Now, it’s highly unlikely that you have never seen a cookie banner before. Over the past couple of years, there has been a huge rise in banners on websites informing visitors of cookies.
These pop-ups are a result of the 2002 ePrivacy Directive, also known as the European Cookie Law.But when asked: why you need a cookie banner, most people will probably refer to the GDPR.So, if you’re a webmaster or sitting in a marketing team wondering why you should have a cookie banner on your website, this article will explain just that.
A cookie banner is a pop-up on your website that tells your visitor that you are using cookies.
Most of these laws regulate the processing of personal data. And that’s what the bulk of cookies collect: Personal data about your visitor to be used for marketing purposes.
First of all, let’s just take a quick look at what cookies really are and why they are covered by legislation. Cookies are small text files stored in your visitor’s browser by your website. These files typically contain information about your visitor’s preferred language or shopping cart items but can store a wide range of information including personal identifiable information.
Cookies basically do two things: They can improve the visitor’s experience of your website and they can track the user’s behavior to build online retargeting profiles for marketing. Personal data includes online identifiers, device IDs, user IDs, IP addresses etc.
We have written more about cookies here: What is a cookie in detail
That means, you are only required to inform users of cookies before you set them.
However, the GDPR changed that game. Since most cookies collect your visitors’ personal information (IP-address, location, device-ID, user-ID etc.) and process this data for primarily marketing purposes, the GDPR takes over.
The GDPR doesn’t really talk about cookies, but the data cookies and other tracking technologies (e.g., fingerprinting) processes. And, according to the GDPR, you need to collect a valid consent before processing any personal data collected through e.g., cookies.
So, what should be in a cookie banner?
On November 1, 2019 the European Court of Justice ruled – in the case against German online lottery Planet49, that all websites using cookies must have a cookie banner that obtains valid consent before setting cookies.
Moreover, cookies cannot be pre-selected for the user.
Link: Europe’s top court says active consent is needed for tracking cookies.
First of all, the legal requirements for a cookie banner are quite simple.
The banner must provide the user with:
The user actually has to be able to say, “cookies, no thanks”. That’s the whole point of consent.
When you have your user’s consent, you should of course make sure this consent is securely stored. Just in
case the Data Protection Authorities want to see it.
And they do check!
The French Data Protection Authority CNIL is very active.
The ePrivacy Directive (article 5(3)) requires prior informed consent for storage or access of information stored on a user’s terminal equipment.
In other words, you must ask your users if they agree to your cookies (and other tracking technologies), before your site places the cookies.
This, of course, shall not prevent you from using technical necessary cookies. That is, cookies that are necessary for the website to work.
However, the requirement for consent is strengthened with the GDPR. When your cookies collect users’ personal data, you are required to collect valid consent before your site stores or gains access to any cookies.
We find that in Article 6(1)(a):
Processing is only lawful if:
Read more about prior consent to cookies here:
Link: What is prior consent?
The GDPR applies to anyone who wants to process the personal data of EU citizens regardless of whether the processing takes place in the EU or not.
In other words, you can have a website anywhere in the world – Italy, Russia, Chile, Togo – but if that website sells goods or offers services to EU citizens and in that activity also collects and processes the EU citizens personal data, then the rules of the GDPR apply.
But what do all the other international regulations say about cookies and cookies banners?
The California Consumer Privacy Act (CCPA) is a Data Privacy law designed to increase privacy rights and consumer protection for residents of California, United States. The CCPA controls how businesses may collect, share and process personal information (PI) of Californian residents.
You can read more here:
Link: What is the CCPA?
You can read more here:
Link: PDPA and cookies
The LGPD, or Lei Geral de Protecao de Dados, is Brazil’s new version of the EU’s General Data Protection Regulation (GDPR). The LGPD will apply to any business, organization or individual that processes the personal data of the people in Brazil, regardless of where that business, organization or individual may be located. This also applies to cookies and cookie banners.
You can read more about the LGPD here:
Link: What is the LGPD?
A cookie banner works by creating a pop-up when users visit the website for the first time.
It presents the user with information about the cookies your site uses. This information can be automatically scraped with a professional solution and updated daily or weekly.
A good banner also makes sure that you can comply with privacy regulations by preventing cookies from being stored on the user’s computer before the user has given consent.
You can use these consent data to optimize your banner to increase how many visitors accept cookies on your site.
We are one of Europe’s leading Consent Management Platforms providing our clients with premium and compliant cookie banners.
Our banners are consent pop-ups that comply with ePrivacy, GDPR, CCPA, LGPD, PDPA and all other privacy regulations.
The pop-ups are highly customizable, so you can add your company colors, logo, tone of voice when asking for consent to cookies.
What you get is a Consent Solution that ensures your compliance and builds trust with your users.
And now that we are Trusted Google Partners, you also get Consent Mode, so you can data even when users say no to cookies.
The acceptance rate to cookies using our banner is on average 73.88%, but we have clients that are well over 90%. And with Google’s new feature called Conversion Modeling using Consent Mode, Google can predict the ad-click-to-conversion path for up to 70% of all those users saying no to cookies.
Read more here.