Is your cookie banner compliant?

Blog
Oliver Fich
Do you also think cookie rules are complicated? Well, it turns out you can become GDPR cookie compliant by adding a simple feature to your website. Today I’m going to show you how you can become cookie compliant in 7 simple moves.
Table of Contents

In this article, I’ll show you how your website can become cookie compliant without losing all your analytics data.

After reading, you’ll know:

  • How to become cookie compliant on your website.
  • How to keep analytics data with Google Consent Mode.
  • What the rules on cookies are.

How to become cookie compliant – GDPR checklist

Let’s get straight to it.

You have a website, and you use cookies. What do you need to do to become GDPR cookie compliant? Here’s the list.  

Checklist for collecting
valid consent to cookies

  • Make sure you have a compliant cookie banner on your website!
  • Make sure you also have a page dedicated to your cookie policy.
  • Ask for consent to cookies before cookies are placed on your visitor’s computer/phone (except technically necessary cookies).
  • Don’t place cookies if you do not get your visitor’s consent.
  • Inform your user of what cookies you use and what data is used for.
  • Provide your visitor with an easy way for changing or withdrawing his or her consent.
  • Store your visitors’ consents for 5 years (in case the Data Protection Authority wants to see documentation).

But won’t you lose all our analytics data? No, here’s why.

Become cookie compliant and keep data with Google Consent Mode

Google has developed Google Consent Mode and Conversion Modeling to get around the issue of losing data when GDPR compliant.

Yes, the world of tracking has changed over the past years with strong GDPR enforcements and Google’s third-party cookie phase-out.

But! Tracking is still possible.

How?

First, be transparent about data collection and the use of your visitors’ data. Our experience tells us, that websites that put all cards on the table get higher % of consents that those who don’t.

Second, even if your visitor rejects cookies, Google will still provide your Google Ads and Google Analytics with aggregated data.

Then you can still see if a blog post is performing well or which campaign drove the most sales, but you cannot retarget the specific visitor in the same way as before.

If you want to know more about how to become cookie compliant but keep your analytics data, then see these two posts about Google Consent Mode and Conversion Modeling.

Link: What is Google Consent Mode

Link: What is conversion modeling

What does a compliant cookie banner look like?

Look here. 

Important thing is that you ask for consent, and that you allow the user not to give consent. 

Image of a cookie banner from cookie information that complies with privacy regulations like GDPR, CCPA and ePrivacy

In the cookie banner, the visitor can easily accept or reject cookies. 

And she can also choose the cookies she wants (statistics, functional or marketing). If she wants to know more, all details about cookies are available in the “show details” link which unfolds the pop-up.

There is also information about which cookies are being used and what data they collect (informed consent). 

All in all, with a banner like this, you no longer need to worry about any GDPR fines for using cookies.

EU cookie compliance – what are the rules?

Do you also think the rules on cookies are difficult to understand?

That’s why we’ve summed them up for you here.

One thing is certain though, you must collect your website visitor’s consent to the cookies you use.

And if you use tracking cookies from, say Facebook, Google, Amazon or Hotjar etc. to measure your site’s performance, to track sales or for retargeting purposes, you need to collect a consent following GDPR standards.

So here are the basics.

  • You must collect consent for all cookies you use (except technically necessary cookies).
  • Consent must be obtained before your cookies are placed on your visitor’s computer/phone
  • Consent must be freely given, specific, informed, and unambiguous (I’ll explain that below).
  • You are allowed to store cookies for 12 months. Then you must ask again.
  • You must store all cookie consents (also for users that reject) so you can document GDPR consent to the authorities.

What does freely given, specific, informed and unambiguous mean?

  • What is a freely given consent?
    • Freely given means that you give the user a choice, a choice to accept or reject. You can do that in your cookie banner’s first layer with an accept and a reject button.
  • What is a specific consent?
    • A specific consent means that you give your visitor the possibility to choose what type of data you may collect. The visitor can thereby choose to accept statistical cookies, but not marketing cookies. This is also a default feature in good cookie banners.
  • What is an informed consent?
    • An informed consent means that you tell your visitor what cookies you use, what data they collect, for how long and what the data is used for. A scan of your website can reveal all cookies and their purpose and then create a cookie policy for you.
  • What is an unambiguous consent?
    • Unambiguous consent means that consent requires a clear affirmative action, i.e., it must be a clear signal that your visitor agrees to cookies. “Using the website, scrolling or swiping” as accepting cookies is not considered valid consent.

Want to learn more about cookie rules? 

Link: What are the rules on cookies? 

Link: What is a cookie consent under the GDPR

That was it. If you got this far, you now have more information about how your website can become cookie compliant without losing your data.