A cookie popup is a small, often unnoticed window that appears to website visitors upon their first arrival at a site. Its primary function is to obtain consent for the storage and handling of personal data through cookies.
This consent is important not only for respecting user privacy but also for complying with regulations like the GDPR.
As the website owner, it’s your job to make sure it meets GDPR requirements. How can you do that? Below, I’ll list the steps to creating a GDPR-compliant cookie consent popup for your website.
- A cookie consent popup informs website visitors about the cookie usage. This transparency makes your business more trustworthy.
- To comply with GDPR rules, your cookie consent popup should offer easy options for users to accept, reject, or manage their cookie preferences.
- Regularly update your cookie practices to reflect changes in laws and ensure your website remains compliant.
Table of Contents
Why Do You Need a Cookie Popup on Your Website?
You need a cookie consent banner to inform and obtain user consent for your website’s cookie usage.
Not having one can expose your business to legal risks and fines under data privacy laws like the General Data Protection Regulation (GDPR) and the EU Cookie Law (ePrivacy Directive).
With a cookie consent popup, you can ensure your visitors are informed about how cookies track and store their data. In turn, this allows them to make informed decisions about their privacy.
Failing to properly inform and obtain explicit consent from users can not only lead to penalties but also damage your company’s reputation.
As of May 2023, the largest share of penalties the GDPR has issued was due to non-compliance with general data processing principles:
Since 2018, this violation has led to more than 1.67 billion Euros (about 1.826 billion USD) worth of fines. If you don’t want to be a part of that statistic, make sure your website has a GDPR-compliant cookie popup.
A cookie popup is not just a legal requirement but a practice of ethical transparency. It demonstrates your respect for user privacy.
How To Create a GDPR-Compliant Cookie Consent Popup
A GDPR cookie consent banner is necessary for any website operating within or targeting residents of the European Union.
Follow the steps below to create a cookie popup that not only meets GDPR standards but also enhances user trust in how their data is handled.
Step 1: Understand the Requirements of GDPR
To fully comprehend the requirements of GDPR, online business owners should begin by educating themselves on the purpose of the cookie popup. Primarily, it is used to inform and obtain explicit consent from users for data processing activities.
This can be achieved through various resources such as GDPR compliance workshops, legal advisories, and comprehensive guides on data protection laws.
PRO TIP: Aim to understand not only how to ask for consent but also the broader implications of GDPR on user data rights and privacy.
Step 2: Design a Clear and Informative Popup
When designing a GDPR cookie banner or popup, clarity, and transparency are key. This means the design should prominently display information about the cookies the website uses, including both essential and non-essential cookies.
Explain the types of cookies used and their purpose in a straightforward manner.
The design of the popup should be intuitive, avoiding technical jargon that might confuse users. Clear language and an uncluttered design will make it easier for users to understand their choices regarding cookie usage.
Here’s a good example of a straight-to-the-point cookie consent popup from Tropic Skincare:
While it doesn’t list the types of cookies they use, it does clearly mention what they are used for. The banner also offers users several options, either to accept or reject all cookies or manage their cookie settings.
Step 3: Provide Explicit Consent Options
Consent must be explicit and given through affirmative action such as ticking a box or clicking a button.
To do this, implement a cookie consent management platform that allows users to manage their cookie preferences.
Offer granular control over cookie preferences, such as the ability to accept all cookies, reject cookies, or select specific types of cookies they consent to.
This level of detail respects user autonomy and aligns with GDPR requirements for explicit and opt-in consent.
Under GDPR, implied consent is not enough. Don’t pre-tick consent boxes or rely on scrolling as a form of consent. Consent must be freely given, specific, informed, and unambiguous.
Let’s take a look at this example from Gymshark:
It’s good that the cookie popup informs users of the website’s use of cookies, what they’re for, and the fact they share the data they collect with third parties. However, there is no Accept or Decline button for users to give their explicit consent.
Step 4: Detail Cookie Use Transparency
Clearly detail how your website will collect data through cookies and similar technologies. Explain how cookie use contributes to the user experience, such as personalizing content or analyzing site traffic.
Moreover, be transparent about the use of third-party cookies and how they might track users across websites.
Step 5: Offer Easy Access to Your Cookie Policy
Every GDPR-compliant website should have a readily accessible and transparent cookie or privacy policy that users can review at any time. This policy should detail the types of cookies used, the data collected, and how it is processed.
Ensure that this policy is easy to find, perhaps linked directly from the cookie popup itself, and written in clear, understandable language.
Step 6: Enable Easy Withdrawal of Consent
Consent under GDPR is not a one-time condition. Withdrawal of the user’s consent for cookies must be allowed at any point.
To support this, avoid using cookie walls that force consent by restricting access to the site. Instead, provide a simple mechanism in your cookie banner or through user account settings where consent can be easily revoked.
This upholds the principle of ongoing consent and adjusts to GDPR-compliant cookie consent practices.
Step 7: Implement Regular Compliance Updates
Finally, website owners must ensure that their cookie consent practices remain in compliance with any updates to GDPR or other relevant laws.
Regular audits of cookie usage and consent practices can help identify areas for improvement. So, stay informed about legal changes and adapt your strategies accordingly.
Cookie Consent Checklist
Now that you know the steps to creating a GDPR-compliant cookie consent popup, here’s a handy checklist to ensure your implementation follows best practices:
- Does your cookie consent banner clearly explain why your website uses cookies and what information is collected?
- Is the language used plain and easy to understand by the average website visitor?
- Does the banner differentiate between first-party and third-party cookies?
- Do users have a clear and easy way to give their consent for the use of cookies?
- Do users have the option to reject all cookies or select specific cookie preferences (e.g., analytics, advertising)?
- Is there a clear and accessible link to a more detailed cookie policy that explains your data collection practices in more depth?
- Can users easily withdraw their consent at any time and manage their cookie preferences?
- Do you avoid using cookie walls (forcing consent to access website content)?
Dos and Don’ts for an Effective Cookie Popup Design
Before you add a cookie popup to your website, you first have to learn how to balance compliance with user-friendliness.
Below are some of the best practices for cookie consent design to make the process smoother for you:
Dos:
- Provide clear and concise information: Explain why you use cookies, what data they collect, and how this data will be used.
- Ensure visibility of the cookie popup: Make sure it’s one of the first things users see without obstructing critical site content.
- Offer easy navigation for cookie settings modifications: Users should find it straightforward to change their cookie preferences at any time.
- Design for accessibility: Ensure all users, regardless of ability, can interact with your cookie consent popup.
- Seek active consent: Clearly present options like “Accept” or “Reject” so users can knowingly and willingly decide their preferences.
Don’ts:
- Assume consent: Implied consent, such as scrolling or continuing to browse, is considered valid consent under GDPR.
- Hide information: Do not obscure details about how cookies are used. Always include links to your detailed cookie policy.
- Make opting out difficult: Ensure rejecting cookies is as straightforward as accepting them. Users should not struggle to find how to opt-out.
- Use complex language: Keep the language in your cookie consent popups simple and jargon-free so users can understand what they are consenting to.
- Forget to update regularly: As laws and technologies change, so should your cookie popup. Keep it up to date with the latest legal standards and best practices.
Cookie Popup Examples
Here’s how different websites successfully implement cookie popups in compliance with GDPR while maintaining a user-friendly interface:
1. Velasca
The goal is to strike a balance between informative and concise, while still obtaining user consent for cookie use. In this popup cookie banner example from Velasca, it’s clear that the company understood the assignment:
The message is written in plain language, avoiding technical jargon, and keeping the information clear and easy to understand.
I also like that Velasca offers a clear choice for users: “I agree” for full consent, “Customize” for granular control over cookie preferences, and an “X” option to continue without non-essential cookies.
Overall, the popup meets GDPR requirements because it avoids pre-filled options and respects the user’s right to opt out of non-essential cookies.
2. Qalo
Qalo’s approach to cookie consent also aligns well with GDPR requirements, showcasing another effective strategy for managing user preferences.
Their cookie notice is a model of clarity and compliance, providing users with straightforward options to manage their data.
What makes this a strong GDPR-compliant setup are the choices offered directly in the cookie popup: Preferences, Reject, and Accept.
Plus, linking directly to the Privacy Policy within the popup further enhances transparency. It allows users immediate access to detailed information about data usage, cookie types, and privacy practices.
3. Thinx
Thinx’s cookie consent banner effectively balances user-friendly design with compliance requirements. It clearly communicates the purpose of cookies in improving site functionality, aligning with GDPR’s transparency guidelines.
Offering three distinct choices means users can consent to, decline, or customize their cookie preferences easily. Additionally, the inclusion of a direct link to the Cookie Policy ensures they can quickly access more detailed information about cookie usage.
4. Nature Made
Nature Made’s cookie consent banner is a great example for online business owners looking to ensure GDPR compliance in a user-friendly way.
It clearly communicates the outcomes of user interactions with the banner, which is crucial in meeting GDPR’s requirements for clear and affirmative consent.
Offering three straightforward choices, the banner empowers users with control over their data. The direct link to the Privacy Policy also ensures they can easily access detailed information about cookie usage, promoting transparency.
5. BareMinerals
Even with its straightforward language, BareMinerals’ cookie banner effectively addresses key GDPR points:
Firstly, transparency is provided about cookie usage for various purposes. Then, user control is offered through the three buttons: Cookies Settings, Accept All Cookies, and Reject All.
Frequently Asked Questions
What is the difference between cookie popups and cookie banners?
Cookie banners and popups serve the same purpose but differ in design. Banners are typically less intrusive, while popups are more prominent and can cover part of the content.
Are cookie popups the same in all countries?
No, cookie popups vary by country due to different privacy laws. You may need to customize your cookie popup to comply with local regulations.
What types of websites need cookie popups?
Websites that collect data via cookies must deploy cookie popups. This includes sites tracking analytics, and preferences, or using marketing tools.
What information is typically included in a cookie popup?
Cookie popups typically inform about the use of cookies and request user consent. They may link to a detailed privacy or cookie policy.
Can you use a tool to create a cookie consent popup?
Yes, you can use online tools to create a cookie consent popup. There are plenty of customizable cookie banner templates online including our own.
