here determines what kind of data your business can collect.

Above is an interactive pie chart depicting the cookie consent rates based on an internet cookie survey conducted by All About Cookies.

Cookie consent psychology refers to the behavioural and cognitive factors that influence how users respond to cookie banners. It seeks to understand the reasons behind user actions, whether they accept, reject, or customise their cookie settings, based on how information is presented to them.

At its core, cookie consent psychology blends insights from behavioural science, interface design, and privacy attitudes.

It explores how banner layout, colour schemes, copywriting, button hierarchy, and timing can shape user decisions.

Key psychological drivers include:

• Cognitive biases, such as default bias, which leads users to choose the easiest option (often “Accept all”).
• Emotional responses to language or visuals that convey trust, urgency, or ambiguity.
• Consent fatigue, where users, overwhelmed by repeated prompts, act reflexively rather than thoughtfully.
• Idea of control, when users feel they have privacy choices, even if navigating those choices is burdensome.

Understanding cookie consent psychology helps businesses design banners that not only comply with privacy laws but also respect user intent.

It encourages the creation of ethical interfaces that support informed decision-making, build trust, and enhance long-term user engagement.

A choice made by users when met with a cookie banner could be driven by many invisible levers. Let’s look at some of them.

Cookie banner design/ External factors

If you are familiar with websites, you would already know that every button and text is a conscious choice. Similarly, many websites use design elements to increase acceptance rates and cater to their marketing needs. But here is a quick reminder: NOT ALL OF THEM ARE LEGAL. 

Prominent reject button

Cookie banners that highlight the “Accept” button while hiding the “Reject” option, often placing it behind a secondary “More Options” layer, tend to generate higher consent rates. This design creates friction for those wanting to decline, nudging users towards the easier, more visible path.

Research confirms that both the actual and perceived effort to reject cookies significantly affects user behaviour. When rejection requires more clicks or is poorly labelled, users are more likely to accept by default.

Moreover, the study found that when the “Reject” button was clearly labelled and visually prominent, acceptance rates dropped notably. This reinforces that design and language jointly shape user decisions, often influencing consent without users being fully aware of it.

Positive text

The tone of the cookie banner message, particularly when it uses positive language to frame consent as beneficial, can have a small effect on user choices.

For example, messages that highlight improved user experience or personalisation may encourage some users to accept.

However, a study by Jere Laine indicates that message tone alone does not have a major impact on overall acceptance rates. Its influence is limited compared to other factors like button design or labelling.

Button labels 

The phrasing of button labels plays a more substantial role in shaping user behaviour.

For instance, using a generic term like “Privacy Settings” instead of a clearer label such as “Show More Cookie Options” led more users to accept cookies. 

This is likely because vague wording reduces awareness of the option to reject cookies. In effect, users may unknowingly consent simply because the banner’s language makes the opt-out less obvious.

Even without changing the structure of the banner, word choice alone can steer decisions, subtly increasing consent by making alternatives less clear.

Button colours

Users tend to click the button that stands out visually, whether it’s “Accept” or “Reject.” 

Highlighting a button using colour or contrast draws attention, increasing the likelihood that it will be selected. This demonstrates that many users follow the most visually prominent path, rather than making a fully informed decision.

Interestingly, this effect could also be stronger among rational, analytical users. When the less common option, such as “Reject,” is highlighted, the users might pause to reconsider and likely refuse cookies.

This suggests that even thoughtful users can be influenced by how unusual or unexpected a design looks, nudging them toward less typical actions like rejecting cookies.

Psychological/ internal factors

Privacy concerns 

It might seem logical that people who care about privacy would reject cookies more often, but that is not always the case. Even users with strong privacy concerns may still allow tracking if the banner is unclear or if opting out feels like too much effort.

This reflects what is often called the privacy paradox, where people say they value privacy but do not act on it when the process is inconvenient. At the same time, users who are less focused on privacy might still choose to reject cookies when the option is easy to find and simple to use.

When the design makes privacy choices straightforward, people are more likely to follow through, regardless of their initial level of concern.

Technological knowledge

It is often assumed that people who are not tech-savvy do not pay attention to cookie settings, but that is not always the case. Some may still engage with the consent banner when the process is simple and clear.

At the same time, users who view cookies as helpful for personalisation or site performance may prefer to customise their settings rather than reject them entirely.

For many, the decision comes down to convenience and perceived benefit, not just technical confidence.

Convenience

Users who see cookies as helpful for personalisation or essential site functions may be more inclined to customise their settings rather than reject them entirely.

Shortcuts and habits

Many users develop shortcuts when dealing with cookie banners. Some routinely click “Accept” to continue quickly, while others always seek the opt-out. These behaviours can form through repeated exposure across websites.

While visual cues like highlighting can influence decisions, they do not affect everyone equally.

Still, it is unclear whether these habits would hold if rejecting cookies required more effort.

Social nudge

A study published in Frontiers in Psychology found that telling users most people reject cookies made them more likely to do the same. However, stating that most people accept cookies had little to no effect. 

Age

Age may also play a role in cookie decisions. 

Younger users tend to reject cookies more often than older ones. This could be due to higher digital awareness or increased scepticism about tracking and personalisation among younger generations.

However, the Internet cookie survey by All About Cookies reports that Gen Z are most likely to click the accept all button. So this is still a grey area.

Global privacy laws like the GDPR and CCPA prohibit dark patterns such as hidden opt-outs or pre-ticked boxes, as these invalidate consent. Sites that use such tactics risk not only fines but also user distrust.

To stay compliant and credible, banners must be clear, fair, and easy to navigate. Here’s how to design cookie prompts that respect privacy and encourage honest engagement. Here’s how to strike the right balance.

#1 Present accept and reject options equally

Ensure fairness by giving users a real choice upfront

Legally valid consent must be freely given, and that starts with design parity. 

• Your banner should make the “Reject All” button just as visible, clickable, and accessible as the “Accept All” button.
• Hiding decline options under “Settings” or requiring multiple clicks to opt out may violate GDPR standards.
• From a UX perspective, equal choice empowers users and reflects a respect-first approach.
• Ensure all buttons are equally styled and available at first glance.

#2 Write in clear, user-friendly language

Avoid legalese and speak in plain terms

• Confusing terminology alienates users.
• Your cookie banner should explain, in straightforward language, what cookies do and why they’re used.

Instead of “processing personal data via third-party tracking technologies,” consider “We use cookies to improve your experience and show relevant ads.”

Plain language boosts transparency, helps users make informed decisions, and signals that your organisation has nothing to hide.

#3 Avoid deceptive design tactics (Dark patterns)

Tricks might win clicks, but they’ll cost you compliance

• Design patterns that nudge users to consent without their awareness, like low-contrast “Reject” buttons, misleading labels, or persistent pop-ups, are dark patterns.
• They are increasingly banned in privacy legislation (including CCPA and GDPR). Consent obtained this way is not legally valid.

Instead of cornering users into saying “yes,” create an environment where consent is a conscious, informed decision. This reduces legal risk and improves the quality of your analytics data.

#4 Optimise banner placement for better UX

Respect users’ space and attention span

• Consent prompts don’t have to be intrusive.
• Full-screen pop-ups that interrupt navigation are often annoying and less effective.
• Consider placing a small banner at the bottom of the screen, visible but not obstructive.

#5 Offer cookie category controls (Granular controls)

Let users customise, but keep it simple at first

Most privacy regulations require cookie banners to offer granular cookie settings that allow users to decide between functional, analytical, and advertising cookies.

However, displaying a cluttered list of toggles on the first banner layer can overwhelm and discourage meaningful choice.

Start with clear, high-level choices. For example, give three options in the first layer of the banner- “Accept All,” “Reject All,” and “Customise”.

Then, allow deeper configuration for users who want it. This balances control with usability, keeping engagement high and stress low.

#6 Be transparent about what consent means

Clarity now prevents backlash later

A vague or sugar-coated banner may nudge more users to click “Accept,” but it risks backlash once users realise how their data is used.

Being open about the consequences of acceptance, such as data sharing with advertisers, helps users make informed decisions.

While this may reduce opt-in rates, it increases consent quality and long-term user trust.

Link clearly to your cookie policy, and briefly explain the types of data you collect and why.

#7 Respect declined consent without punishment

A ‘no’ should never break the site or be ignored

When a user refuses non-essential cookies, that choice must be honoured without retaliation.

Disabling site functionality, repeatedly prompting the user, or silently dropping trackers despite their refusal violates both the spirit and the letter of global privacy regulations.

A respectful “no” experience shows your site is committed to data dignity. It also leaves the door open for future engagement. When users feel respected, they’re more likely to return and reconsider.

Figma

The cookie banner on Figma’s website provides equal prominence for both accept and reject buttons. It is aligned to the bottom-right, is conspicuous and is compliant with opt-in laws like GDPR.

Landmark Systems

The cookie banner on Landmark’s website features a clear and concise cookie message, with equally prominent accept, reject, and customise buttons. It is customised to match the website’s colour scheme using CookieYes and is aligned to the bottom-left. The banner complies with GDPR and similar opt-in legislation.

FIFA

Cookie banner on FIFA’s website uses the text “I’m okay with that” instead of the typical use of “Accept”. The banner is aligned to the bottom of the window and doesn’t interfere with the browsing experience. It follows an opt-in model.

HubSpot

Cookie banner on HubSpot aligns to the top of the window with equally prominent accept and reject buttons.

LegoLand

LegoLand provides a fun-coloured opt-in banner with a short and easy-to-understand cookie message. The accept and reject buttons are equally highlighted in the banner.

Sports Facilities

The Sports Facilities’ website features an opt-out cookie banner in compliance with US privacy laws like the CCPA. By clicking on the “Do not sell or share my personal information” link, users can opt out of third-party cookies.