Cookie banners have now become an indispensable part of the web browsing experience, thanks to privacy regulations like the GDPR and ePrivacy Directive in the EU, CCPA in the US, LGPD in Brazil, and similar privacy laws across the world. While cookie banners are necessary for compliance, in an increasingly privacy-conscious world, a cookie banner can also communicate your brand value and its alignment with users’ expectations.
This blog will detail the best practices for a compliant cookie banner, how to create one for your website and will answer oft-asked questions about cookie consent, cookie laws and how it affects websites in the EU and outside.
What is a cookie banner?
A cookie banner is a notice often displayed on a user’s first visit to a website that informs them about the cookies and trackers the site uses and asks for the user’s consent to store cookies on their devices.
Before the advent of data privacy laws, websites often used a notice-only cookie banner that informed about cookie usage but did not ask user’s permission to load cookies on their devices.
But this started changing with the arrival of data privacy laws across the world, especially the European Union’s General Data Protection Regulation (GDPR).
GDPR complaint cookie banner from CookieYes
CookieYes is a cookie consent solution trusted by over 1 million websites to achieve cookie compliance. CookieYes empowers your website to give users a privacy-compliant and user-friendly consent mechanism through customizable cookie banners.
You can implement a simple cookie banner on your website that is not intrusive and also aligns with your website’s branding. On the other hand, you can add advanced CSS customizations and branding and tailor your banner to your website’s design.
Usability and the ease of giving consent is another important factor for the effectiveness of a cookie banner. With CookieYes, users can easily control their cookie preferences with the toggles.
Cookie banners should also be optimized for different devices. CookieYes banners are intuitive and can be tailored for mobile and tablet users, to give them a user-friendly cookie banner.
Cookie banner requirements in EU
GDPR cookie consent
You may have come across the term ‘GDPR cookie consent’ concerning cookie banners. It refers to the consent requirements of the GDPR and how it extends to cookie usage on websites.
As per the GDPR, consent is one of the lawful bases for processing personal data in the EU. Websites use consent as the legal basis for storing and collecting data from cookies. What this means is that websites have to obtain consent from users before storing cookies in their devices. This is why cookie notifications are now oft-referred to as GDPR cookie consent banners.
According to Article 4 GDPR, consent should involve a clear affirmative action and should be freely given, specific, informed and unambiguous. Article 7 states additional requirements – proof of consent, ability to withdraw consent and that consent requests have to be easily accessible, use clear and plain language. To sum up, your website should display a GDPR compliant cookie consent banner.
EU cookie law
GDPR compliant cookie banner checklist
A cookie consent banner is essential for compliance but is not sufficient on its own. Here’s a checklist that will help you implement a cookie consent mechanism on your website that is fully compliant with the GDPR.
- Display a custom cookie consent banner as per your website’s design
- Provide a user-friendly layout optimized for different devices
- Inform users about cookie usage in plain and jargon-free language
- Display auto-translated banner according to user’s browser language
- Showcase different cookie categories used on your website
- Provide granular options to accept/reject different cookie categories
- Display ‘accept’ and ‘reject’ buttons on the banner
- Auto-block third-party scripts till users give consent
- Display a revocable cookie banner so users can easily withdraw consent
- Record user consents for proof of compliance
Cookie banner layout
Cookie banners can come in different layouts and styles according to the website’s design and branding. In terms of layout, the cookie banners should be simple and non-intrusive so that it does not interrupt the content or user experience of the website.
These are the classic footer or header banners that are oft-used by websites. In a study of consent banners in the EU, close to 58% used bottom banners and 27 % used top banners, similar to a website header or footer (bar style).
Boxed type layouts or popups are also seen on websites often placed in the left or right corner of the site. These types of banners are non-intrusive and can be aligned to the site’s aesthetic.
Like what you see? The cookie banner examples above are powered by CookieYes, a cookie consent solution trusted by over 1 million websites for cookie compliance with privacy laws like the GDPR, CCPA, and LGPD.
Using a simple dashboard on CookieYes you will be able to implement cookie compliance for your website. You can create a personalized cookie banner design with custom branding or stick to a simple cookie banner. Remember the cookie banner checklist? You can achieve all that and more with CookieYes.
How to add cookie banner to website
This is the easiest part. With CookieYes, you can implement a custom GDPR compliant cookie banner within minutes.
Step 1. Sign up on CookieYes
The first step is to sign up on CookieYes. It’s free. You don’t need a credit card. All you have to do is fill in your email address, your website domain and password. You can get started with our cookie banner generator!
Step 2. Select and customize the template
On signing up, you will be directed to a setup screen. Here you can select a cookie banner template and fully customize it. Or you can select the default (GDPR compliant) banner, preview it on your website and head to the next step.
If you want to add personalization to your banner, you can customize your cookie banner.
- Layout : Select a banner layout, including all the examples above, and more. You can choose from different consent types, but we recommend ‘explicit consent’ for GDPR compliance.
- Colour: You can customize the colour of the cookie banner as well as the text to match your site’s design.
- Behaviour: You can add a cookie widget to revisit consent, geo-target the banner, and display a cookie audit table.
- CSS customizations: To further stylize the banner and modify its functionality, you can add custom CSS.
You can read the detailed setup and installation guide.
Step 3. Activate your cookie banner
Now that you are happy with how your banner looks, you can activate it on your website. You have to copy the script and paste it between the <head> and </head> tags on your website.
Complicated? Access the CMS setup guides and follow the instructions. You are all done! You now have a GDPR compliant cookie banner on your website.
You can go to the CookieYes dashboard and enable the consent log in the ‘Site settings’. Consent logs are important so that you have a centralized record of user consents in case you have to demonstrate proof of consent to regulators.
CookieYes will also automatically block third-party scripts (Google Analytics, Facebook pixel etc.) till the user gives consent and will support the browser’s Do Not Track (DNT) setting. This means you can achieve complete GDPR compliance without time-consuming integrations.
You can also manage multiple websites in one account and implement a cookie banner on all major website CMS like WordPress, Magento, Shopify, Wix, Weebly, MODX, Drupal, Squarespace, and Joomla. (Read the CMS setup guides)
Do I need a cookie banner?
Are you still wondering if your site needs a cookie banner that adheres to GDPR? Most certainly, yes. If you are a website that functions in any of the EU countries or has visitors from the EU, you require a consent banner to comply with the GDPR and the ePrivacy Directive.
Data privacy laws often have extraterritorial scope meaning they can cover businesses beyond their geographical boundaries. If your website has visitors from the EU, the UK etc. you can be subject to the respective privacy regulations. Therefore, it is the best practice to implement a compliant cookie banner for your website.
Are there fines for non-compliant cookie banners?
Yes. In the EU, non-compliance with the GDPR can attract substantial GDPR fines. As the lawful basis for processing is one of the core principles of the GDPR, violations of consent can inflict monetary penalties.
While the fines may sound alarming, there is no need to worry. With the right cookie consent manager like CookieYes, compliance can be a cakewalk.
Do I need a cookie banner in the US?
There are two things to remember before considering a cookie banner for a US-based website. Firstly, while the US does not have a federal data privacy law like the EU directly affecting the usage of cookies, GDPR may apply to US websites. (Read GDPR checklist for US companies). Remember that even if your website is not based in the EU, but caters to users from the EU, you will have to comply with the GDPR. This means that your website is required to display a cookie consent banner.
Secondly, state-level legislation in the US like the California Consumer Privacy Act (CCPA) and Virginia Consumer Data Protection Act (CDPA) establishes rules to protect users’ personal data and give them rights over it. The CCPA and CDPA give users the right to opt-out of processing of personal data for targeted advertising, sale of personal data and profiling. In this case, you may not require a cookie banner, but instead, have to display an opt-out cookie notice.
A CCPA compliant opt-out notice should:
- Inform users about your websites use of third-party cookies
- Inform users about their CCPA right to opt-out
- Have a ‘Do Not Sell’ button to allow consumers to opt-out of the sale of their personal information.
- Auto-block third-party scripts till user opts out
- Record user action for proof of compliance
CookieYes can help your website display an opt-out notice and geo-target the opt-out notice to only US visitors, or visitors in California
If your website caters to both EU and US users, you can geo-target your banner and display both a GDPR cookie banner and CCPA opt-out notice as per the user’s location.
Will cookie banner affect website SEO?
No. If implemented correctly cookie banners will not affect your SEO. If cookie banners are not intrusive, GoogleBot will be able to crawl your website. Google stresses avoiding intrusive interstitials and clarified that important notices like cookie banners will not negatively impact a site’s search performance.
You should display your cookie banner on the top, side or footer of your page where it does not obstruct the content on the page. It should also be optimized for different devices so that banner does not take up half the screen, for instance on mobile devices.
If you’ve already signed up on CookieYes. Follow these steps:
Step 1. Head to the CookieYes Dashboard.
Step 2. Scan website for cookies
Is my cookie banner compliant?
Lastly, if your website has a cookie banner, here’s a quick checklist to see if it’s compliant. If your banner has any of the following characteristics, it needs a revamp.
- There is no clear information on all the cookie categories used.
- The purpose of cookie usage is not stated.
- It has pre-ticked boxes for cookies other than strictly necessary ones.
- It does not have a reject button or option to customize cookie settings.
- It blocks the user from browsing the site till they accept it.
- Buttons are designed to nudge users to accept.
- There is no option to consent to specific cookie categories.
- It does not automatically block third-party scripts.
- The user consents are not systematically recorded.
Sign up on CookieYes and create a free cookie banner and see for yourself!
Cookie banner FAQs
Why do cookies require consent?
Online identifiers like cookies, IP addresses, advertising IDs, pixel tags, account handles, device fingerprints, radio frequency identification (RFID) tags, can be used in combination and used to create profiles of individuals and identify them. Hence, cookies can be considered personal data and are subject to privacy laws like the GDPR, LGPD (Brazil), CCPA etc.
What should a cookie banner say?
In the second layer of a cookie banner, it should include detailed information about the different cookie categories, the purpose of each cookie, the duration it will be stored in a user’s device and if the website shares the data collected with any third parties.
Is cookie notice and cookie banner the same?
Cookie notice, cookie notification, cookie popup, cookie warning, cookie consent banner etc. are all different names for a cookie banner. The important thing to remember is, if your business falls under the scope of a privacy law that regulates cookies, you require a cookie banner on your website.
What are strictly necessary cookies?
Strictly necessary cookies are cookies that are exempt from cookie consent. As the name suggests, they are essential for the website to function properly. For instance, they are cookies that are essential to access certain features of the website such as signing in, adding items to a shopping cart, or making online payments etc.
What is valid consent?
For consent to be valid, it should be:
- Freely given: The user should have a genuine choice.
- Unambiguous and affirmative: Consent should be given via a clear and positive action, such as clicking on the ‘Agree button’.