Ever think about the text on a website’s pop-up cookie banner? That phrasing, or how you explain to visitors that your website places internet cookies on their browsers, is what people mean by “cookie text.”
Turns out, how you write your cookies text is vital, especially if your business needs to comply with any applicable data protection laws.
So join me while I explain what cookie text is and how to write one for your website to keep people adequately informed while meeting relevant legal obligations.
What Is Cookie Text?
A cookie text is the phrasing website owners use to inform visitors that it places internet cookies on their browsers.
Usually, this text appears on a pop-up or cookie banner and may also feature:
- An ‘Agree’ button
- A ‘Decline’ button
- A ‘Customize’ or ‘Preferences’ button
But because of the nature and purpose of a cookie text, it’s common for businesses to reference the policy and link to it on their consent banners or pop-ups.
Which Laws Require Cookie Text?
A well-written cookie text helps your website comply with applicable data privacy laws, so you must write yours in a way that meets all obligations outlined by the pieces of legislation that impact your business.
In this next section, I’ll explain what your cookie text must look like based on some of the most prevalent data privacy laws worldwide.
General Data Protection Regulation (GDPR) Cookie Text Requirements
You need proper cookie text, and your consent banner must provide users in the European Union (EU) and the European Economic Area (EEA) with adequate opt-in and opt-out rights.
However, your website users cannot exercise their right to accept or reject cookies effectively without knowing what cookies are used, what personal data is collected, and how it is used.
Therefore, the GDPR outlines the following obligations regarding cookies and your cookie text:
- Request and obtain active opt-in consent from users before placing any cookies on their browsers (except for strictly necessary cookies).
- Do not place cookies on browsers if users don’t actively opt into consent.
- Provide a way for users to withdraw consent or change their minds at any time, and it must be as easy as giving their consent.
- Document and keep proof of your users’ consent choices.
Below, see an example of what a GDPR-compliant cookie text looks like.
The next screenshot is an example of what your preference center might look like for users.
California Consumer Privacy Act (CCPA) Cookie Text Requirements
The CCPA also considers internet cookies a method to collect personal information.
While the CCPA does not require websites to display cookie banners to website users, businesses can satisfy key CCPA requirements more easily by using cookie banners.
Consent banner for advertising cookies
Under the CCPA, third-party behavioral advertising cookies may be considered a sale of personal information and require consent.
Therefore, websites can obtain consent from the website users via a cookie banner to comply with the CCPA and document their compliance with the CCPA’s rules concerning the sale of personal information.
Under the CCPA, using analytics cookies may also be considered selling personal information.
However, if a “consumer uses or directs the business to intentionally disclose personal information,” it will not be considered a sale.
Therefore, obtaining consent to analytics cookies via a cookie banner will reduce the risk of non-compliance with the CCPA.
Below, see a sample of what a CCPA-compliant cookie text looks like.
Colorado Privacy Act (CPA) Cookie Text Requirements
Cookies are also considered personal information under the Colorado Privacy Act (CPA).
The CPA requires that businesses obtain affirmative prior consent from consumers for the following processing activities:
- Sensitive data or personal data concerning children
- Selling a consumer’s personal data
- Processing a consumer’s personal data for targeted advertising
- Profiling (following a consumer opt-out)
- Otherwise processing personal data for unnecessary or incompatible purposes
However, the consent must be “specific,” “informed,” and through an “affirmative action.”
Therefore, you need to present website users with clear information about what data is collected and for what purposes it is used for the above-mentioned processing activities.
You must use certain language in your cookie text to meet the requirements outlined by this U.S. state law.
Under the CPA, your cookie text must:
- Provide an opt-out mechanism for targeted ads and the selling of their personal data
- Provide opt-in consent requests to collect sensitive personal information
- Provide opt-in consent request to collect data from a known child
Below, see an example of what a CPA-compliant cookie text looks like.
Connecticut Data Privacy Act (CTDPA) Cookie Text Requirements
Under the CTDPA, cookies are personal information, so when you collect sensitive data and need to obtain consent, you must write your cookie text in a specific way for compliance.
The CTDPA is another U.S. state law requiring you to provide consumers with an opt-out mechanism concerning specific internet cookies. Opt-in consent is unnecessary unless you want to collect sensitive information or data from known children.
Your CTDPA cookie text must:
- Give users a mechanism for opting out of cookies used for the sale of personal information
- Provide an opt-in consent option if you want to collect sensitive personal information
- Provide an opt-in consent option if you’re going to collect data from known children and use this data for targeted advertising
See a great example of a cookie text that complies with the CTDPA below.
Virginia Consumer Data Protection Act (VCDPA) Cookie Text Requirements
The VCDPA defines personal data as “any information that is linked or reasonably linked to an identifiable or identified natural person.”
Under the VCDPA, websites must:
- Provide a mechanism for opting out of the sale of personal information
- Obtain consent for the collection and processing of sensitive data
- Obtain prior consent for precise geolocation information
Below is a sample of a VCDPA-compliant cookie text.
How To Add Cookie Text to Your Website
You can easily add cookie text to your website using Termly’s cookie banner generator — which you can configure to meet consent requirements outlined by data privacy laws in 70+ regions.
As part of our Consent Management Platform, our generator creates a compliant cookie text for you but allows you to customize and change it as you see fit.
If you decide to change the cookie text, follow these tips:
- Use clear, straightforward language that is easy for all website visitors to understand.
- Don’t use unnecessary jargon or legalese, as this language tends to confuse people.
- Explain your users’ choices over the internet cookies and provide instructions for how to act on those choices.
- If you only use essential cookies (which don’t always require user consent), clearly say so in your cookie text.
- Follow all opt-in and opt-out requirements based on applicable laws and regulations.
Below, see a sample of one way you can configure your Termly consent banner to comply with the GDPR.
Our Pro+ members can set up regional consent preferences, so users in locations with different data privacy laws are presented with a compliant consent banner.
You can get started right now by scanning your website below:
Cookie Text FAQ
Want to know more about cookies and cookie texts? Check out the answers to these frequently asked questions!
Do cookies collect personal data?
Yes, some cookies collect personal information about users. And all cookies contain something called a cookie identification (ID), which is a unique number that can identify an individual.
Third-party cookies, for example, are often used to track your behavior across other sites.
However, strictly necessary cookies (sometimes called first-party cookies) typically don’t collect personal information about users and instead are there to help the website function properly.
What is cookie text?
A cookie text is the phrasing that appears on a website to inform users that the site places internet cookies on their browsers and sometimes explains what controls they have over them.
It usually appears on pop-ups and cookie banners.
Why do websites need cookie text?
Websites need a well-written cookie text to inform visitors about what internet cookies it places on their browsers and what controls they have over those cookies. This can help your business meet legal requirements outlined by applicable data privacy and protection laws.
Regardless of the law, being honest with your users about what cookies your website uses is also just the right thing to do, and it helps build and maintain trust with your consumers.
Is cookie text legally required?
While data privacy laws don’t explicitly say you need a cookie text, writing one helps you meet some of the legal requirements outlined by those pieces of legislation. This means a properly written cookie text is essential for businesses that need to follow laws like the GDPR, the CCPA, the VCDPA, and others.
How do I implement cookie text on my website?
You can implement cookie text on your website using a comprehensive, reputable Consent Management Platform with a pop-up cookie banner. Termly’s software writes the text for you, and you can configure it to meet several data privacy laws.
You now have all the information you need to write proper cookie text for your website’s pop-up or consent banner based on applicable data privacy laws. That’s great!
Why not make it extra easy on yourself? If you use Termly’s CMP to create cookies text for your platform, you can set up regional consent settings to account for multiple data protection laws.