fbpx

Cookie Consent

CookieYes is a simple and intuitive cookie consent management tool that will help your website to obtain and manage cookie consent.

Mockup of webpage with GDPR complaint Cookie Banner

Get Cookie Compliant

14-day free trial. No credit card required.

Mockup of webpage with GDPR cookie consent banner
Trusted by 1 Million+ websites
 

What is cookie consent?

Cookie consent is a privacy compliance requirement for websites to obtain consent from users before setting cookies on their devices. It is enabled through cookie banners that are displayed on a user’s first visit to a website.

Cookie consent requires businesses to clearly and explicitly inform users about the cookies present on their website, the purpose of cookies and give user’s the choice to accept or reject cookies.

Why is cookie consent necessary?

Under privacy laws like the GDPR and ePrivacy Directive in the European Union and UK or similar laws like South Africa’s POPIA and Brazil’s LGPD, websites are legally required to obtain consent before deploying cookies on a users’ devices.

As per these regulations, cookies and similar online identifiers are considered as personal data and consent is necessary for collecting and processing personal data.

How to comply with cookie consent?

  • Scan your website to detect cookies and other trackers.
  • Display a cookie consent banner to your website visitors.
  • Enable users to give consent to each category of cookies separately.
  • Link up-to-date cookie policy on your cookie banner.
  • Block third-party cookies until the user has given consent.
  • Record user consents for proof of compliance.
  • Allow users to withdraw or revisit their cookie consent at any time.

CookieYes for cookie consent

Cookie consent banner

Display a location-based, auto-translated and responsive cookie consent banner with full customizations for content, design, layout, buttons, behaviour and branding.

Manage cookies

Add a cookie audit table to the cookie banner so users can give granular consent for different category of cookies. The cookie audit table also shows clear information about the category, purpose and lifespan of cookies.

Cookie scanner

Scan your website periodically to identify and categorize cookies that have been newly added or deleted from your websites. The updated cookies are automatically added to the cookie audit table and cookie policy.

Revisit consent

Enable users to change their consent or modify cookie preferences by displaying a ‘revisit consent’ button on your website. This gives users easy access to withdraw their consent as required for compliance.

Auto-block cookies

Auto-detect and block third-party cookies and trackers on your website until users’ give consent through the cookie banner. Support the DNT status of users’ browser settings and automatically block tracking cookies.

Consent record

Record user consents in the consent log and export it for proof of compliance. Document users’ consent (anonymized) as well as their consent modifications or changes, if any.

Cookie policy

Add a dynamic, up-to-date cookie policy with a clear description of the usage of cookies and trackers on your site, and how users can change their cookie preferences. Additionally, generate a custom privacy policy for your website to achieve foolproof compliance.

Flexible integrations

Use a single dashboard, no complicated coding, and integrate cookie banners on any CMS, for all your subdomains and comply with multiple data privacy regulations such as GDPR ePrivacy Directive, CCPA, LGPD, CNIL and so on.

Make your website cookie compliant

14-day free trial. No credit card required.

Do all cookies require consent?

Broadly speaking, all cookies except strictly necessary cookies are required to obtain GDPR cookie consent. The ePrivacy Directive details two cases for exemption from consent requirements.

They are:

  • Cookies whose sole purpose is to carry out the transmission of a communication over a network such as a load balancing cookie.
  • Cookies intended for a legitimate purpose such as facilitating information society services (services that are delivered electronically through the internet via websites, apps, etc.). For example, authentication or session cookies.

Which cookies require consent?

Cookies other than strictly necessary ones require consent. These include first-party cookies set by the domain you are visiting. They are usually functional cookies that remember login details, your shopping cart, browser preferences etc.

Third-party cookies set by a different domain, i.e. a third party (Google Analytics, Facebook, LinkedIn etc.) require explicit user consent. They usually include advertising or tracking cookies that track your browsing history, online behaviour, spending habits to display targeted ads. Social media buttons, chat functionalities on a website etc. also involve third-party cookies.

Is my website cookie compliant?

Scan your website for cookies and get a detailed report to understand if your site is GDPR compliant.

SCAN MY WEBSITE

Cookie consent examples

For GDPR compliance, your website should display a cookie banner to get user consent and implement a cookie policy. GDPR cookie consent should involve an affirmative act, is freely given, specific, informed, unambiguous and can be withdrawn. Consent notices should be accessible and be available in plain, intelligible language.

CookieYes banner for GDPR cookie consent.

CookieYes banner will enable users to give informed, specific consent for cookies.

A cookie consent banner should:

  • Inform users about cookie usage in plain and intelligible language
  • Showcase different cookie categories used on your website
  • Provide granular options to accept/reject different cookie categories
  • Display ‘accept’ and ‘reject’ buttons on the banner with equal emphasis
  • Not use pre-ticked boxes or ‘on’ toggles/sliders
  • Link to a compliant cookie policy on the cookie banner

Will cookie consent affect SEO?

Cookie consent banners will not affect SEO if they are implemented correctly. Google stresses the importance of avoiding intrusive interstitials for the search engine to be able to crawl a website. This means a cookie banner should not obstruct the content on a website and is optimized for different devices. Google has clarified that cookie banners will not negatively impact a site’s search performance.

Another concern is whether cookie consent affects personalization. Google uses cookies to remember search preferences and target ads, but this isn’t always related to cookie consent that websites ask, it can be related to the user’s browser preferences. Aside from personalization, search doesn’t necessarily need cookies or any user data to provide great results. Websites should SEO optimize pages on your site whether a user consents to cookies or not.

Is a cookie policy necessary?

As per the GDPR and the ePrivacy Directive, users should be informed about how their personal data is processed. All websites in the EU must therefore have a cookie policy that includes the information of cookie usage. A compliant cookie policy will contain up-to-date information about the cookies and trackers used on your website, their purposes, and how users can control the cookies set by your website. 

The cookie policy can included in the privacy policy or as a separate cookie policy page. It should be linked in your cookie consent banner so users have easy access to it. The Free Cookie Policy Generator will help you generate a dynamic cookie policy that gets automatically updated for any changes with each website scan.

Create a custom cookie policy
for your website

GET STARTED NOW

Frequently asked questions

What is GDPR?

The General Data Protection Regulation (GDPR) is a law that governs the data protection framework in the European Union (EU). Effective May 25, 2018, GDPR provides for greater protection for the personal data of EU residents and mandates organisations to safeguard personal data.

Who does GDPR apply to?

The GDPR applies to any organization that process the data of EU residents. Organizations that operate within the EU or the ones that operate outside the EU and offer goods or services to individuals in the EU are covered under the GDPR.

What are the legal bases for processing data in GDPR?

GDPR requires organizations to process on a valid legal basis. The law provides six legal bases for processing: consent, the performance of a contract, a legitimate interest, a vital interest, a legal requirement, and a public interest.

What is the penalty for GDPR violation?

GDPR has two tiers of fines for non-compliance. The less severe infringements can incur fines up to 2% of annual global turnover or €10 million (whichever is greater). The more serious violations can result in a fine of up to 4% of annual global turnover or €20 million (whichever is greater).

What is GDPR consent?

The GDPR defines consent as “any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data belonging to him or her”.

What is personal data of GDPR?

Personal data is any information relating to an identified or identifiable individual. It is any data that can directly or indirectly lead to the identification of a specific individual.

Personal data can be identifiers such as name, identification number, IP addresses, location data or information specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person. The GDPR takes a very broad definition of personal data that can be open to wide interpretation.

Are cookies personal data in GDPR?

Cookies can be considered personal data. GDPR states that ‘online identifiers’ like cookies are considered personal data if they can be used to potentially identify an individual. The GDPR works alongside the ePrivacy Directive (ePD) which requires that websites get users’ informed consent before storing cookies on their device.

Other than strictly necessary cookies, all cookies such as cookies used for analytics, advertising and functional services come under the scope of GDPR.

What is ePrivacy Directive?

The ePrivacy Directive is a set of rules for data protection and privacy in the EU that was passed in 2002 and amended in 2009. It regulates the use of electronic communications such as cookies, email marketing, data minimization, and other aspects of new digital technologies.

It is not binding and works only as a directive alongside the GDPR and other state-level privacy regulations. ePrivacy Directive will be replaced by the legally binding ePrivacy Regulation shortly.

What does the ePrivacy Directive say about cookies?

The ePrivacy Directive, often referred to as the EU’s cookie law, requires that websites obtain users’ prior consent before storing cookies in their devices, except for strictly necessary cookies. Users also have to be informed about the general purpose of cookies before they can give consent.

Along with GDPR cookie consent requirements, the ePrivacy Directive governs the use of cookies in the EU.

Does GDPR require a privacy policy?

Under the GDPR, businesses are required to display a privacy policy on their websites describing how they process user’s personal data. A GDPR compliant privacy policy should contain detailed disclosures on data processing, be easily accessible and understandable.

A GDPR compliant privacy policy should focus on the key GDPR’s transparency principle all the necessary information in a clean, easy-to-digest format, be updated in a timely manner as well as include a comprehensive cookie policy. The cookie policy can be displayed separately or within the privacy policy.

You may use the CookieYes’ GDPR Compliant Free Privacy Policy Generator.

Is GDPR cookie consent required in the US?

GDPR cookie consent will apply to US-based websites if they cater to users in the EU.
There is no federal privacy law regulating cookie usage in the US. Some states have laws that regulate cookie usage for their residents, like the California Consumer Privacy Act (CCPA) and Consumer Data Protection Act (CDPA), Virginia.

Additionally, federal laws like the Children’s Online Privacy Protection Act (COPPA), regulate how businesses use cookies in specific circumstances.

Where can I find additional resources on GDPR?

Here are some links you can refer to for additional reading: