When you hear the term “cookie notice,” what comes to your mind? One that pops up on your screen when you visit a new website and one that’s embedded in the footer of every page.
Well, we’re here to give you the lowdown on what “cookie notices” are and why they are important for GDPR and CCPA compliance.
What is a Cookie Notice?
A cookie notice is a statement about the use of cookies on a website.
The term cookie notice is interchangeable with the term cookie consent banner or pop-up. While it is quite a confusing term, we cannot completely disregard it as wrong. The US data protection law, California Consumer Privacy Act (CCPA) requires websites to display ‘notice at collection’ at or before the point of personal information collection. This requirement comes close to defining a cookie consent banner. However, even in this case, most examples of notice at collection are privacy notices rather than cookie consent pop-ups. Many websites that are subject to CCPA have a dedicated ‘notice at collection page linked on their homepage.
Besides, cookie banners are more about an agreement between a website and its users to use cookies other than notifying them about it. So, in that terms, the cookie banner is a cookie consent notice.
Cookie compliance made easy, and free!
Hassle-free cookie banner setup and cookie consent management for GDPR and CCPA compliance.
Free Cookie ConsentFree foreverNo credit card required
Therefore, a cookie notice can be defined as a policy statement on a website that discloses details about cookies set by the site, its types, and their purposes. It gives information about how the users can opt out of non-necessary cookies and manage cookie preferences.
Do I need a cookie notice?
If your website uses cookies, and if it gets visitors from the EU or EEA member states, then you must have a cookie notice on your site. The GDPR and the ePrivacy Directive (or the EU cookie law) require websites to disclose details about how they use personal data, and why they use it. Therefore, a website cookie notice is required by the EU laws.
Furthermore, the CCPA also requires websites to disclose these details as well.
Therefore, a cookie notice is required if your website uses cookies, especially those that are set by third parties like Google Analytics, YouTube, Hotjar, Facebook, etc., and those that track your visitors across other websites for advertising purposes. It’s more like an open channel of communication with your users about how you will use their data.
GDPR requirements for cookie notice
The GDPR and the ePrivacy Directive mandate that users are informed about how their data is collected and processed. Article 13 and Article 14 of the GDPR require that any information or communication relating to the processing of personal data is easily accessible and is available in clear and plain language. As cookies come under the scope of personal data, a cookie notice is required for websites in the EU, or websites that cater to users in the EU.
The cookie notice must be displayed on every page of a website where cookies are used, and it must include information about the cookies used by the website. This includes:
- a clear explanation of what cookies are used for;
- the purposes for which they will be used (e.g., to remember your login details, to analyse your use of an online service);
- the name(s) of any third party companies whose cookies are being used on the website; and
- an indication that visitors can refuse cookies and how to do it.
CCPA requirements for cookie notice
CCPA does not require a separate cookie notice page. Businesses in the US, however, are required to have a privacy policy/notice that covers their use of cookies.
Websites are required to inform users on how they collect, use, share, and protect their personal information. Cookies fall under the scope of privacy disclosures and should be included in the privacy policy.
The policy page must include predominantly the following information :
- category of personal information the site collects or sells
- category of third parties where the information will be disclosed to
- rights of users
- opt-out options available to users
What should a cookie notice say?
At the outset, you have to keep in mind while creating the cookie notice for your website to use concise, clear, and plain language. You should avoid legal jargon that may confuse the readers.
The simpler the explanation, the better they will understand and trust you.
A GDPR and CCPA compliant cookie notice should include the following sections:
- The disclosure that you use cookies and what cookies are.
Many people visiting your website may have only a little or no knowledge of internet cookies. This part will be useful to them.
- Description of the types of cookies used by your site.
Now, this is the part where you have to list all the cookies that your website uses and what are their properties (type, primary function).
- An explanation of the purpose of these cookies.
You must provide what is the site’s purpose to use these cookies. It is a crucial part of the cookie notice, as it tells the users what happens to their data and how it is being processed by your site. This section could also explain who sets these cookies; if they are first-party or third-party cookies.
We recommend that you use a tabular format to list the different types of cookies and provide their details. E.g.
However, you can use your discretion to present the details in a format and template most convenient and that is compatible with your website’s design.
- Details on how users can opt out or set their cookie preferences.
Your visitors may want not to share their personal data or have their browsing activities tracked by you or third parties. You are liable to provide them with an option to opt out of such cookies.
In this part, you should mention various settings to manage or delete these cookies. The methods may include your website’s cookie consent settings, third-party website settings, and internet browser settings to block or remove such cookies.
Make sure your visitors are aware of their right to withdraw the cookie consent at any time.
Apart from these, the best practices also include adding the last updated or effective date of the policy so that the users are aware of recent changes. You can also add the contact information if not already done in your site’s privacy notice.
Watch how to add a cookie notice on a website using CookieYes:
Create your cookie notice in 2 minutes.
No coding required!
Quickly generate a cookie policy and have it automatically updated as you make changes.
Generate your free cookie noticeFree foreverNo credit card requiredAuto-updating
Cookie Notice Examples
Let us look at some good examples of cookie notices that are compliant with GDPR and CCPA.
Siemens starts its cookie notice with a declaration that they use cookies and a brief but adequate description of what cookies are with different types of cookies. It also mentions the legal grounds for processing each type of cookie in layperson’s terms.
Dow Jones’ cookie notice uses a tabular format to provide information about each type of cookie and its purposes.
Visa uses an accordion-style design for its cookie notice and specifically mentions that it does not collect any personally identifiable information. It also links to its privacy notice for further information.
CookieYes’ cookie notice has a dedicated section for details about managing cookie preferences.
Here, you will find a button Cookie Settings clicking on which will open the cookie consent banner and the users can then set or change their consent preferences as shown:
It also gives links to browser settings for managing or deleting cookies.
Honeywell also gives links to various browser settings for managing cookies and to manage cookie settings (Privacy Preference Center). It also lists links to the other website settings to opt-out of third-party cookies.
Frequently asked questions
Is cookie notice required?
Yes. Under European Union and other legal frameworks, if your website uses cookies that are used for tracking users using their personal data, then you must have a cookie notice on your website. They are required for sites using cookies and falling under the jurisdiction that has enacted the cookie laws.
Why am I getting all these cookie notices?
The reason you’re getting so many cookie notices is that privacy laws are being enforced.
These laws, such as GDPR in Europe and other legal frameworks around the world, require websites to inform users about their use of cookies. A website cannot store cookies without first notifying users about it (as a pop-up and detailed statement on a policy page).
How to add a cookie notice in WordPress?
You can add a cookie notice in WordPress the same way you add any new page. From Dashboard, select Pages > Add New and write the content and publish it. There are some plugins that will help you create one.
You can generate content for the cookie policy using CookieYes’ cookie policy generator. It’s fast and automatically updates the cookie list when you scan for cookies using the web app. You can integrate the app and generate cookie notice for not just WordPress, but other CMS such as Blogger, Wix, Shopiy, Squarespace, Magento, Drupal and even custom-coded websites.
