Examples for GDPR Compliant Cookie Banners

Cookie Banner Requirements to Meet GDPR

 

WHAT ARE COOKIE BANNERS AND WHY DO WE NEED THEM? 

Imagine someone tracking everything you do all day—knowing your likes and dislikes, all the videos you watch online, everything you buy, your every next move—that’s how eerie the Internet is getting! 

And “cookies” (unlike the tasty ones we eat) are the small files of information that a web server generates and sends to a web browser. The cookies are used to tell the server that users have returned to a particular site, like a username and password. 

Although cookies are used by almost all sites and may seem harmless, websites can easily store a user’s data without consent, thus encouraging the chance of misuse.  

To prevent this issue, the 2002 ePrivacy Directive, more commonly known as the cookie law, introduced what’s called a cookie consent banner. This is a notice that appears when someone visits a site and informs them that cookies are being used (meaning the site is storing info about you).  

If your website uses third-party cookies or similar technologies (e.g., based on fingerprinting, pixels, local storage etc.), you will need a cookie banner to comply with privacy laws. There are also certain requirements for cookie banners, which we will get into below.  

Failure to comply with GDPR and EU laws may lead to hefty fines. Today we’ll share our 10 tips on how to create a GDPR compliant cookie banner, with visual examples of the right wording/design styles to use. Alright, let’s get started! 

 

10 WAYS TO MAKE SURE YOUR COOKIE BANNER IS GDPR COMPLIANT 

  1. Consent must be given PRIOR to data processing. Meaning other than the strictly necessary cookies for a site to function, all cookies must be put on hold until user consent is given. 
  2. The information in the cookie banner must be simple, clear, and easy for readers to understand. 
  3. There must be informed consent–meaning the purposes of the data usage must be specifically explained, and any third-party service providers involved should be named individually.
  4. All cookies can be unchecked in this banner and opted out of at any time (other than the necessary cookies)
  5. The website should function properly regardless of whether the user opts out of certain cookies
  6. There must be clear affirmative action—for instance, instead of just “okay”, banners should say “I consent” or “accept”, and the text must clarify what the user is giving consent for
  7. Consent must be voluntary—for instance there should be no “cookie walls” that deny a user access to a website if they don’t want to have their personal information shared.
  8. No “nudging”—for example, it wouldn’t be fair to make an “Agree” option larger and more colorful than a “Decline” button, as this would be considered psychological manipulation.
  9. The consent given by the user must be recorded and documented safely for future purposes
  10. Consent renewal should be done every 12 months when the user revisits the website 

Here are a couple more examples of good cookie banners. You can see how the messaging is clear and the Accept/Reject buttons are the same size and font so that no one is swayed into choosing one button over the other.  

 

  

THE PROBLEM WITH COOKIE BANNERS, AND HOW UBISCORE HELPS: 

Though cookie banners are legally required in Europe, the guidelines we named above are just that—guidelines! Our recommendations are based on guidelines from supervisory authorities and are supposed to be followed by all companies, but they are not legally binding like a law. 

Thus, the problem with cookie banners is that although websites really should implement what is said in the cookie banner, many banners are just for show. For instance, some cookie banners “require” you to consent to Google Analytics, and if you don’t click consent, Google Analytics should NOT be activated on that website. 

But many cookie banners will still load trackers to collect your personal information anyway, regardless of which button you choose, which is deceptive and misleading.  

Luckily, Ubiscore lets organizations scan their website to see exactly which cookies, trackers, and other technologies get loaded without consent. We also detect cookie banners and rate their implementation, so you can learn how well a banner is working.  

Our goal with Ubiscore is to help companies make better decisions when it comes to handling data and ultimately boost your brand reputation. Because when customers have proof of how much you care about their privacy, you can bet they’ll want to do business with you for years to come.  

 

If you’re curious about how your organization stacks up against industry benchmarks for privacy, test your company’s privacy practices, CLICK HERE to receive your instant privacy score now!