Navigating the General Data Protection Regulation (GDPR) cookie notice rules is challenging.
To align with the GDPR, you need an honest cookie policy and a cookie banner that allows users to give GDPR-friendly consent to your use of cookies.
Below, I describe these consent requirements in detail and present you with GDPR cookie notice banner examples to help inspire you when you make your own.
What Is a Cookie Notice?
A cookie notice is a pop-up, box, or banner on your site that features a cookie notification message informing users about your cookie policy and allowing them to consent to, deny, or set preferences for your use of cookies.
The cookie notice should appear whenever a user first visits your website and include the following three primary components:
- A Cookie Policy: A cookie policy outlines the cookies you use, their category, and how users can manage their cookie settings.
- A “Consent to Cookies” Option: Your cookie consent notice needs to give users a way to consent to your use of cookies (e.g., a button).
- Cookie Preferences: To comply with the GDPR, your cookie consent notice needs to allow users to consent to or deny certain categories of cookies.
Your cookie category checkboxes should remain unchecked by default, so users can actively and expressly opt in to your cookie use.
Do I Need a Cookie Banner?
Yes, your website most likely needs a cookie banner.
Cookie banners have become more prevalent because of laws like the GDPR and the ePrivacy Directive, which is also known as the EU cookie law, and these laws have broad scopes.
Even if your business is located elsewhere, the GDPR still impacts your website so long as you monitor the online behaviors of people in the EU.
Both laws require you to obtain proper consent from consumers and give them adequate choices and controls in order to legally deploy cookies on their browsers. You must give users clear and informed consent before websites store cookies in their browsers.
Using cookie banner solutions helps simplify the process of aligning your website with these GDPR requirement. For example, Termly’s free cookie consent solution will manage your cookie consent needs and generate cookie notice banner in minutes.
GDPR Cookie Consent Language Examples
To align with the GDPR, your consent banner solutions must be:
- Clear,
- Specific, and
- Easy to understand.
In other words, it must be as clear as possible to enable users to give proper consent, which is defined in Article 4 of the GDPR as:
“any freely given, specific, informed, and unambiguous […] clear affirmative action.”
Let’s break down what that means.
- Freely given: The user must be giving consent of their own will. They weren’t pressured into giving consent.
- Specific: The user must be asked to consent to specific types of data processing.
- Informed: The user must be told what they’re consenting to.
- Unambiguous: The language used in the cookie notice banner solution must be simple and clear.
- Clear affirmative action: The user must clearly express consent by saying or doing something (e.g., clicking a button to agree).
If your banner solutions are missing any of these elements, you aren’t GDPR-compliant. You can use our free cookie consent solution to make your own cookie notice like the one you see here in minutes!
GDPR-compliant Cookie Consent Examples
Once you compile the three elements of your cookie consent notice and make your cookie banner solutions GDPR-friendly, decide how you want to display it on your site.
It can appear in any number of ways on your site, including a banner, pop-up, or full-screen page. You can also use a variety of approaches to banner solutions for consent, like “implied consent”, “opt-in consent”, and “opt-out consent”.
To help you out, here are some website banner examples that meet GDPR guidelines.
The Guardian’s Opt-In Bottom Banner
First, let’s look at the consent banner used by the news outlet the Guardian UK, which appears at the bottom of its webpage.
The Guardian chose a big consent banner that’s easy to see. They use an opt-in approach and asks users to click the “Yes, I’m Happy” button to accept cookies.
They also link to their cookie policy and their privacy policy, which is a best practice. You should consider updating your privacy policy template to include information about your cookie use, and link it in your consent banner.
To help boost opt-in rates and avoid users rejecting cookies, try employing a friendly tone on your cookie notice and giving users the ability to choose which cookies they want to accept.
The Guardian has done this by taking a casual approach to the language of their cookie notice, embracing a friendly tone with “Yes, I’m happy” as their button text and by giving users the ability to choose which cookies they want to accept through the “Manage my cookies” link.
The Economist’s Full-Screen Pop-Up
Some businesses choose to use a full-screen pop-up that blocks site interactions until the user consents to or manages cookies, like the Economist, whose full-screen website banner example is shown below.
It explains why they use cookies and how you can update your cookie preferences at any time at the bottom of their page.
Like some of the other examples on this list, they provide a link to their cookie policy, and users can’t view or do anything on the website until they choose to accept or manage cookies.
Financial Times’ Left-Side Tooltip
If you want consent banner solutions less intrusive than banners and pop-ups, opt for a tooltip-style notice in the left- or right-hand corner of your site.
This is similar to how the Financial Times notifies users of cookies, as shown below.
They take care to match the style of the tooltip to the site’s aesthetic, and make it minimal but noticeable.
Like The Guardian, they use an opt-in approach where users can choose to accept cookies with a click of a button.
While a minimal notice may be more aesthetically appealing, keep in mind that your banner solutions or pop-ups should be intrusive enough to prompt users to read and interact with your cookie consent notice.
If a user clicks “Manage cookies,” they’re taken to the following screen:
Like the other website banner examples, GDPR guidelines are clearly kept in mind here by sorting cookies into distinct categories.
These categories are based on the purposes of the cookies, like remembering shopping cart preferences, or collecting data for targeted advertising.
What Is Implied Consent, and Does It Comply With the GDPR?
Implied consent is when users are made aware of your cookie use and continue using your site but don’t directly consent to your cookies.
For example, if you have banner solutions that notify users of cookies on your site, but disappear when a user scrolls down the page, they are considered implied consent.
Users can continue to navigate the site with minimal intrusion, and there’s no immediate option to consent to cookies or set preferences.
So does implied consent comply with GDPR? It depends.
Under the GDPR, necessary cookies are exempt from consent since they’re essential for a website to function.
As such, it’s possible to use implied consent banner solutions and pop-ups provided you’ve made it clear that you’re only using necessary cookies.
For other types of cookies, however, you would need to get the user’s clear, informed consent.
Since the five elements of consent include “clear, affirmative action,” you need to put a button on your banner solutions that allows users to manage, accept, and reject these other types of cookies. Scrolling and continuing to navigate the site doesn’t count, since there is no clear, affirmative action involved.
See below for two examples of implied consent banner solutions; the first example complies with the GDPR while the second does not.
Coventry University’s GDPR-Compliant Implied Consent Cookie Notice Banner
Let’s look at the UK’s Coventry University consent banner.
Their banner aligns with the GDPR because it uses clear wording to inform users about necessary cookies.
Their website footer states that the site uses “necessary cookies to make our site work” and that they’d like to “set additional cookies” for the reasons listed above.
Users can click to view the site’s Cookie notice, manage their cookie choices, reject additional chookies, or accept additional cookies.
Adidas’ GDPR-Noncompliant Implied Consent Cookie Notice Banner
Now let’s look at an example of a banner that wouldn’t meet the GDPR requirements.
This example comes from the Adidas UK site, and in this instance, it appears Adidas assumed users consented to cookies simply by continuing to interact with the website.
The banner at the bottom of the page clearly says “by continuing to use our site, you consent to use our cookies” and doesn’t go away until the user clicks the “X” button or manages tracking by clicking “HERE.”
If users select “HERE,” they’re shown the following cookie preference center, where they can adjust their cookie settings.
This version of the Adidas’ implied consent banner is not GDPR-compliant.
One reason for this is that they don’t use clear language.
Unlike the Coventry University example, Adidas doesn’t specify what cookies are being used by default. As such, users can only guess what cookies they’re implicitly agreeing to by continuing to navigate the site.
Only after clicking “HERE” can users see that all three types of cookies (including functional and marketing cookies, which are not “required” or necessary) have already been selected by default, going against the GDPR.
According the the regulation, only necessary cookies can use implied consent. All other types of cookies require the user to meet the five elements of consent, including “clear, affirmative action.”
If you’re subject to the GDPR, don’t follow the Adidas example.
If your business is subject to the GDPR, consent must be given explicitly, meaning users take a distinct action to indicate agreement, like in all other examples above.
Create Your Own Cookie Notice Banner
Now that you understand what goes into a cookie consent notice, and have seen examples of how other companies display them, it’s time for you to create your own banner solutions.
Although there’s a lot to consider when establishing your own GDPR cookie notice banner solutions, services like Termly’s cookie consent solution can help.
Here’s a step-by-step of how you can get started:
Align with the GDPR Using Termly
Step 1: Enter your website URL into the scanner below
Step 2: We’ll scan your site and categorize the majority of your cookies
Step 3: We’ll generate your cookie policy & customizable cookie notice
That’s all you have to do! We’ll scan your site for cookies, sort them into their appropriate categories, create a custom cookie policy, and generate a cookie website consent banner for you to display on your site.
Once the banner is live, your users will see a banner, tooltip, or screen like the examples above. Your site’s visitors can then consent to your use of cookies or set their preferences.
More about the author
Written by Masha Komnenic CIPP/E, CIPM, CIPT, FIP
Masha is an Information Security and Data Privacy Specialist and a Certified Data Protection Officer. She has been a Data Protection Officer for the past six years, helping small and medium-sized enterprises achieve legal compliance. She has also been a privacy compliance mentor to many international business accelerators. She specializes in implementing, monitoring, and auditing business compliance with privacy regulations (HIPAA, PIPEDA, ePrivacy Directive, GDPR, CCPA, POPIA, LGPD). Masha studied Law at Belgrade University, and she passed the Bar examination in 2016. More about the author Reviewed by Masha Komnenic CIPP/E, CIPM, CIPT, FIP Director of Global Privacy
