Skip to main content

Consent

13 min read

Cookie Popup for GDPR Cookie Consent: Best Practices

By Kavya November 25, 2024

Cookie Popup for GDPR Cookie Consent: Best Practices

Want to deploy cookie banners across multiple client websites?

Partner with CookieYes →

After the General Data Protection Regulation or GDPR came into being in 2018, a lot of things changed on the internet. One of the after-effects is the prevalence of cookie popups and banners on websites. If you are looking to add a cookie popup to your website, you are in the right place! 

With CookieYes, you can implement a custom cookie popup on your website in just minutes. You can choose a cookie consent popup from different layouts, themes, colours, in over 170+ languages and curate a personalized consent experience for your user.

A cookie popup design on a website.
A cookie popup powered by CookieYes, on gaming site Goat Simulator.

What is a cookie popup?

A cookie popup is a banner that is displayed on websites to ask visitors for consent for the use of cookies. That way, the user will be aware of the website’s cookie usage and provide active consent.

Cookie popups fulfil the GDPR requirement to obtain consent for setting cookies on a user’s device. Cookies fall under the category of personal data as per the GDPR. To process any personal data, businesses have to obtain consent from the user. This means, before dropping cookies on a user’s device, they should consent to it. 

Effective cookie popup examples for your website

A banner layout cookie popup on Jack & Jones website.
A cookie popup on Jack & Jones website.
A centre overlay cookie popup on University Arts London website.
A cookie popup on University Arts London website.
A centre overlay cookie popup on a French website.
Cookie popup on French website Le Fast Phone
A floating cookie popup on the left bottom of a website.
A cookie popup on Blockthrough.com

Best practices for cookie popup

  • Offer a clear and equally prominent ‘accept’ and ‘reject’ buttons.
  • Allow users to enable or disable cookie categories individually.
  • Avoid using cookie walls, as they are not GDPR compliant.
  • Avoid dark patterns to ensure legal compliance and build user trust.
  • Ensure that the popup is mobile-responsive and is user-friendly on different devices.
  • Display auto-translated banner in your visitor’s preferred language.
  • Link your cookie policy or privacy policy on the cookie popup for transparency.
  • Block third-party cookies until user consent is given.
  • Disable all non-necessary cookies by default.
  • Geo-target the popup to users from relevant regions or countries.
  • Use a cookie widget to provide an easy way for users to change cookie preferences.

Display cookie popup and
get GDPR compliant in no time

Try for free

14-day free trialCancel anytime

You can easily generate a cookie popup or cookie banner with a consent management platform (CMP) like CookieYes. The CookieYes CMP is used by over 1.5 million websites, big and small, to comply with data privacy regulations across the globe. You don’t need knowledge of coding or time-consuming integrations to add a GDPR compliant cookie consent popup to your website.

Step 1. Sign up on CookieYes 

The first step is to Sign up on CookieYes and start your 14-day free trial. You don’t need a credit card. All you have to do is fill in your email address, your website domain and password. You can start generating your cookie popup!

Step 2. Customize the cookie popup

On signing up, you will be directed to a setup screen. Here you can select a cookie popup template and fully customize it. 

  • Layout: Select the cookie popup layout or other layouts such as box type or banner.
  • Content: Customize the cookie popup text, button texts, content of the audit table and also add a link to your privacy policy/cookie policy. 
  • Languages: Choose from 40+ languages for an auto-translated cookie popup.
  • Colour: Customize the colour of the cookie popup as well as the text to match your site’s design.
  • Behaviour: Add a cookie widget to revisit consent, geo-target the banner for EU and UK users.
  • CSS customizations: Add CSS customizations to stylize the banner and modify its functionality.

Step 3. Activate your cookie popup

After you are done with the customization of the cookie popup or banner, activate it on your website. Copy the script and paste it between the <head> and </head> tags on your website. (access the website platform or CMS setup guides for detailed instructions). You are all done! You now have a GDPR-compliant cookie popup on your website.

What is GDPR cookie consent?

To be GDPR compliant, consent should meet the standards as defined in the GDPR. Article 4(11) defines consent as

Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Freely given i.e. the user must have an active choice and consent should be voluntary i.e. consent should not be made conditional for using your website. This means the user should have the choice to accept and reject cookies.

Specific i.e. consent should be obtained for a specific purpose and cannot be vague, or ambiguous. Cookie consent cannot be bundled with other terms and conditions or privacy policies. You should obtain explicit consent prior to loading cookies on a user’s device.

Informed i.e. the user should be made aware of cookies on your website, their purpose and what they are consenting to.

Affirmative action indicates that the user has taken an action to give consent such as clicking on the accept button. This means implied consent is not valid. You cannot assume consent if a user continues browsing without taking an action on your cookie banner or popup.

Cookie consent checklist

Using CookieYes, you can tick off the GDPR cookie consent checklist below!

  • Collect consent for using cookies on your website with a cookie popup or banner
  • Give users control to accept, decline or change cookie settings 
  • Customize the cookie popup for content, colours, design
  • Display a responsive cookie popup for desktop and mobile devices 
  • Show cookie table (name, type, purpose and duration) for full disclosure of cookies 
  • Show auto-translated banner to users as per their browser language
  • Auto-block third-party cookies from loading till the user gives consent
  • Record all user consents for proof of compliance
  • Add a callback widget for the banner so users can revoke consent at any time

Cookie consent banners can come in different layouts and styles. You can use a layout as per your website’s design. Here are the different types that can be implemented using the CookieYes CMP. In terms of layout, the cookie banners should be simple and easy to use so that it does not interrupt the content or user experience of the website. 

Popup

The cookie popup layout is designed to grab the user’s attention as they cannot access the website without taking any action on the popup. So, ensure that they are GDPR compliant and easy to use. 

Banner 

Footer or header banners are most commonly used by websites. In a study of consent banners in the EU, nearly 58% used bottom banners and 27% used top banners. Ensure that your banners don’t block elements like the navigation menu (in the case of a header banner). 

Box-type

Box-type layouts are also often seen on websites and are placed in the left or right corner of the site. These types of banners are non-intrusive and can be aligned to the site’s aesthetic. 

FAQ on cookie popup

Is a cookie popup necessary? 

Yes, a cookie popup or banner is necessary if you are a website that functions in any of the EU countries and the UK or has visitors from these countries. Websites in the EU are also bound by the ePrivacy Directive or EU cookie law. (Read more on EU cookie law).

Data privacy laws and directives like the LGPD (Brazil), POPIA (South Africa), CNIL (French), CCPA (US) also have consent requirements. This means if your website has visitors from these countries, you can be subject to the respective privacy regulations. Therefore, it is the best practice to add a compliant cookie popup or banner on your website.

What does GDPR say about cookies?

GDPR categorizes cookies and similar online identifiers as personal data. Since these identifiers can be used in combination to identify a user’s device and hence the user, they are considered as personal data.

Cookies are mentioned only once in the GDPR’s Recital 30, which states that:

“Natural persons may be associated with online identifiers … such as internet protocol addresses, cookie identifiers or other identifiers….This may leave traces which, in particular when combined with unique identifiers and other information received by the servers, may be used to create profiles of the natural persons and identify them.”

Why do websites warn about cookies?

Websites show cookie warnings and cookie notifications to obtain consent from users for dropping it on their devices. When we visit websites, cookies are loaded on our devices. In the EU, the use of cookies has been regulated by the ePrivacy Directive or the EU cookie law which requires websites to get consent for the use of cookies other than strictly-necessary ones.

After the arrival of GDPR, cookie consent requirements are legally binding. Hence websites use cookie consent banners or cookie popups to fulfil GDPR compliance regarding cookies. 

What should cookie banner say?

A cookie banner should inform users about cookies on the website and their purposes in brief and ask for consent from the users. A banner should clearly provide users with the option to accept and reject cookies, and also to give granular consent through cookie settings. It should also provide detailed information on cookies by linking to the cookie or privacy policy. 

Photo of Kavya

Kavya

Kavya is a content designer who works across marketing, and product to create simple, user-first content. She brings expertise in long-form content, UX writing, and copywriting for B2C and B2B brands. In her downtime, she’s probably watching re-runs of mobster dramas and baking.

Keep reading

Featured image of 7 Steps to Enhance Compliance Management for Your Business

Privacy Laws

7 Steps to Enhance Compliance Management for Your Business

Have you thought about compliance as a growth driver? For most businesses, it is just …

Read more
Featured image of Cookiebot vs OneTrust vs CookieYes: Which One Is The Best?

Consent

Cookiebot vs OneTrust vs CookieYes: Which One Is The Best?

Our detailed comparison will explore features, pricing, and privacy compliance functionality, guiding you through the nuances of Cookiebot, Onetrust and CookieYes to find the one that best suits your business's consent management needs.

Read more
Featured image of Iubenda vs Osano vs CookieYes: Which One Is The Best?

Iubenda vs Osano vs CookieYes: Which One Is The Best?

Our detailed comparison will explore features, pricing, and privacy compliance functionality, guiding you through the nuances of Cookiebot, Iubenda, and CookieYes to find the one that best suits your business's consent management needs.

Read more

Show all articles