We process personal data in accordance with law and with transparency and fairness to you. Our data processing activities are conducted: 1) with your consent; 2) in order to fulfill our obligations to you; 3) for the legitimate purposes of operating our business, advancing innovation and providing a seamless customer experience; or 4) otherwise in accordance with law. However, cookies can be set to aggressively track and gather user’s online browsing habits for some advertising purposes to invade your privacy. Therefore, if you do not like the idea of being monitored, have a good habit to clear the cookies whenever you could to protect your own privacy. The FTC has tangled with Google and others on the issue of online privacy several times in the last few years. In 2012 Google agreed to a $22.5 million settlement over Apple’s Safari Web browser. Enlarge this image Jackie Ferrentino for NPR Before I became a reporter at NPR, I worked for a few years at tech companies. One of the companies was in the marketing technology business — the industry that's devoted in part to tracking people.
What is a cookie banner? What are the GDPR requirements for a cookie banner? And what does an unlawful cookie consent popup look like?
Cookiebot offers full GDPR compliance through simple but highly customizable cookie banners for your website. Cookiebot is the world’s leading consent management platform built around a scanner that detects and automatically controls all cookies and trackers on your website.
Cookiebot works seamlessly with Google Consent Mode and is a standard in Google Tag Manager.
In this blogpost, more on all of this and answers for the questions above.
What is a cookie banner?
A cookie consent banner is the cookie warning that pops up on websites when a user visits the site for the first time.
It's the banner that declares what cookies and trackers are present on a website and gives the users a choice of consent before their data is processed.
Do I need a cookie banner for my website?
Yes - if you have a website or blog with visitors from the EU, you need a cookie banner.
Vuescan 9 4 60 – scanner software with advanced features. In order to be compliant with the GDPR and the ePrivacy Directive, you must have a solution that scans and finds all cookies, and presents your website visitors with a cookie banner to obtain their consent, before any processing takes place.
A comprehensive study from 2020 into website tracking shows the alarming truth that most website owners are unaware of –
72% of all cookies are set by fourth parties that are loaded by third parties, i.e. trojan horses that the website owner cannot be aware of without a deep-scanning consent management solution.
18% of all cookies are set by fifth parties or further (even deeper trojan horses).
50% of the additional parties loaded will change between repeated visits, i.e. rapidly dynamic tracking that is practically impossible for website owners to handle on their own.
99% of all cookies are used to track website visitors or to provide targeted ads.
The study also found more alarming truths about the state of the web.
Subpages set 36% more cookies than front pages and landing pages. Subpages set an average of 78 cookies, where landing pages set an average of 55 cookies.
What does this mean for your website?
It means that you will need to employ the most thorough and deep-scanning consent management solution on the market, if you want to be sure that you do in fact find and control all cookies and trackers on your website, as required by the European GDPR and California’s CCPA.
Unless you have technology that can scan and find all cookies, and then present your website’s visitors with a cookie banner to obtain their prior consent, there is no way you can protect your end-users from privacy infringements and data abuse.
The study “underlines the dire need of privacy protection mechanism to limit cookie-based tracking.”
Cookiebot's cookie banner
Cookiebot’s mission is to protect privacy in our digital infrastructures. We believe that no one should have their data abused by companies for profit. No one should lose control of their lives by simply being online.
Cookiebot’s technology works by deep-scanning your website to find all and every cookie and similar tracking technology present.
Cookiebot then blocks everything until your end-users have given their consent to which cookies and trackers, they will allow activated and what of their personal data they are willing to share.
Cookie consent banner
Cookiebot’s banner is a highly customizable cookie banner that empowers visitors to simply and swiftly make sense of cookie consent.
This is the foundation of real data privacy compliance in Europe as required by the General Data Protection Regulation (GDPR) and ePrivacy Directive (ePR).
Cookiebot’s cookie banner for GDPR compliance.
Everything the Cookiebot scanner finds is shown in the cookie banner and grouped in four categories.
Here, we map the type, name, provider, duration and purpose of each and every cookie and tracker, so you can have control and your end-users can have insight into what happens on your website.
Cookiebot’s cookie banner that is GDPR/ePR compliant showing detailed view of cookies, categories and purposes.
Try Cookiebot free for 30 days.. or forever if you have a small website.
Google Consent Mode and Cookiebot
Google Consent Mode lets you run all Google-services (e.g. Google Ads and Google Analytics) all based on the consent state of your website’s users.
Cookiebot and Google Consent Mode works seamlessly together by making your website fully GDPR compliant while at the same time ensuring optimized analytics and ads revenues for your domain.
Cookiebot communicates the consent state of your individual users to the open API running Google Consent Mode, who then governs all Google-services based on that consent state – respecting each individual users particular choice of data privacy while respecting your websites need for analytics data and ads revenue.
Get aggregate and non-identifying analytics insights for website optimization and conversion measurement if users opt out of statistics cookies. Show contextual ads instead of targeted ads if users opt out of marketing cookies.
Try Cookiebot free for 30 days – or forever if you have a small website.
What is a cookie consent banner, and what does EU law say?
A cookie consent banner is the cookie warning that pops up on websites when a user first visits to the site.
It's the website banner that declares the cookies and tracking present on a website and gives the users a choice of prior consent before their data is handled.
Cookie consent banners first started to show up on virtually every website in the EU in response to the ePrivacy Directive of 2002, popularly called “The cookie law”.
According to the Directive, all websites had to give a cookie disclaimer to their users about the fact that they set cookies on the user's browser.
The purpose of cookie consent banners therefore was to alert the users of the website about the cookies and get consent for setting them.
However, the EU legislation regarding cookies and personal data has changed. The cookie notifications are still required, but the requirements have become a lot stricter.
A bad and illegal website banner in the EU.
It is no longer sufficient to have a cookie notice merely state that the website uses cookies - instead, websites must empower their users with a choice of prior consent.
The cookie consent popup that we have grown accustomed to in the EU are variations of a box with a simple text informing of the use of cookies, an “ok”-button, and a link to the website’s privacy policy or cookie policy. This is not sufficient any more.
Cookie 5 8 6 – Protect Your Online Privacy Concerns
The two major changes in the legislation are:
GDPR
The General Data Protection Regulation that was enforced on 25 May 2018.
The GDPR is the most significant initiative regarding data protection in over 20 years.
It sets strict regulations on how personal data must be handled, and comes with heavy fines for those who fail to comply.
ePrivacy Directive
The so-called ‘cookie law’, the ePrivacy Directive, is in the process of becoming an actual regulation.
It is currently being processed in the EU and will probably be implemented sometime in 2020 or 2021.
The two EU laws both have significant impact on the practice and use of cookie consent banners and the way in which we warn users about cookies and tracking.
With their enforcement, cookie consent banners on websites must change.
They have strict requirements as to how the website banners you use have to look like: what makes them non-compliant cookie warnings, and what makes them into compliant cookie consent banners.
EDPB guidelines on valid consent
The European Data Protection Board (EDPB) is the leading supervisor in the EU responsible for adopting guidelines for how the GDPR is to be enforced by the national data protection authorities in each EU member state.
On May 4, 2020, the EDPB adopted guidelines on valid consent in the EU.
They clarify that:
Cookie banners are not allowed to have pre-ticked checkboxes on cookies, i.e. cookies must be deselected and deactivated when a user lands on a website.
Continued scrolling and browsing on a website cannot be considered valid consent, because the user must give a clear and affirmative consent for it to be valid.
Cookie walls (i.e. forced consent conditional for access to a website) cannot be considered valid consent, because user consents must be freely given and specific.
Is your website compliant with the GDPR and the EDPB guidelines on valid consent? Test your website for free with Cookiebot’s compliance test.
Try Cookiebot free for 30 days… or forever if you have a small website.
What are the EU requirements for cookie notifications and warnings?
The EU ePrivacy Directive requires prior, informed consent of your site users, while the General Data Protection Regulation (GDPR) requires you to document each consent.
To be compliant, the cookie notice or cookie banner should be one component of a cookie management solution for your website, that takes care of the following tasks:
To provide the website users with specific and accurate information on all cookies and other tracking technologies in use on the website.
To give the users the possibility to opt in and opt out of the various types of cookies, and to have access to their settings and make subsequent changes to them if they change their mind.
To make sure that the user consent is obtained prior to the setting of cookies in the users’ browsers.
To make sure that the website functions properly even though the user has chosen to opt out of all but the strictly necessary cookies.
To keep a record of all given consents for documentation, and to make sure that this documentation is securely stored.
Ask for renewed consent every 12 months upon the user’s first revisit to the site.
How do I get a compliant cookie consent banner?
There exists numerous cookie consent banner and cookie popup generators on the internet. You can easily find a vast choice by submitting “cookie banner generator” or 'cookie popup' as a search query.
However, keep in mind that a cookie notice is completely worthless if it does not comply with the requirements of the actual regulations.
The fines for non-compliance are very heavy.
As explained above, the actual cookie consent banner is just one part of making your use of cookies and online tracking compliant.
Try Cookiebot free for 30 days.. or forever if you have a small website.
Besides the cookie warning and consent banner, the solution includes all of the other necessary functions to make your use of cookies and online tracking truly compliant today.
The service is user-friendly and non-obtrusive to the overall user experience on your website.
Here is an example of a non-compliant cookie banner:
A bad and illegal cookie banner in the EU.
This type of cookie consent banner consists of a simple declaration that the site makes use of cookies, an ‘ok’-button, and a link to the website’s cookie policy or privacy policy.
The use of this type of cookie consent popup is widespread on the internet today.
However, it is not compliant. It does not provide specific and accurate information on the use of cookies, neither does it give the user any true choice as to what cookies he or she will accept or reject.
It is very important that your cookie banner has an unambiguous and informative text at its center, for without it your users can't make a choice of prior consent.
Read more about compliant cookie texts here.
Furthermore, the cookie banner above neglects the requirement of prior consent.
Here is an example of a GDPR and ePrivacy Directive compliant cookie consent banner:
A standard three button cookie banner from Cookiebot in GDPR compliance.
The user can swiftly opt in and out of the different types of cookies directly in the consent banner.
Unfolded for details, this standard three button cookie banner from Cookiebot shows name, provider, purpose, duration and type of all cookies and trackers on your website.
Cookie banner generator
You can find numerous cookie banner generators on the Internet, but know that the GDPR requires more from you than simply posting a banner on your website.
A cookie banner generator that only creates an interface for users to click 'OK' in, but doesn't actually control cookies and trackers for prior consent, as required by the GDPR, is not only worthless but will make your website liable for GDPR fines.
Choose carefully.
Try Cookiebot free for 30 days.. or forever if you have a small website.
FAQ
What is a cookie banner?
A cookie banner is the consent management module on websites that allows users to give their consent to which cookies and trackers they will allow activated to process their personal data. Under the GDPR, websites who process personal data from users, e.g. through cookies, must ask for and obtain the explicit consent.
What is a valid cookie banner?
Under the GDPR, a cookie banner is only valid if it enables a freely given, informed, unambiguous consent from end-users. This means that a cookie banner is not allowed to nudge or force users to consent, is not allowed to interpret continued scrolling or browsing as consent and cannot have pre-ticked checkboxes on any cookies that are not strictly necessary for the basic function of the website.
Cookie 5 8 6 – Protect Your Online Privacy Screen
Try Cookiebot free for 30 days.. or forever if you have a small website.
What is the GDPR?
The General Data Protection Regulation (GDPR) is an EU law that governs all personal data processing in all EU member countries. If your website processes personal data from individuals inside the EU, e.g. through the use of cookies and trackers on your website, you are required to comply with the GDPR.
How can my website become GDPR compliant?
Using a consent management platform that scans your website to detect all cookies and trackers then enables your users to give true granular consent to each cookie category is a safe and trusted way of obtaining full GDPR compliance on your domain.
Try Cookiebot free for 30 days.. or forever if you have a small website.