[Free Guide] How to choose the right privacy management solution for your organization

What to look for in a cookie banner

Learn more about what a cookie banner is and what to look for in a cookie banner experience for your website visitors.
Read time
6 min read
August 26, 2022
Ketch is simple,
automated and cost effective
Book a 30 min Demo

Whenever one visits a website, they will likely see a pop-up notifying them that the site collects cookies. Internet cookies are unique texts that a website sends to a browser. Websites use cookies to remember users and help customize their browsing experience. 

The banners on every website page keep popping up containing a message asking one to allow cookies. They offer users the option to consent or decline to grant permission for the site to use their information for future communication purposes. That pop-up has a name; it is a cookie banner. 

One will notice that the cookie consent banner always seeks their permission. Usually, the banner has a reject and an accept button. Its disruptive nature ensures that users can recognize the notification and take action. However, one could also opt to proceed by closing the banner. Cookie notifications are not on websites alone; other apps display them, too.

Cookie banners are a requirement by data protection regulators. An example is the General Data Protection Regulation (GDPR) that sets standards in the European Union. The ePrivacy Directive, commonly called the Cookie Law, mandates website owners to display clear banners, maintain a cookie policy, and avoid distributing cookies without the user's approval.

A banner must have the following elements to comply with EU regulations:

  • Opt-in mechanism
  • Cookies acceptance button
  • Information on why a website or app needs cookies
  • A link to a page where users can adjust their preferences
  • Data sharing notification
  • Cookie Policy

Other regulators include the Brazilian General Data Protection Law (LGPD) and the California Privacy Rights Act (CPRA). The former covers privacy notices for websites created in Brazil and the Southern American region, while the latter is for web pages and applications originating in the United States.

Cookie consent banners vary in layout, and a web owner can work with one that perfectly integrates with their website's design. A top header design features a banner displayed on the site's header. An Inline header appears on each page, while a footer banner displays at the bottom. The other type is the modal, which pops up and stays on a page until one clicks it.

On the other hand, one can adopt either of the two banner types, implicit and explicit. An implicit banner assumes automatic consent, while an explicit banner requires a user to activate it. Having shed light on what cookie banners are, let's examine what to look for in a cookie banner in more detail.

Cookie Banner Requirements

One of the cookie banner requirements, also stipulated by the GDPR legislation, is that visitors should consent to using cookies. This is critical since the shared data can seriously violate a user's privacy.

Most cookies are secure, but we are now more informed about their behind-the-scenes activities due to data privacy compliance laws. According to these regulations, businesses must disclose how they collect user data. Also, web owners should provide users with a link to a privacy policy. Cookie banners help meet these requirements.

Despite the slight regulation variations, most of the standards are similar. A one-size-fits-all requirement is impossible, but these broad standards guide web developers in creating a cookie banner. Here now are the cookie compliance requirements:

GDPR Banners

The General Data Protection Regulation (GDPR) applies across EU member states. While each country has a data protection authority, GDPR banners follow similar characteristics as follows:

  • Cookie consent: All GDPR banners must display an Accept and Reject button. These two options allow users to have their data shared with web browsers. One can switch between options, and we'll explore how in a subsequent GDPR guideline below.
  • Cookie usage: There must be information stating why a website needs cookies. The banner should state the purpose in a simple language that every user can understand.
  • Settings: Whether one has consented to cookie usage or not, a cookie banner should offer the option to change these preferences. These options are usually placed on a settings page. GDPR stipulates that a cookie banner should have a link that directs one to a page where they can modify their browsing preference.  
  • Data sharing agreements with third parties: Some websites have adopted a data sharing practice that involves partnering with third-party data collectors. If such an arrangement exists, the banner must bring it to a visitor's attention.
  • Cookie policy: GDPR compliance stipulates the establishment of cookie policies by businesses. These are explanations of the type of cookies a website uses. Also, the policy must state the duration the data mined remains active and how one can change these preferences.

While setting these cookie banner requirements, GDPR allows non-member EU states to apply them. An example is the UK, which still uses GDPR despite opting out of the European Union.

Cookie Banners and GDPR

GDPR cookie consent is a best practice requirement for websites developed in the European Union member states. It's the legislation governing personal data collection. Under GDPR requirements, websites can only collect cookies from users that grant permission. Likewise, website owners must ensure the lawful handling of the collected information.

On the other hand, websites originating from outside the EU must comply with the legislation when collecting GDPR cookies. A cookie banner is GDPR compliant in the following ways:

  • It seeks prior consent before activating cookies.
  • Users should have the freedom to activate the cookies of their preference, also called granular consent.
  • Cookie banners must not be forceful but allow one to accept or decline.
  • One can withdraw their acceptance anytime, while the banner should state this option.
  • The banner should be designed to allow website users to modify or revoke their acceptance easily.
  • A GDPR-compliant cookie banner should state that all consent is legal.

Before deploying a cookie banner, ensure it has clear and concise language. Avoid long sentences and legal jargon. Web users don't have the time to read, and most scan through the content.

Additionally, outline the cookies that will be collected and explain the reasons why the business requires them. Cookies help enhance a user's experience. At the same time, a cookie banner should have an explanation or a lead on cookie preference management. There should be an opt-in and opt-out option displayed on the banner.

Cookie banner GDPR management also allows web owners to provide selective consent for different cookie categories. A privacy policy is most important; the banner should link to the policy page. It is also important to note that failure by a user to interact with a cookie banner does not translate to consent.

The right to obtain personal data and other user information is another GDPR compliance aspect. A cookie banner should state the process one should follow. However, GDPR rules are silent on the information disclosure method. Nonetheless, businesses can place a link at the foot of all web pages or provide an email where users can channel their requests.

Cookie banners and GDPR compliance converge at the point of explicit user consent. GDPR slaps exorbitant fines on businesses that fail to comply with these requirements. All enterprises, regardless of their size, must adopt cookie compliance. Non-conformity attracts fines of €20 million or 4% of a company's global turnover.

Cookie Banner Examples

Cookie banners can be at the web page's top, middle, or bottom, depending on a site owner's preference. Also, using fonts and colors that match the business brand captivates and grabs attention. Adding a logo is another stylistic choice. These stylistic features enhance a cookie banner's appeal, but the most important thing is to enhance visitor interaction.

Effective and compliant banners are not coercive or manipulative. They notify web users about the data collected by the websites they visit. An effective cookie banner template also describes what happens when one consents to cookies. To sum up, these are the features of an effective cookie banner. The best cookie banner examples have the following elements:

  • Free consent: Websites can promote free consent by adding a clear message. A compelling cookie consent message example states why the website collects cookies. 
  • Information: Compliant banners inform users that the website collects cookies to personalize ads, share localized content, or measure audience interaction.
  • Affirmative action: Best cookie consent examples comprise clickable buttons that allow one to choose cookie categories. Consider a banner that lets people accept all cookies, continue browsing without acceptance, or customize their choice. The bottom line is that it meets all GDPR requirements.

Non-compliant or "bad" GDPR cookie banner examples are sometimes tricky to spot. An example of a bad cookie banner features only a notice with no user consent option. Instead, it has an "okay" or "got it" button. This type of banner misses the mark by not seeking a person's approval and contravenes GDPR.

GDPR rules are clear on consent being specific and granular. Website visitors must have a choice and information on the cookies they'll consent to. To improve this banner, a web developer should replace the okay button with "accept" and "deny." Furthermore, the cookie banner should have a link to a policy notice.

Read time
6 min read
August 26, 2022
Need an easy-to-use consent management solution?

Ketch makes consent banner set-up a breeze with drag-and-drop tools that match your brand perfectly. Let us show you.

Book a 30 min Demo

Continue reading

Product, Privacy tech, Top articles

Advertising on Google? You must use a Google Certified CMP

Sam Alexander
3 min read
Marketing, Privacy tech

3 major privacy challenges for retail & ecommerce brands

Colleen Barry
7 min read
Marketing, Privacy tech, Strategy

Navigating a cookieless future with Google Privacy Sandbox

Colleen Barry
7 min read
Get started
with Ketch
Begin your journey to simplified privacy operations and granular data control across the enterprise.
Book a Demo