Thanks to various privacy laws — notably the General Data Protection Regulation (GDPR) and EU ePrivacy Directive — there’s a requirement that people give consent before you can store cookies in their browsers. A cookie banner is the perfect way to achieve this.
In this guide, we’ll take an in depth look at what cookie banners are. We’ll also cover why you need one, and how to make sure that your cookie banner is compliant with leading privacy laws. Plus, we’ll share an easy tool to help you simplify the whole experience.
Cookies are tiny blocks of data that are stored within your web browser as you visit and explore websites. These cookies contain personal data and information that’s unique to you and your browsing activity — like which product pages you’ve visited, or which type of device you’re browsing from. For this reason, they often contain personally identifiable information — and therefore fall under the remit of privacy laws like the GDPR.
Cookie consent banners often show up in a banner style format, taking up most of the width of the screen, and typically at the bottom of the screen. This isn’t always the case though — you could choose for your cookie banner to be more prominently displayed in the center of your screen, before any content is viewable.
Cookie banners are everywhere — and for good reason. If you have website visitors from the European Union or you’re based there yourself, chances are you need to display one on your website or app thanks to EU laws.
Two key European Union privacy laws cover the requirement for users to be informed about cookies and provide consent for this personal data to be collected, used, and shared. Both the EU’s ePrivacy Directive (also known as ‘The Cookie Law’) and the GDPR set out requirements for applicable businesses to feature a valid cookie notice.
To stay compliant with the ePrivacy Directive and GDPR, you should do the following:
One of the best ways to achieve website compliance is by having a valid and user-friendly cookie banner. This cookie banner can inform users of the required details, and give them a simple way to provide their consent. This consent can then be tracked and stored, and in many cases the software you use can also allow users to adjust their data privacy preferences or withdraw their consent.
As it stands today, the EU leads the way on privacy laws that outline a requirement for a cookie notice or consent to be given for cookies. Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) doesn’t require express consent for cookies, and neither does Brazil’s General Personal Data Protection Law (LGPD).
While it doesn’t cover cookies explicitly, the California Consumer Privacy Act (CCPA) does set out a requirement for organizations to explain whether or not they respond to “Do Not Track” signals. This is where a user requests that their activity is not tracked. There’s no requirement to honor these requests however, and most businesses opt not to for simplicity’s sake.
If your website caters to an audience of users below the age of 13, the USA’s Children's Online Privacy Protection Act (COPPA) may apply. For cookie use on applicable websites, you must obtain parental consent. As parents are often not the direct users, and may not always be supervising, this is difficult to achieve and prove compliance for.
A key element of these privacy laws around cookie use are that users should give their consent before it happens. For this consent to be valid, it needs to follow certain key principles.
A user’s consent should be freely given. This means there’s no requirement for the user to accept some or all of the cookies in order to use the website. Users can’t be excluded from a service or forced to consent to cookie use, and instead should be free to accept or decline consent as they wish.
When someone chooses to consent to cookie use, this should be explicit. This means you can’t rely on a pre-filled checkbox or the continued use of your website as implied consent. Instead, seek to have your users take a specific positive action — like clicking an “Accept” button.
There’s also a requirement that users are given the chance to consent before any cookies are placed within their browser. This means you should obtain consent with your cookie banner at the first opportunity, before any data is collected or used. The exception here is for strictly necessary cookies — such as those that are required for the provision of the website or service itself.
Before you can fully meet the requirements to be open and transparent about cookie use on your website or mobile app, it helps to understand more about how cookies work and how they’re classified.
Cookies can be classified by their duration, what they’re used for, and whether they’re a first or third-party data collection tool. Any combination of these factors might influence whether a user gives their consent for their use or not.
Cookies can either be session cookies or persistent cookies. Session cookies stay for the duration of the session or browsing experience, and then expire when a user closes their browser or ends their session. These temporary cookies are often more favorable with users as there’s no ongoing storage of their personal data.
Persistent cookies are cookies that stick around in a user’s browser beyond the initial browsing session. There’s no limit to how long they persist for, but the ePrivacy Directive suggests this should be for no longer than 12 months. After that time, it’d be wise to reconfirm consent. As persistent cookies hold someone’s personal data for an undefined amount of time, users are understandably more wary about them.
You can also distinguish between different types of cookies. This is especially helpful for your users, as it’s another way you can help them understand their purpose and how any data they collect is used within your business.
The main categories of cookies are:
There may be some cookies that fall outside these categories, but in general most cookies perform one of the uses above. Identifying the types or categories of cookies that your website uses helps you understand whether you truly need them, and means you can inform your users fully in a way that makes sense to them.
As well as different durations and categories, cookies can also have different origins. Most websites will use both first party and third party cookies — especially if you run any advertising networks on your website.
First party cookies are ones which have originated on your website. They’re data files created by you for specific purposes on your website — like adding an item to a shopping cart, or loading your account data. Many statistics and performance cookies, like Google Analytics, are also first party cookies as this data is unique to your website.
Third party cookies originate from elsewhere, and are often considered non essential cookies. A common example of a third party cookie is an advertising cookie from a major digital ad network. Their cookie — often installed through a third party plugin or code — will collect a user’s preferences, then use this information to show them targeted advertising across multiple websites. Facebook’s Pixel is another example of a third party cookie in the advertising space.
While you have control over first party cookies and their data privacy, the same isn’t true for third party cookies. There’s a lack of control over how those third party owners treat the data they’ve collected. You should seek to only allow third party cookies from vendors that you trust, and where you can verify that they comply with relevant privacy laws.
We know that a cookie consent banner is a must-have for most website owners these days, but it’s not always easy to understand what it should look like or offer to users. Here’s our advice on how to construct and format your cookie banner.
The opportunity for your users to consent to cookie use is crucial. If you run any non-essential cookies, it’s required that you gain users’ consent on the first visit, before you deploy them and use them to collect or store data.
The easiest and most obvious way to achieve this is to offer a button to accept or opt in. Make this button clear, so it stands out against the cookie banner — a contrasting color from your brand color palette is a great option. This button should make it clear what action is being taken — for example it might say “Accept” or “I Agree”.
If there’s room within your cookie consent banner, consider offering users the opportunity to customize their cookie consent. For tools that have this functionality, like Enzuzo, you can often add an additional button that takes users to a page where they can set their preferences by individual cookie or cookie category.
Here’s an example of a user friendly cookie consent banner statement:
Having a valid cookie banner is an essential for most online businesses that fall under the remit of the ePrivacy Directive and the GDPR. If you’re not technically minded though, building your own cookie banner can be challenging.
Enter Enzuzo: a simple way to create, customize, and deploy a compliant cookie consent banner. Our data privacy and consent solution helps you get that all-important opt in from your website visitors and customers in a user friendly way.
With some cookie consent banner plugins, you’re limited when it comes to customization options and may have only a few options to choose from. With Enzuzo, you can fully personalize the colors and style of your cookie banner template.
The ability to customize your color choices means you can design a pop up cookie banner that feels at home on your website, instead of looking like an afterthought. Personalize your banner background color, text color, and link color to create a seamless experience for visitors that also prompts them to take action.
Sometimes a user will be happy with functional cookies that expire when the session ends, but doesn’t want to be followed around the internet by personalized advertising banners. Other times, they’ll want to consent to all cookies — or none.
Our cookie consent management tool gives your users control over which cookies they consent to. This functionality gives you a greater chance of some of your cookies being accepted by users, giving you valuable data, as they can deny consent for the ones they don’t want. Not only do you benefit, but these customizable consent options offer a better user experience for your visitors too.
Running an online or ecommerce business means your next customer could be from anywhere in the world. With data privacy on everyone’s minds, it makes great business sense to be able to communicate with your users in their preferred language.
Getting users’ consent for cookie use isn’t always easy. People are faced with cookie banners everywhere they go, and it’s highlighted just how much personal data is out there. This means users are more savvy than ever before when it comes to giving consent for cookie use.
With Enzuzo, you can simplify the cookie consent process for not only you but your users too. Build a cookie banner that fits seamlessly with your website’s design — one that gives your website visitors greater choice over exactly which cookies they provide their consent for.
The opportunity to customize consent means you’re more likely to gain users’ trust and start collecting data that helps you optimize your business, show more personalized recommendations, and offer an enhanced shopping experience. For a simpler and more effective way to handle cookie consent management, try Enzuzo today.