Easy Guide to Cookie Consent Banners

Thanks to various privacy laws — notably the General Data Protection Regulation (GDPR) and EU ePrivacy Directive — there’s a requirement that people give consent before you can store cookies in their browsers. A cookie banner is the perfect way to achieve this. 

In this guide, we’ll take an in depth look at what cookie banners are. We’ll also cover why you need one, and how to make sure that your cookie banner is compliant with leading privacy laws. Plus, we’ll share an easy tool to help you simplify the whole experience. 

What is a Cookie Banner?

A cookie banner is a simple display notice that appears for users as they view a website for the first time. It features a short statement confirming that a website, mobile app, or desktop app uses cookies and offers a way for users to consent — usually with a button to accept or decline. 

Cookies are tiny blocks of data that are stored within your web browser as you visit and explore websites. These cookies contain personal data and information that’s unique to you and your browsing activity — like which product pages you’ve visited, or which type of device you’re browsing from. For this reason, they often contain personally identifiable information — and therefore fall under the remit of privacy laws like the GDPR. 

Cookie consent banners often show up in a banner style format, taking up most of the width of the screen, and typically at the bottom of the screen. This isn’t always the case though — you could choose for your cookie banner to be more prominently displayed in the center of your screen, before any content is viewable. 

Why You Need a Cookie Banner

Cookie banners are everywhere — and for good reason. If you have website visitors from the European Union or you’re based there yourself, chances are you need to display one on your website or app thanks to EU laws. 

Two key European Union privacy laws cover the requirement for users to be informed about cookies and provide consent for this personal data to be collected, used, and shared. Both the EU’s ePrivacy Directive (also known as ‘The Cookie Law’) and the GDPR set out requirements for applicable businesses to feature a valid cookie notice. 

To stay compliant with the ePrivacy Directive and GDPR, you should do the following: 

• Understand the type and details of the cookies your website uses
• Obtain consent before you use cookies for the first time — except where these are strictly necessary
• Clearly provide information on what each cookie tracks and the purpose of this
• Give your users a way to access this information — for example through a compliant privacy policy or cookie policy
• Continue to provide access to your service, even if a user declines the use of cookies
• Collect and store consent — for example within a consent management database
• Offer an easy way for users to withdraw their prior consent for cookie use 
• Respect users’ individual preferences when it comes to cookie use 

One of the best ways to achieve website compliance is by having a valid and user-friendly cookie banner. This cookie banner can inform users of the required details, and give them a simple way to provide their consent. This consent can then be tracked and stored, and in many cases the software you use can also allow users to adjust their data privacy preferences or withdraw their consent. 

What Other Privacy Laws Say About Cookies

As it stands today, the EU leads the way on privacy laws that outline a requirement for a cookie notice or consent to be given for cookies. Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) doesn’t require express consent for cookies, and neither does Brazil’s General Personal Data Protection Law (LGPD).

While it doesn’t cover cookies explicitly, the California Consumer Privacy Act (CCPA) does set out a requirement for organizations to explain whether or not they respond to “Do Not Track” signals. This is where a user requests that their activity is not tracked. There’s no requirement to honor these requests however, and most businesses opt not to for simplicity’s sake. 

If your website caters to an audience of users below the age of 13, the USA’s Children's Online Privacy Protection Act (COPPA) may apply. For cookie use on applicable websites, you must obtain parental consent. As parents are often not the direct users, and may not always be supervising, this is difficult to achieve and prove compliance for.

Cookie Consent

A key element of these privacy laws around cookie use are that users should give their consent before it happens. For this consent to be valid, it needs to follow certain key principles. 

A user’s consent should be freely given. This means there’s no requirement for the user to accept some or all of the cookies in order to use the website. Users can’t be excluded from a service or forced to consent to cookie use, and instead should be free to accept or decline consent as they wish. 

When someone chooses to consent to cookie use, this should be explicit. This means you can’t rely on a pre-filled checkbox or the continued use of your website as implied consent. Instead, seek to have your users take a specific positive action — like clicking an “Accept” button. 

Users should also be provided with enough information that they can make a clear and informed choice when it comes to consent. They should be able to easily understand exactly what they are consenting to, what impact it may have on them, and the consequences for providing or withdrawing consent. The best way to satisfy this requirement is to feature information about cookie use within your privacy policy or in a separate cookie policy. 

There’s also a requirement that users are given the chance to consent before any cookies are placed within their browser. This means you should obtain consent with your cookie banner at the first opportunity, before any data is collected or used. The exception here is for strictly necessary cookies — such as those that are required for the provision of the website or service itself.

Understanding Cookies: What You Need to Know

Before you can fully meet the requirements to be open and transparent about cookie use on your website or mobile app, it helps to understand more about how cookies work and how they’re classified.

Cookies can be classified by their duration, what they’re used for, and whether they’re a first or third-party data collection tool. Any combination of these factors might influence whether a user gives their consent for their use or not.

Cookie Duration

Cookies can either be session cookies or persistent cookies. Session cookies stay for the duration of the session or browsing experience, and then expire when a user closes their browser or ends their session. These temporary cookies are often more favorable with users as there’s no ongoing storage of their personal data.

Persistent cookies are cookies that stick around in a user’s browser beyond the initial browsing session. There’s no limit to how long they persist for, but the ePrivacy Directive suggests this should be for no longer than 12 months. After that time, it’d be wise to reconfirm consent. As persistent cookies hold someone’s personal data for an undefined amount of time, users are understandably more wary about them.

Types of Cookies

You can also distinguish between different types of cookies. This is especially helpful for your users, as it’s another way you can help them understand their purpose and how any data they collect is used within your business. 

The main categories of cookies are: 

• Essential Cookies — These are strictly necessary for the functioning of the website or your services. For an ecommerce website, this might include cookies that make it possible for users to add items to a cart before they finally check out, or to check delivery options for their zip code. Functional cookies like this are often temporary, session based cookies as there’s no need to hold this information once the purchase is complete. 

• Preferences Cookies — These are cookies that identify and set your preferences and customized options across the website. A common example of this is a cookie that remembers your username and password, so logging in is a streamlined process. Preferences cookies can also be used to store choices like language, location, and other filters to help provide a better user experience.

• Performance and Analytics Cookies — These cookies are often used to track your activity across the website. They store information on which pages you’ve accessed, how long you’ve spent on them, and which actions you’ve taken. Most analytics cookies are anonymized, so you can’t be personally identified from the data. Performance cookies like this are mostly used by business owners to understand user behavior and optimize their website for greater return on investment. 
• Marketing and Advertising Cookies — These cookies collect information about your preferences, behavior, and habits in order to display more relevant advertising to you. This often happens not only on the website you’re browsing, but across multiple websites and social media platforms on the wider internet too. Most advertising cookies are third party cookies, where the data is shared beyond the website you gave consent to. 

There may be some cookies that fall outside these categories, but in general most cookies perform one of the uses above. Identifying the types or categories of cookies that your website uses helps you understand whether you truly need them, and means you can inform your users fully in a way that makes sense to them.

First Party vs. Third Party Cookies

As well as different durations and categories, cookies can also have different origins. Most websites will use both first party and third party cookies — especially if you run any advertising networks on your website. 

First party cookies are ones which have originated on your website. They’re data files created by you for specific purposes on your website — like adding an item to a shopping cart, or loading your account data. Many statistics and performance cookies, like Google Analytics, are also first party cookies as this data is unique to your website. 

Third party cookies originate from elsewhere, and are often considered non essential cookies. A common example of a third party cookie is an advertising cookie from a major digital ad network. Their cookie — often installed through a third party plugin or code —  will collect a user’s preferences, then use this information to show them targeted advertising across multiple websites. Facebook’s Pixel is another example of a third party cookie in the advertising space. 

While you have control over first party cookies and their data privacy, the same isn’t true for third party cookies. There’s a lack of control over how those third party owners treat the data they’ve collected. You should seek to only allow third party cookies from vendors that you trust, and where you can verify that they comply with relevant privacy laws.

What Your Cookie Banner Should Feature

We know that a cookie consent banner is a must-have for most website owners these days, but it’s not always easy to understand what it should look like or offer to users. Here’s our advice on how to construct and format your cookie banner.

Option to Give Consent

The opportunity for your users to consent to cookie use is crucial. If you run any non-essential cookies, it’s required that you gain users’ consent on the first visit, before you deploy them and use them to collect or store data. 

The easiest and most obvious way to achieve this is to offer a button to accept or opt in. Make this button clear, so it stands out against the cookie banner — a contrasting color from your brand color palette is a great option. This button should make it clear what action is being taken — for example it might say “Accept” or “I Agree”.

If there’s room within your cookie consent banner, consider offering users the opportunity to customize their cookie consent. For tools that have this functionality, like Enzuzo, you can often add an additional button that takes users to a page where they can set their preferences by individual cookie or cookie category.

Opportunity to Review Your Privacy or Cookie Policy

Not only should website visitors have the chance to opt in to cookie use, they should also be given the chance to review your privacy policy or cookie policy in detail. In practice, this means providing a link to this document from your cookie consent banner. 

Your privacy policy should cover the following information to aid with ePrivacy Directive and GDPR compliance: 

• Details about which cookies your website uses
• The types or categories of these cookies — for example analytics or advertising
• Your reasons for using these cookies — for example to offer a more customized shopping experience
• Whether any details gathered by these cookies are shared with third parties 
• Details on how users can give consent, adjust their preferences, or withdraw consent 

Providing a link to your privacy policy means that your user’s consent is valid, as they’ve been given the chance to fully review what they’re consenting to. A brief cookie notice within your privacy policy is more than acceptable, although some businesses choose to create a dedicated cookie policy page instead. This can be helpful if your privacy policy is especially long-winded, and you want to direct users to the most relevant information.

Clear Language

Your users need to be able to provide informed consent, which means your information can’t be dressed up in legalese or complicated language. Instead, use clear and easy to understand language both on your cookie consent banner and within your wider privacy policy documents. 

Here’s an example of a user friendly cookie consent banner statement:

“This website uses cookies to improve your browsing experience. To find out more about how these cookies function, see our privacy policy.”

Where you mention your privacy or cookie policy, this should feature a hyperlink to the relevant policy page on your website. This statement or disclaimer would then be followed by the option for your user to give or deny consent — usually in the form of a button as explained above. 

Enzuzo: An Easier Way to Create a Cookie Consent Banner

Having a valid cookie banner is an essential for most online businesses that fall under the remit of the ePrivacy Directive and the GDPR. If you’re not technically minded though, building your own cookie banner can be challenging. 

Enter Enzuzo: a simple way to create, customize, and deploy a compliant cookie consent banner. Our data privacy and consent solution helps you get that all-important opt in from your website visitors and customers in a user friendly way.

Seamless Design

With some cookie consent banner plugins, you’re limited when it comes to customization options and may have only a few options to choose from. With Enzuzo, you can fully personalize the colors and style of your cookie banner template.

The ability to customize your color choices means you can design a pop up cookie banner that feels at home on your website, instead of looking like an afterthought. Personalize your banner background color, text color, and link color to create a seamless experience for visitors that also prompts them to take action.

Customizable Consent

Sometimes a user will be happy with functional cookies that expire when the session ends, but doesn’t want to be followed around the internet by personalized advertising banners. Other times, they’ll want to consent to all cookies — or none. 

Our cookie consent management tool gives your users control over which cookies they consent to. This functionality gives you a greater chance of some of your cookies being accepted by users, giving you valuable data, as they can deny consent for the ones they don’t want. Not only do you benefit, but these customizable consent options offer a better user experience for your visitors too.

Available in Multiple Languages

Running an online or ecommerce business means your next customer could be from anywhere in the world. With data privacy on everyone’s minds, it makes great business sense to be able to communicate with your users in their preferred language. 

With Enzuzo, you can translate your cookie consent banner into eight different languages. This means you can improve your user experience and make it easier for your users to give their informed consent, with a cookie consent banner and translated privacy policy in the language they’re most comfortable with.

Simplified Cookie Consent Management

Getting users’ consent for cookie use isn’t always easy. People are faced with cookie banners everywhere they go, and it’s highlighted just how much personal data is out there. This means users are more savvy than ever before when it comes to giving consent for cookie use. 

With Enzuzo, you can simplify the cookie consent process for not only you but your users too. Build a cookie banner that fits seamlessly with your website’s design — one that gives your website visitors greater choice over exactly which cookies they provide their consent for. 

The opportunity to customize consent means you’re more likely to gain users’ trust and start collecting data that helps you optimize your business, show more personalized recommendations, and offer an enhanced shopping experience. For a simpler and more effective way to handle cookie consent management, try Enzuzo today. 

Become an Enzuzo Partner today.