Cookie Banner

What are the EU Requirements for a Cookie Banner?

The ePrivacy Directive, also known as the EU cookie law, and the GDPR govern cookies and tracking technology in the region. Individual data protection authorities like the Irish DPC and French CNIL have also published their own guidelines.

Cookie Consent Under GDPR

GDPR cookie consent is a term that addresses the legal requirements of the regulation in respect to cookie usage on a website. The consent requirements are explicitly stated, so businesses must follow all aspects of the law.

For example, consent falls under one of the lawful bases for collecting or processing personal information. In other words, it is legal for your website to collect and store data from cookies if they obtain consent from the user before doing so.

Article 4 of the GDPR states that this consent must also be specific, informed, freely given, and unambiguous. There are additional requirements in Article 7, including the user’s rights to withdraw consent and that the requests must be written in plain language.

That’s why the terms cookie notifications and GDPR cookie consent banners are used interchangeably!

Cookie Laws in the EU

The ePrivacy Directive – also known as the EU’s cookie law – outlines the rules created to regulate cookies and similar tracking technology. Under this regulation, websites must obtain informed consent from users before they load cookies to their devices.

The only exception under this directive is for cookies that are essential for the site to operate properly. This law serves as a supplement to the GDPR, and together they cover all the EU cookie banner rules.

Checklist for GDPR Compliance

Cookie consent banners are needed to comply with GDPR laws, but they are not enough on their own. Use this checklist to identify the additional items that you need in your cookie consent management platform to confirm that you meet the standards outlined in the GDPR:

• Record consent obtained from users to prove compliance
• Banners should have an ‘accept’ and ‘reject’ button
• Third-party scripts should be auto blocked as the default
• The banner design should match your branding
• Develop a user-friendly layout that is optimized for mobile
• Include an auto-translate feature that matches the user’s browsing language
• Use clear and plain language
• Provide granular consent features
• Make it easy for users to withdraw consent
• Identify various cookie categories used on your site

Choose the Right Cookie Banner Layout for your Needs

With CookieFirst, you can customize your banners in various styles and layouts to match your branding and design. The cookie banners should be non-intrusive and simple – they should integrate seamlessly into the website so that the user experience is not disrupted.

Banner Type Solutions

When you imagine the classic header and footer banners used by most websites, you are thinking of a banner-type solution. Studies have shown that almost 58% of websites in the EU opt for bottom banners, while 27% instead chose to use top banners.

A simple footer cookie banner in the style of the website.

Boxed Type Solutions

Another option you can select for your cookie banners is called boxed types. A boxed type of solution refers to the pop-ups or layouts that place the consent information in the right or left corner of the website.

This is often an ideal solution since placing the cookie banners in the corners is more aesthetically pleasing. Likewise, you can align them to your existing design and ensure that they do not detract from the user experience.

This boxed cookie popup has a simple design and has a dark overlay underneath.

The Options are Endless

As you can see, the options are endless when you use CookieFirst for your consent management needs. These examples highlight just a few of the ways that we have helped users customize their banners and comply with privacy regulations.

Our dashboard is simple, so you can start right away with implementing your cookie policy which is generated by our cookie scanner. From personalized cookie banner designs and custom branding to standard templates, we have everything you need to get in compliance.

CookieFirst can help you achieve everything on the cookie banner checklist – and more!

So, what happens if your cookie banner (or cookie notice) do not align with privacy laws?

Failure to comply with the GDPR can result in substantial penalties and fines. Violators will be prosecuted – and the regulatory authorities will likely inflict monetary consequences. While this can be intimidating, the fines can easily be avoided with proper cookie consent management.

Perhaps if Google and Amazon had partnered with CookieFirst, they could have avoided the €135 million fine they received from the CNIL for breaching privacy and disclosure requirements!

Cookie Banner Requirements in the U.S.

We’ve talked quite a bit about cookie requirements in the EU, so you may be wondering, are they also required in the U.S.?

Even though there is no nationwide privacy law in the United States, it is possible that the GDPR still applies. Users in those geographical regions can still access websites that are not EU-based, so they will still need to display a cookie consent banner.

There is also legislation at the state level to consider, like the California Consumer Privacy Act (CCPA) or the Virginia Consumer Data Protection Act (CDPA). These laws mirror many of the rights outlined in the GDPR and, while you may not need a cookie banner, you will most certainly need to share an opt-out cookie notice.

Provide an Opt-Out Notice

Let’s address one of the most crucial aspects of the CCPA: providing an opt-out notice. This notice should meet the following requirements:

• Display a ‘Do Not Sell’ button to allow users to opt-out
• Automatically block third-party scripts until consent is given
• Inform users about their rights and your use of cookies
• Record their action to prove compliance

What should you do if your website caters to users from the EU and the U.S.? CookieFirst allows you to geo-target your banner so that you can display the appropriate notice based on the user’s location.

SEO Implications with a cookie banner

When your cookie banners are implemented correctly, they will not affect your SEO efforts. However, if they prove to be intrusive and take away from the user experience, Google will not give your site favorable treatment.

Search engines like Google have emphasized that appropriate cookie banners won’t hurt your performance, but obnoxious pop-ups will. That means you should ensure that your cookie banners are not obstructing content on the site. Likewise, your team should optimize them for various devices like mobile.

Does my Website Need a Cookie Policy?

You may be wondering, does my website need a cookie policy? Do we really need to implement these privacy controls?

The short answer is yes – it is always a good practice to utilize a cookie policy. However, it will also vary depending on where your visitors are from. If you cater to users from the U.S. or EU, you must comply with privacy regulations. CookieFirst offers a cookie policy generator. You can also view our own cookie policy here.

The GDPR addresses cookies in its definition of personal data, so you must develop a cookie policy that is accessible to all users. Most websites choose to build a separate cookie policy that links to your banners, allowing users to give informed consent.

The CCPA requires websites that cater to visitors in the U.S. to disclose data collected and processed through cookies. Although this law doesn’t require you to maintain a separate cookie policy, you will still need to publish a privacy policy.

Frequently Asked Questions

What is a cookie banner?

A cookie banner is an alert on a website that informs users about the use of cookies and trackers, and seeks their permission to store cookies on their device.

Why are cookie banners necessary?

They are required for compliance with privacy regulations like GDPR, LGPD, and ePrivacy Directive, ensuring users are informed about and consent to cookie usage.

What makes a cookie banner GDPR compliant?

It must be specific, informed, freely given, and unambiguous. It should include ‘accept’ and ‘reject’ options, and be written in plain language.

What are the key features of a compliant cookie banner?

A cookie banner should offer granular control, be customizable, user-friendly, optimized for mobile, and align with website branding.

Do cookie banners affect SEO?

Properly implemented cookie banners don’t negatively impact SEO. Intrusive banners, however, can affect a site’s ranking.

Is a cookie banner mandatory in the US?

While there’s no nationwide law yet, state laws like CCPA may require banners or opt-out notices.

What happens if a cookie banner isn’t GDPR compliant?

Non-compliance can lead to substantial penalties and fines.

What should a cookie banner include for CCPA compliance?

A ‘Do Not Sell’ button, information on cookie use, and an option to record user action for compliance proof.

How does CookieFirst help in achieving compliance?

CookieFirst offers customizable design, granular control, mobile optimization, and integrates with privacy regulations.

What are some best practices for cookie banners?

Ensure clarity in language, offer easy consent withdrawal, block third-party scripts by default and match the banner with website branding.

Review Your Current Cookie Banner

If you already have a cookie banner, it is essential to review whether it complies with privacy regulations. Start by reviewing this quick checklist – if any of these items apply it is time for a redesign:

• You cannot systematically record user consent
• Your cookie or privacy policy is not linked
• Users are nudged to hit the accept button
• It is unclear what the purpose of the cookie usage is
• Third-party scripts are not blocked
• Users can’t access the site until they give consent
• There is no option to customize settings

Is it time to refresh your cookie banner? Sign up at CookieFirst and start your Free Trial!