The cookie text you use on a consent banner to explain how your website places internet cookies on browsers is vital, especially if your business needs to comply with data privacy laws.
Below, I discuss more about what cookie text is and explain how to write one for your website to keep your users adequately informed while meeting applicable legal obligations.
How To Add Cookie Text to Your Website
You can easily add cookie text to your website using Termly’s cookie banner generator — which you can configure to meet consent requirements outlined by data privacy laws in 70+ regions.
As part of our Consent Management Platform, our generator creates a compliant cookie text for you but allows you to customize and change it as you see fit.
If you decide to change the cookie text, follow these tips:
- Use clear, straightforward language that is easy for all website visitors to understand.
- Don’t use unnecessary jargon or legalese, as this language tends to confuse people.
- Explain your users’ choices over the internet cookies and provide instructions for how to act on those choices.
- If you only use essential cookies (which don’t always require user consent), clearly say so in your cookie text.
- Add a live link to your cookie policy so your users can make an informed choice about whether they agree to your use of cookies.
- Follow all opt-in and opt-out requirements based on applicable laws and regulations.
Below, see a sample of one way you can configure your Termly consent banner to comply with the GDPR.
Our Pro+ members can set up regional consent preferences, so users in locations with different data privacy laws are presented with a compliant consent banner.
You can get started right now by scanning your website below:
What Is Cookie Text?
A cookie text is the phrasing website owners use to inform visitors that it places internet cookies on their browsers.
Usually, this text appears on a pop-up or cookie banner, which may also feature:
- An ‘Agree’ button
- A ‘Decline’ button
- A ‘Customize’ or ‘Preferences’ button
- A live link to the site’s cookie policy
- A brief explanation of why the site uses cookies
Cookies text is different from a cookie policy, which is a legally required document that lists the different types of cookies a site uses and their purposes.
These policies sometimes explain the rights individuals have over controlling Internet cookies and may provide instructions for how they can opt in to, decline, customize, or delete them.
It’s common for businesses to reference cookie policies in their cookies text and include a live link on their consent banners or pop-ups.
Which Laws Require Cookie Text?
A well-written cookie text helps your website comply with applicable data privacy laws, so you must write yours in a way that meets all obligations outlined by the pieces of legislation that impact your business.
In this next section, I’ll explain what your cookie text must look like based on some of the most prevalent data privacy laws worldwide.
General Data Protection Regulation (GDPR) Cookie Text Requirements
Under the GDPR, cookies qualify as personal information and are subject to legal requirements.
You need proper cookie text, and your consent banner must provide users in the European Union (EU) and the European Economic Area (EEA) with adequate opt-in and opt-out rights.
However, your website users cannot exercise their right to accept or reject cookies effectively without knowing what cookies are used, what personal data is collected, and how it is used.
Therefore, the GDPR outlines the following obligations regarding cookies and your cookie text:
- Inform users that your site uses cookies, and provide a list of each one used.
- Request and obtain active opt-in consent from users before placing any cookies on their browsers (except for strictly necessary cookies).
- Do not place cookies on browsers if users don’t actively opt into consent.
- Provide a way for users to withdraw consent or change their minds at any time, and it must be as easy as giving their consent.
- Document and keep proof of your users’ consent choices.
- Periodically renew their consent regarding your use of cookies.
Below, see an example of what a GDPR-compliant cookie text looks like.
The next screenshot is an example of what your preference center might look like for users.
California Consumer Privacy Act (CCPA) Cookie Text Requirements
The CCPA also considers internet cookies a method to collect personal information.
While the CCPA does not require websites to display cookie banners to website users, businesses can satisfy key CCPA requirements more easily by using cookie banners.
Consent banner for advertising cookies
Under the CCPA, third-party behavioral advertising cookies may be considered a sale of personal information and require consent.
Therefore, websites can obtain consent from the website users via a cookie banner to comply with the CCPA and document their compliance with the CCPA’s rules concerning the sale of personal information.
Analytics cookies
Under the CCPA, using analytics cookies may also be considered selling personal information.
However, if a “consumer uses or directs the business to intentionally disclose personal information,” it will not be considered a sale.
Therefore, obtaining consent to analytics cookies via a cookie banner will reduce the risk of non-compliance with the CCPA.
Below, see a sample of what a CCPA-compliant cookie text looks like.
Colorado Privacy Act (CPA) Cookie Text Requirements
Cookies are also considered personal information under the Colorado Privacy Act (CPA).
The CPA requires that businesses obtain affirmative prior consent from consumers for the following processing activities:
- Sensitive data or personal data concerning children
- Selling a consumer’s personal data
- Processing a consumer’s personal data for targeted advertising
- Profiling (following a consumer opt-out)
- Otherwise processing personal data for unnecessary or incompatible purposes
When you use cookies to collect and process data that falls under these categories, you can obtain CPA-compliant consent by using a cookie banner.
However, the consent must be “specific,” “informed,” and through an “affirmative action.”
Therefore, you need to present website users with clear information about what data is collected and for what purposes it is used for the above-mentioned processing activities.
You must use certain language in your cookie text to meet the requirements outlined by this U.S. state law.
Under the CPA, your cookie text must:
- Inform users that your site collects cookies and present them with a cookie policy
- Provide an opt-out mechanism for targeted ads and the selling of their personal data
- Provide opt-in consent requests to collect sensitive personal information
- Provide opt-in consent request to collect data from a known child
Below, see an example of what a CPA-compliant cookie text looks like.
Connecticut Data Privacy Act (CTDPA) Cookie Text Requirements
Under the CTDPA, cookies are personal information, so when you collect sensitive data and need to obtain consent, you must write your cookie text in a specific way for compliance.
The CTDPA is another U.S. state law requiring you to provide consumers with an opt-out mechanism concerning specific internet cookies. Opt-in consent is unnecessary unless you want to collect sensitive information or data from known children.
Your CTDPA cookie text must:
- Explain that your site uses internet cookies and present users with a cookie policy
- Give users a mechanism for opting out of cookies used for the sale of personal information
- Provide an opt-in consent option if you want to collect sensitive personal information
- Provide an opt-in consent option if you’re going to collect data from known children and use this data for targeted advertising
See a great example of a cookie text that complies with the CTDPA below.
Virginia Consumer Data Protection Act (VCDPA) Cookie Text Requirements
The VCDPA defines personal data as “any information that is linked or reasonably linked to an identifiable or identified natural person.”
Therefore, the use of cookies may also fall under the scope of the law, and websites may need to comply with the VCDPA’s transparency and consent requirements.
Under the VCDPA, websites must:
- Provide a mechanism for opting out of the sale of personal information
- Obtain consent for the collection and processing of sensitive data
- Obtain prior consent for precise geolocation information
To use cookies under the VCDPA, you must follow strict legal requirements that impact the cookie text on your consent banner or pop-up.
Below is a sample of a VCDPA-compliant cookie text.
Cookie Text FAQ
Want to know more about cookies and cookie texts? Check out the answers to these frequently asked questions!
Do cookies collect personal data?
Yes, some cookies collect personal information about users. And all cookies contain something called a cookie identification (ID), which is a unique number that can identify an individual.
Third-party cookies, for example, are often used to track your behavior across other sites.
However, strictly necessary cookies (sometimes called first-party cookies) typically don’t collect personal information about users and instead are there to help the website function properly.
What is cookie text?
A cookie text is the phrasing that appears on a website to inform users that the site places internet cookies on their browsers and sometimes explains what controls they have over them.
It usually appears on pop-ups and cookie banners.
It also typically includes a live link to the site’s cookie policy, which expands upon the cookie text by presenting the user with more specific and comprehensive details.
Why do websites need cookie text?
Websites need a cookie text for legal compliance purposes, as it informs visitors about what internet cookies your site places on browsers and what controls users have.
Being honest about what cookies your website uses is also just the right thing to do, and it helps build and maintain trust with consumers.
Is cookie text legally required?
Privacy laws dictate how you write your cookie text. For example, the GDPR, the CCPA, the VCDPA, and others all impact the phrasing of your cookies text.
How do I implement cookie text on my website?
You can implement cookie text on your site using a comprehensive Consent Management Platform with a pop-up cookie banner, like Termly’s, or manually make one yourself.
Summary
The cookies text you use on your consent banner is essential because it helps your business meet requirements outlined by data privacy laws and keeps consumers properly informed about how your site uses Internet cookies.
When writing a cookie text, follow these best practices:
- Use simple language
- Be clear about your use of internet cookies
- Link to your cookie policy
- Provide users with appropriate choices based on applicable laws
You can use Termly’s CMP to create cookies text for your platform and set up regional consent settings to account for multiple data protection laws.
More about the author
Written by Ali Talip Pınarbaşı, CIPP/E, & LLM
Ali is a London-based Data Privacy Law Consultant with a Master of Laws Degree in EU Privacy law at King's College London. He has three years of experience in advising businesses on how to comply data protection laws. More about the author
