Cookie Law as passed in 2009 got a new enforcement life after GDPR. Court of Justice of European Union in the Planet49 case ruled that storing cookies required active consent (GDPR standard). Following the judgement Data Protection of Authorities of Ireland, Germany, Spain and others have started enforcement actions against website who do not have a GDPR compliant cookie consent banner on their website.
5 steps to create a GDPR compliant cookie consent solution for your website
- Set the cookies only when the user has given consent for cookies
- Give users an option to Accept and Reject cookies
- Create a second layer where users can give consent to each purpose of cookies separately
On implementing the above steps, your website should have the following flow for cookie consent:
Table of Contents
- What's cookie consent
- Cookie Consent Banner Design
- GDPR Cookie Consent Examples
- Cookie Consent Script
- Cookie Consent for Google Tag Manager
- Cookie Consent for Website Builders
What's cookie consent
When is cookie consent needed?
Cookie consent is needed:
- If you offer your product or service to EU customers, including a free product or service. For example media websites like Techcrunch are free services for EU customers
- If you are targeting EU customers, this is indicated if you have a EU domain like .eu, .de or you offer local currencies, local language on your website or you are advertising to EU users like an American university advertising for its courses in EU
What happens if you don't comply with cookie consent?
Users can file a complaint against your company with the Data Protection Authority of your country and this could lead to fines under GDPR. Recently, Data Protection Authority of Ireland, Germany have started a sweep of websites to check if they comply with cookie consent and will be sending notices soon. Here are some actions taken for not complying with cookie consent:
- Planet 49: CJEU Rules on Cookie Consent
- Oracle & Salesforce hit with class action GDPR lawsuit
- IKEA was fined 10,000 Euros for cookie consent violations
- Vueling Airlines was fined 30,000 Euros for not allowing users to give granular consent
Cookie Consent Banner Design:
A cookie consent banner has the following requirements to make it legal:
- Accept & Deny Buttons: These are options for your users to either accept or deny the cookies. You should ensure that you don't use dark design patterns to give more weight to Accept over Deny. For you cookie consent to be valid in EU, you have to ensure that for users ease of accepting and denying cookies is same.
- Cookie Preferences: This should open up a preference center where users can give granular consent for each purpose. ePrivacy allows websites to set Strictly Essential Cookies without consent so that can always be on, for other purposes like Targeting, Analytics you should allow users to switch them on or off.
GDPR Cookie Consent Examples
Cookie Consent is the first interaction that users will have on your website, you should ensure that its styled according to your website. Smashing Magazines list some ways to create user friendly cookie consent banners.
Some cookie banner examples we liked and you can take inspiration from:
Asos's cookie banner is well styled but does not give option to users to reject or change cookie settings. This is something we would not recommend.
Webflow gives a nice banner at the bottom but does not give option to the user to accept or reject cookies. You can change your preferences, it would have been much better if we had the buttons on the banner itself.
If you liked these examples and want to know more, go ahead and read our post, 10 Examples of GDPR Cookie Consent
Cookie Consent Script
Cookie consent script blocks and unblocks cookies based on user's consent. It ensures websites comply with ePrivacy directive and GDPR. There are two ways in which the script can function:
Manually block cookies:
- The class value will allow you to handle granular cookie consent
One of the problems with the manual method is it takes a lot of time and you can miss some scripts which will make your website non-compliant.
Automatically block cookies:
- Scans the website for cookies and allows you to categorize them into different categories
- Automatically blocks the scripts and unblocks them once the user gives cookie consent
Sign-up to Privado and automatically block cookies with our cookie consent script.
Cookie Consent for Google Tag Manager
- Download the container from our dashboard
- Import the container to your GTM, it will add the triggers to block and allow tags in your GTM account. Some examples are Allow Analytics, Block Analytics
- You can either use the Allow triggers to fire these tags or use the Block triggers and add as an exception for your tags
- Go to preview and your tags should only be fired once user gives consent
Cookie Consent for Website Builders
We offer integration with the following third party website builder tools to seamlessly display a cookie consent banner:
You can also use our free cookie consent tool and make it compliant with privacy laws across the world including GDPR.