When you hear the term “cookie notice,” what comes to your mind? One that pops up on your screen when you visit a new website and one that’s embedded in the footer of every page.

Well, we’re here to give you the lowdown on what “cookie notices” are and why they are important for GDPR and CCPA/CPRA compliance.

What is a Cookie Notice?

 A cookie notice is a statement about the use of cookies on a website.

The term cookie notice is interchangeable with the term cookie consent banner or pop-up. While it is quite a confusing term, we cannot completely disregard it as wrong. The US data protection law, California Consumer Privacy Act (CCPA)/California Privacy Rights Act (CPRA) requires websites to display ‘notice at collection’ at or before the point of personal information collection. This requirement comes close to defining a cookie consent banner. However, even in this case, most examples of notice at collection are privacy notices rather than cookie consent pop-ups. Many websites that are subject to CCPA have a dedicated ‘notice at collection page linked on their homepage. 

Besides, cookie banners are more about an agreement between a website and its users to use cookies other than notifying them about it. So,  in that terms, the cookie banner is a cookie consent notice.

Cookie compliance made easy, and free!

Hassle-free cookie banner setup and cookie consent management for GDPR and CCPA compliance.

Free Cookie Consent

Free foreverCancel anytime

Therefore, a cookie notice can be defined as a policy statement on a website that discloses details about cookies set by the site, its types, and their purposes. It gives information about how the users can opt out of non-necessary cookies and manage cookie preferences. 

Do I need a cookie notice?

 If your website uses cookies, and if it gets visitors from the EU or EEA member states, then you must have a cookie notice on your site. The GDPR and the ePrivacy Directive (or the EU cookie law) require websites to disclose details about how they use personal data, and why they use it. Therefore, a website cookie notice is required by the EU laws.

Furthermore, the CCPA/CPRA also requires websites to disclose these details as well.

Therefore, a cookie notice is required if your website uses cookies, especially those that are set by third parties like Google Analytics, YouTube, Hotjar, Facebook, etc., and those that track your visitors across other websites for advertising purposes. It’s more like an open channel of communication with your users about how you will use their data.

GDPR requirements for cookie notice

The GDPR and the ePrivacy Directive mandate that users are informed about how their data is collected and processed. Article 13 and Article 14 of the GDPR require that any information or communication relating to the processing of personal data is easily accessible and is available in clear and plain language. As cookies come under the scope of personal data, a cookie notice is required for websites in the EU, or websites that cater to users in the EU.

The cookie notice must be displayed on every page of a website where cookies are used, and it must include information about the cookies used by the website. This includes:

  • a clear explanation of what cookies are used for;
  • the purposes for which they will be used (e.g., to remember your login details, to analyse your use of an online service);
  • the name(s) of any third party companies whose cookies are being used on the website; and
  • an indication that visitors can refuse cookies and how to do it.

CCPA/CPRA requirements for cookie notice

CCPA/CPRA does not require a separate cookie notice page. Businesses in the US, however, are required to have a privacy policy/notice that covers their use of cookies.

Websites are required to inform users on how they collect, use, share, and protect their personal information. Cookies fall under the scope of privacy disclosures and should be included in the privacy policy.

The policy page must include predominantly the following information :

  • category of personal information the site collects or sells
  • category of third parties where the information will be disclosed to
  • rights of users
  • opt-out options available to users

What should a cookie notice say?

At the outset, you have to keep in mind while creating the cookie notice for your website to use concise, clear, and plain language. You should avoid legal jargon that may confuse the readers. 

The simpler the explanation, the better they will understand and trust you.

A GDPR and CCPA/CPRA-compliant cookie notice should include the following sections:

  • The disclosure that you use cookies and what cookies are.

Many people visiting your website may have only little or no knowledge of internet cookies. This part will be useful to them. 

  • Description of the types of cookies used by your site.

Now, this is the part where you have to list all the cookies that your website uses and what are their properties (type, primary function).

  • An explanation of the purpose of these cookies.

You must provide what is the site’s purpose to use these cookies. It is a crucial part of the cookie notice, as it tells the users what happens to their data and how it is being processed by your site. This section could also explain who sets these cookies; if they are first-party or third-party cookies.

We recommend that you use a tabular format to list the different types of cookies and provide their details. E.g.

CookieYes cookie notice: types of cookies
Cookie Notice: types of cookies section

However, you can use your discretion to present the details in a format and template most convenient and that is compatible with your website’s design.

  • Details on how users can opt out or set their cookie preferences.

Your visitors may want not to share their personal data or have their browsing activities tracked by you or third parties. You are liable to provide them with an option to opt out of such cookies.

In this part, you should mention various settings to manage or delete these cookies. The methods may include your website’s cookie consent settings, third-party website settings, and internet browser settings to block or remove such cookies.

Make sure your visitors are aware of their right to withdraw the cookie consent at any time.  

Apart from these, the best practices also include adding the last updated or effective date of the policy so that the users are aware of recent changes. You can also add the contact information if not already done in your site’s privacy notice. 

Watch how to add a cookie notice on a website using CookieYes:

Create your cookie notice in 2 minutes.
No coding required!

Quickly generate a cookie policy and have it automatically updated as you make changes.

Generate your free cookie notice

Free foreverNo credit card requiredAuto-updating

Cookie Notice Examples

Let us look at some good examples of cookie notices that are compliant with GDPR and CCPA/CPRA.

Siemens starts its cookie notice with a declaration that they use cookies and a brief but adequate description of what cookies are with different types of cookies. It also mentions the legal grounds for processing each type of cookie in layperson’s terms. 

Siemens cookie notice

Dow Jones’ cookie notice uses a tabular format to provide information about each type of cookie and its purposes.

dow jones cookie notice

Visa uses an accordion-style design for its cookie notice and specifically mentions that it does not collect any personally identifiable information. It also links to its privacy notice for further information.

Visa cookie notice

CookieYes’ cookie notice has a dedicated section for details about managing cookie preferences. 

cookieyes cookie notice

Here, you will find a button Cookie Settings clicking on which will open the cookie consent banner and the users can then set or change their consent preferences as shown:

CookieYes cookie notice consent manager

It also gives links to browser settings for managing or deleting cookies.

Honeywell also gives links to various browser settings for managing cookies and to manage cookie settings (Privacy Preference Center). It also lists links to the other website settings to opt-out of third-party cookies.

honeywell cookie notice
Honeywell cookie notice

When “Cookie Notice” means “Cookie Banner”

A “cookie banner” is often used interchangeably with the terms “cookie notice” or “cookie consent notice.” These banners serve as the initial point of interaction between a website and its users regarding the use of cookies and are essential for compliance with various data protection laws like GDPR and CCPA/CPRA.

Through a cookie consent notice, websites can obtain consent from users for the use of cookies. This is particularly critical for cookies that track user activity or collect personal data for purposes such as analytics, advertising, and functional services.

Key elements of an effective Cookie Consent Notice:

  1. Clear information: Provide a brief explanation of what cookies are and why they are used, presented in simple language.
  2. Cookie types: The banner should categorize the cookies used (e.g., necessary, analytics, marketing) and offer an overview of their purposes.
  3. Consent choice: Ensure options are available for users to accept all cookies, reject non-essential cookies, or customize their preferences.
  4. Cookie Policy link: Include a link to the full cookie policy notice or privacy policy for users seeking more detailed information.
  5. Accessibility: The banner should be prominently displayed without obstructing website navigation and be accessible to all users.

Compliance with legal requirements

  • Under GDPR, explicit consent is required for non-essential cookies. The banner must enable users to make an informed choice, including the option to decline non-essential cookies.
  • For CCPA/CPRA, while a separate cookie notice page is not specifically mandated, the use of cookies falls under privacy disclosures. It is crucial that cookie banners are aligned with these disclosures.

Frequently asked questions

Is a cookie notice required?

Yes. Under the European Union and other legal frameworks, if your website uses cookies that are used for tracking users using their personal data, then you must have a cookie notice on your website. They are required for sites using cookies and falling under the jurisdiction that has enacted the cookie laws.

Are cookie notices required in the US?

While there is no federal law in the US that mandates cookie notices like the GDPR in the EU, some state privacy laws have requirements around disclosing the use of cookies.

CPRA requires businesses that collect personal information of California residents to inform them about the categories of personal information collected and the purposes for which it is used. As cookies can collect device identifiers, IP addresses, browsing history, etc. that may qualify as personal information under CPRA, businesses need to disclose details about their use of cookies in their privacy policy.

So while a dedicated cookie notice or banner may not be mandated, CPRA-covered businesses need to inform users if and how they utilize cookies to collect personal information.

Are cookie notices required in the UK?

Yes, websites in the UK do need cookie notices. Even though the UK has left the European Union (Brexit), it incorporated the requirements of the EU GDPR into its own UK GDPR. The requirements around the use of cookies and needing user consent remain aligned with the EU GDPR. Therefore, UK websites must have easy-to-access cookie notices that explain their cookie usage and provide opt-out.

Why am I getting all these cookie notices?

The reason you’re getting so many cookie notices is that privacy laws are being enforced.

These laws, such as GDPR in Europe and other legal frameworks around the world, require websites to inform users about their use of cookies. A website cannot store cookies without first notifying users about it (as a pop-up and detailed statement on a policy page).

How to add a cookie notice in WordPress?

You can add a cookie notice in WordPress the same way you add any new page. From the Dashboard, select Pages > Add New and write the content, and publish it. Some cookie notice plugins will help you create one.

You can generate content for the cookie policy using CookieYes’ cookie policy generator. It’s fast and automatically updates the cookie list when you scan for cookies using the web app. You can integrate the app and generate cookie notices for not just WordPress, but other CMS such as Blogger, Wix, Shopify, Squarespace, Magento, Drupal, and even custom-coded websites.

are you an agency?

Deploy cookie banners on multiple client websites with our agency platform.

Partner with CookieYes

Up to 50% off on licenses