Dapper (2)

Cookie Consent Banner: Complying with the GDPR

When you visit a website it is very likely that you have seen a small notification on the website that informs you about the cookies used by the website. These cookie consent banners are not part of the website content and they disappear after the user takes an action on the banner.

These banners started appearing on websites with the different online privacy laws in various countries. These laws or directives had prompted websites to put a notification banner on their websites that informed the visitors that the website uses cookies.

But earlier they used to only inform the user about the usage of cookies and there was no consent. The consent was mostly implied as the websites mostly told the users that if they continue using the website, they agree to the website's cookie policy. An example of such notification is given below.

Example of a cookie bar not compliant to the Cookie Law

Example of a cookie bar not compliant to the Cookie Law

In such cases, the cookies are not installed based on the users' explicit consent. And most of the time users are not even completely aware of the cookies being installed and what they were for. The only option if the users do not want the cookies to be installed is leaving the site altogether. 

Now, the scenario has changed. Concerns over the privacy of a common user over the internet have taken a root in the mind of the consumers. The issue with targetted advertising and security of the personal information collected has made users more aware of the privacy breaches that can occur when online. Since one such a way that the user data is collected is using cookies, users are more aware of the cookies and the repercussions of allowing them to be kept in their browser. More careful users now ensure that they clear their browser cookies regularly, or once in a while.

But since the GDPR has come into effect on May 25th, 2018, together with the ePrivacy Directive, it has taken the internet by storm. All the websites that had visitors from the states of the EU, has to comply with the law. The websites need now to be more careful about the tracking cookies that they use, as the laws are really protective about the privacy of the users.

Now the websites cannot go forward with this approach regarding the cookies. They need to give the users absolute authority over their data collected with the help of cookies. And the starting point of this is taking consent of the users by the website for the use of these cookies. The cookie banner shown above is an example of not complying to the GDPR law.

To comply with the law, the website should clearly in plain and understandable manner explain that it uses cookies to the users. It should explain to the user what these cookies are used for. The purpose of each of the cookies regardless whether necessary or non-necessary should be explained to the users. This will help the users get an idea of what information about their activities and personal data will be collected using the cookies and they can then make an informed decision about whether or not they want the cookies to be allowed on their browser.

Out of all the cookies that the website uses, cookies that are strictly necessary are exempted and the rest of the cookies needs the users' consent to being installed. Don't know about different types of cookies? Then read this article.

So here is how it should go about the cookies:

  • When the user comes on the website for the first time, he should be shown a cookie banner that informs them that the website uses cookies.
  • The cookie banner can't explain all the cookie related information to the users. So, the websites can provide a link to the detailed privacy and cookie policy page of the website from the cookie banner.
  • The banner provides the user the choice to accept or reject the non-necessary cookies or select the cookies that the users want to allow from the cookie settings on the cookie banner.
  • Until the user has given consent, there should not be any tracking of the user data on the browser by the means of cookies.
  • The users choice should be recorded when he/she clicks on the button/link on the cookie banner and treated as the consent or the rejection.

How can a Website Create a Compliant GDPR Cookie Banner?

An example of a cookie banner that complies with the cookie law created using CookieYes is given below.

Cookie Law compliant cookie banner

Cookie Law compliant cookie banner

The banner in the above example informs the user in a clear manner about the cookies that are being used by the website.

The user has the option to accept the cookies that are used on the website. Until the user clicks on the accept button, the cookies other the strictly necessary ones will not be installed on their browser.

The user has the option to reject the cookies. It is not really fair if the user only has the option to opt-in for the cookies. They should also be able to opt-out of them. Although the cookie scripts will not render unless the users accept them, the users should also be able to reject these cookies as well. And the cookie banner will not disappear from the view until the user does some action on it. So if not accept the cookies, then you should be able to reject them as well.

Since the users should be taking an informed decision about what they are in for when they accept the cookies, clicking on the settings button will show all the categories of cookies that the cookies belong to. The categories are defined by the admin of the website based on the purpose they serve on the website.

The category necessary is always enabled by default and kept so. The users will not be able to disable them as the cookies added in this category are strictly necessary for the website.

The rest of the cookies that are not strictly necessary are categorized according to their purpose and they are kept disabled by default. The user will have to enable these categories by themselves as a part of the prior consent by positive and affirmative action.

Users can change their mind at any point in time and they should be able to record this change when it comes to the usage of the cookies. The cookie bar disappears from the website and shows a small tab on the website. Clicking on this small little tab will bring the consent bar again so that the user can record their consent again.

Customization of the Cookie Banner

Now, one of the most important thing when it comes to cookie banners are the style of the banner. When the cookie banner is created using a third-party service, it is not very easy to make it look in a way such that it complements the look and the theme of the entire website. After all the cookies are to be shown on the front-end and how it looks is really important. Not just to look a part of the website, but also to command attention from the users as well. 

Also, the consent banner should be responsive so that the banner looks perfect on all devices that the website is viewed on.

The consent banner in the example created using CookieYes is fully responsive and also CookieYes gives a lot of customization option to the cookie banner. You can customize each and every part of the banner. You can change the text, color, position, etc. of the banner to your liking. You can make a cookie banner that is unique and made for your website.

You can log in to the dashboard any time and make the changes required. The changes will be automatically reflected on the website.

Please note that while we make it a point to deliver the most accurate information possible, this article, however, should not be treated as legal advice. The website owners should seek legal advice if needed to know what is best for their website or app depending on which further actions may be required to fully comply with the law.

Make Your Website GDPR Compliant With CookieYes

CookieYes is a new and easy solution to make your website comply with the GDPR Cookie Law from Cookie Law Info. Join the 400,000+ website using our solutions now!

Share this post