5 steps to create a GDPR compliant cookie consent solution
Cookie Consent Solution: Cookie Law as passed in 2009 got a new enforcement life after GDPR. Court of Justice of European Union in the Planet49 case ruled that storing cookies required active consent (GDPR standard). Following the judgment Data Protection of Authorities of Ireland, Germany, Spain, and others have started enforcement actions against websites that do not have a GDPR compliant cookie consent banner on their website.
5 steps to create a GDPR compliant cookie consent solution for your website
- Set the cookies only when the user has given consent for cookies
- Give users an option to Accept and Reject cookies
- Create a second layer where users can give consent to each purpose of cookies separately
On implementing the above steps, your website should have the following flow for cookie consent:
Table of Contents
- What's the cookie consent
- Cookie Consent Banner Design
- GDPR Cookie Consent Examples
- Cookie Consent Script
- Cookie Consent for Google Tag Manager
- Cookie Consent for Website Builders
What's the cookie consent
When is cookie consent needed?
Cookie consent is needed:
- If you offer your product or service to EU customers, including a free product or service. For example, media websites like Techcrunch are free services for EU customers
- If you are targeting EU customers, this is indicated if you have an EU domain like .eu, .de or you offer local currencies, local language on your website or you are advertising to EU users like an American university advertising for its courses in EU
What happens if you don't comply with cookie consent?
Users can file a complaint against your company with the Data Protection Authority of your country and this could lead to fines under GDPR. Recently, the Data Protection Authority of Ireland, Germany has started a sweep of websites to check if they comply with cookie consent and will be sending notices soon. Here are some actions are taken for not complying with cookie consent:
- Planet 49: CJEU Rules on Cookie Consent
- Oracle & Salesforce hit with class action GDPR lawsuit
- IKEA was fined 10,000 Euros for cookie consent violations
- Vueling Airlines was fined 30,000 Euros for not allowing users to give granular consent
Cookie Consent Banner Design:
A cookie consent banner has the following requirements to make it legal:
- Accept & Deny Buttons: These are options for your users to either accept or deny the cookies. You should ensure that you don't use dark design patterns to give more weight to Accept over Deny. For your cookie consent to be valid in the EU, you have to ensure that for users ease of accepting and denying cookies is the same.
- Cookie Preferences: This should open up a preference center where users can give granular consent for each purpose. ePrivacy allows websites to set Strictly Essential Cookies without consent so that can always be on, for other purposes like Targeting, Analytics you should allow users to switch them on or off.
GDPR Cookie Consent Solution Examples
Cookie Consent is the first interaction that users will have on your website, you should ensure that it's styled according to your website. Smashing Magazines list some ways to create user-friendly cookie consent banners.
Some cookie banner examples we liked and you can take inspiration from:
Asos's cookie banner is well styled but does not give the option to users to reject or change cookie settings. This is something we would not recommend.
Webflow gives a nice banner at the bottom but does not give the option to the user to accept or reject cookies. You can change your preferences, it would have been much better if we had the buttons on the banner itself.
If you liked these examples and want to know more, go ahead and read our post, 10 Examples of GDPR Cookie Consent
Cookie Consent Script
Cookie consent script blocks and unblocks cookies based on the user's consent. It ensures websites comply with the ePrivacy Directive and GDPR. There are two ways in which the script can function:
Manually block cookies:
- The class value will allow you to handle granular cookie consent
One of the problems with the manual method is it takes a lot of time and you can miss some scripts which will make your website non-compliant.
Automatically block cookies:
- Scans the website for cookies and allows you to categorize them into different categories
- Automatically blocks the scripts and unblocks them once the user gives cookie consent
Sign-up to Privado and automatically block cookies with our cookie consent script.
Cookie Consent for Google Tag Manager
- Download the container from our dashboard
- Import the container to your GTM, it will add the triggers to block and allow tags in your GTM account. Some examples are Allow Analytics, Block Analytics
- You can either use the Allow triggers to fire these tags or use the Block triggers and add as an exception for your tags
- Go to preview and your tags should only be fired once the user gives consent
Cookie Consent for Website Builders
We offer integration with the following third-party website builder tools to seamlessly display a cookie consent banner:
You can also use our free cookie consent tool and make it compliant with privacy laws across the world including GDPR.
Vaibhav is the founder of privado.ai and a CIPM certified privacy professional.
Privacy by Design