Navigating the European Union’s General Data Protection Regulation (GDPR) cookie notice rules is challenging. To comply with GDPR privacy requirements, not only do you need a cookie policy, but you also need a cookie banner that allows users to give GDPR-friendly consent to your use of cookies.
Find out how to create these essential compliance features by checking out different cookie banner examples.
1. What Is a Cookie Notice?
A website cookie notice is a screen, pop-up, box, or banner on your site that presents to users a notification about your cookie policy and allows them to consent to, deny, or set preferences for your use of cookies.
This cookie notice should appear when a user first visits your site. Be sure to include three primary components:
- Your Cookie Policy — A cookie policy outlines the cookies you use, their category (e.g., advertising, social media), and how users can manage their cookie settings.
- “Consent to Cookies” Option — Your cookie consent notice needs to give users a way to consent to your use of cookies (e.g., a button).
- Cookie Preferences — To comply with the GDPR, your cookie consent notice needs to allow users to consent to or deny certain categories of cookies.
2. Do I Need a Cookie Banner?
Because of the ePrivacy Directive, or “cookie law“, you need banner solutions for cookies if your website is based in the EU or if an EU citizen may interact with your site.
Even if your business is located outside of the EU, as long as one person from the EU accesses your site, you need cookie banner solutions. Otherwise, you won’t be in compliance with the EU’s GDPR or the upcoming ePrivacy Regulation. Both laws require users to give clear and informed consent before websites store cookies in their browsers.
3. GDPR Cookie Consent Language Examples
To be GDPR compliant, your GDPR banner solutions need to be clear, specific, and easy to understand. In other words, it needs to be as clear as possible to enable users to give proper consent, which is defined in Article 4 of the GDPR as “any freely given, specific, informed, and unambiguous […] clear affirmative action.”
Let’s break down what that means:
- Freely given: The user must be giving consent of their own will. They weren’t pressured into giving consent.
- Specific: The user must be asked to consent to specific types of data processing.
- Informed: The user must be told what they’re consenting to.
- Unambiguous: The language used in the cookie notice banner solution must be simple and clear.
- Clear affirmative action: The user must clearly express consent by saying or doing something (e.g., clicking a button to agree).
If your banner solutions are missing any of these elements, you aren’t GDPR-compliant.
Here are some website banner examples of cookie notice text that have all five of these elements and, as such, are GDPR-compliant.
Take a look at this cookie consent text example from Termly:
The language of the consent banner is clear, easy to understand, and covers the necessary details. Not only does the notice briefly explain how the site uses cookies, but it also links to the site’s cookie policy, and explains how users can set or change their cookie preferences.
Now let’s look at a cookie notice message that allows users to set their preferences more directly. Here’s a cookie banner example from Airbnb:
Like Termly’s banner text, the language of Airbnb’s consent notice is clear and instructive, giving users the details they need to consent to or establish preferences for the site’s cookie use.
4. GDPR-compliant Cookie Consent Examples
Once you compile the three elements of your cookie consent notice and make your cookie banner solutions GDPR-friendly, you need to decide how to display it on your site.
Your cookie consent notice can appear in any number of ways on your site — like as a banner, pop-up, or full-screen page. You can also use a variety of approaches to banner solutions for consent — implied consent, opt-in consent, and opt-out consent.
Here are some website banner examples that meet GDPR guidelines.
1. The Guardian’s Opt-In Bottom Banner
The Guardian UK uses a consent banner that appears at the bottom of its webpage.
While most websites opt for thinner bottom banner solutions, The Guardian has chosen to go with a big consent banner that’s hard to miss. The Guardian uses an opt-in approach, since you aren’t able to do anything on the website until you click the “Yes, I’m Happy” button to accept cookies.
Out of all the approaches on the list, this is the most in line with the GDPR requirements. We highly recommend taking this approach, since it ensures users give clear, informed consent to allow cookies.
Notice that the Guardian links to their cookie policy and their privacy policy. Update your privacy policy template to include information about your cookie use, and link it in your consent banner.
One major downside of opt-in consent is that it’s more likely for users to reject cookies. However, you can boost opt-in rates by employing a friendly tone and giving users the ability to choose which cookies they want to accept.
The Guardian has done this by taking a casual approach to the language of their cookie notice, embracing a friendly tone with “Yes, I’m happy” as their button text. They have also given users the ability to choose which cookies they want to accept by putting the “Manage my cookies” option next to it.
2. The Economist’s Full-Screen Pop-Up
If you want to go one step further, you can use a full-screen pop-up that blocks site interactions until the user consents to or manages cookies. Unlike other choices, you can be sure that you’re GDPR-compliant because using a full-screen pop-up forces users to give affirmative consent through an action (clicking a button) to your cookie use.
The Economist’s full-screen website banner example explains why they use cookies and how you can update your cookie preferences at any time at the bottom of their page. Like the other examples on this list, they provide a link to their cookie policy. The user can’t view or do anything on the website until they choose to accept or manage cookies.
3. Financial Times’ Left-Side Tooltip
If you want consent banner solutions less intrusive than banners and pop-ups, opt for a tooltip-style notice in the left- or right-hand corner of your site.
Check out how Financial Times notifies users of cookies:
They take care to match the style of the tooltip to the site’s aesthetic, and keep it as a minimal — but still noticeable — intrusion off to the side. Like The Guardian, they use an opt-in approach where users can choose to accept cookies with a click of a button.
While a minimal notice may be more aesthetically appealing, keep in mind that your banner solutions or pop-ups should be intrusive enough to prompt users to read and interact with your cookie consent notice.
If a user clicks “Manage cookies,” they’re taken to the following screen:
Like the other website banner examples, GDPR guidelines are clearly kept in mind here by sorting cookies into distinct categories.
These categories are based on the purposes of the cookies — like remembering shopping cart preferences, or collecting data for targeted advertising.
5. What Is Implied Consent, and Does It Comply With the GDPR?
Implied consent is when users are made aware of your cookie use and continue using your site but don’t directly consent to your cookies. For example, if you have banner solutions that notify users of cookies on your site, but disappear when a user scrolls down the page, they are considered implied consent.
Users can continue to navigate the site with minimal intrusion, and there’s no immediate option to consent to cookies or set preferences.
So does implied consent comply with GDPR? It depends. Under the GDPR, necessary cookies are exempt from consent since they’re essential for a website to function. As such, it’s possible to use implied consent banner solutions and pop-ups provided you’ve made it clear that you’re only using necessary cookies.
For other types of cookies, however, you would need to get the user’s clear, informed consent. Since the five elements of consent include “clear, affirmative action,” you need to put a button on your banner solutions that allows users to manage, accept, and reject these other types of cookies. Scrolling and continuing to navigate the site doesn’t count, since there is no clear, affirmative action involved.
See below for two examples of implied consent banner solutions. The first example complies with the GDPR while the second does not.
1. Coventry University’s GDPR-Compliant Implied Consent Cookie Notice Banner
The UK’s Coventry University is GDPR-compliant because it has a footer banner that uses clear wording to inform users about necessary cookies.
Their footer says that the site uses “necessary cookies to make our site work” and that they’d like to “set additional cookies” for the reasons listed above. Users can click to view the site’s Cookie notice, manage their cookie choices, reject additional chookies, or accept additional cookies.
2. Adidas’ GDPR-Noncompliant Implied Consent Cookie Notice Banner
In contrast to Coventry University, Adidas assumes you have consented to cookies if you continue to interact with the website.
When users first visit the Adidas UK site, they’re met with a banner at the bottom of the page that says “by continuing to use our site, you consent to use our cookies.”
The banner doesn’t go away until the user clicks the “X” button or manages tracking by clicking “HERE.”
If users select “HERE,” they’re shown the following cookie preference center, where they can adjust their cookie settings.
Adidas’ implied consent banner is not GDPR-compliant.
They don’t use clear language — unlike Coventry University, they don’t specify what cookies are being used by default. As such, we can only guess what cookies we’re implicitly agreeing to by continuing to navigate the site. Only after clicking “HERE” can we see that all three types of cookies (including functional and marketing cookies, which are not “required” or necessary) have already been selected for us by default. This goes against the GDPR, which states that only necessary cookies can use implied consent. All other types of cookies require the user to meet the five elements of consent, including “clear, affirmative action.”
In short, don’t follow the Adidas example. If your business is subject to the GDPR, consent must be given explicitly (meaning users take a distinct action to indicate consent), like in all other examples above.
However, if you are not subject to comply with the GDPR, you can get implied consent to cookies.
Whether you get explicit or implied consent, you should customize and prominently display a cookie policy template to inform your site’s visitors of how you use cookies.
6. Create Your Own Cookie Notice Banner
Now that you understand what goes into a cookie consent notice, and have seen examples of how other companies display them, it’s time for you to create your own banner solutions.
Although there’s a lot to consider when establishing your own GDPR cookie notice banner solutions, services like Termly’s Cookie Consent Manager can help.
Here’s a step-by-step of how you can get started:
Ensure You Comply with the GDPR Using Termly
Step 1: Enter your website URL into the scanner below
Step 2: We’ll scan your site and categorize the majority of your cookies
Step 3: We’ll generate your cookie policy & customizable cookie notice
That’s all you have to do! We’ll scan your site for cookies, sort them into their appropriate categories, create a custom cookie policy, and generate a cookie website consent banner for you to display on your site.
Once the banner is live, your users will see a banner, tooltip, or screen like the examples above. Your site’s visitors can then consent to your use of cookies or set their preferences.
More about the author
Written by KJ Dearie
KJ Dearie is a product specialist and privacy consultant for Termly, where she advises small business owners on how to comply with the latest data privacy laws and trends. She's been published in Business News Daily, Omnisend, ITProToday, MarTechExec, and more. More about the author
