Iubenda logo
Start generating

Documentation

Table of Contents

Cookie banner – Do you need one and how can you get a cookie notice for your website?

What is a cookie banner? What should a cookie notice include? Who needs a cookie consent banner? In this post, we’ll answer these questions, look at a cookie banner example and show you how you can add a GDPR consent banner to your site.

Attention website owners!

Generate your fully customizable Cookie Banner in minutes

You need to comply with global regulations and provide your visitors with a user-friendly cookie consent experience. Say goodbye to cookie-related worries and say hello to our revolutionary Cookie Banner Generator.

Video Thumbnail
0:37
video
0:22

See it in action (0:37)

What is a cookie banner?

A cookie banner is the cookie notice that is shown on websites and some apps on the user’s first visit. The cookie alert is meant to inform users of any cookies that could be on the site, their rights in that regard, and to ask for the user’s consent to run those cookies in the first place. Having an accurate consent banner, cookie policy and blocking cookies before consent are all requirements under the ePrivacy (Cookie Law) and GDPR.

What should a cookie notice include?

The cookie notice must:

  • briefly explain the purpose of the installation of cookies that the site uses;
  • clearly state which action will signify consent;
  • be sufficiently noticeable;
  • link to a cookie policy or make details of the categories of cookies, cookie purposes, usage, and related third-party activity, available.

Who needs a cookie consent banner?

Any site or app running non-exempt cookies or scripts that could either:

  • have EU based users (i.e any website running cookies that isn’t actively blocking EU based users);
  • or any website or app belonging to an EU-based entity (company, sole trader, public institution etc.) whether or not their users are based in the EU.

Yes, a cookie banner is a legal requirement for websites and some apps. This rule applies if the website or app uses cookies (small files stored on users’ devices to track information about them) and if it has users from the European Union (EU) or is based in the EU. The purpose of the consent banner is to inform users about the cookies being used on the site, explain their rights regarding these cookies, and get their consent before the cookies are activated. This requirement is part of laws like the ePrivacy Directive (also known as the Cookie Law) and the General Data Protection Regulation (GDPR).

To create a cookie banner, you should be sure to follow these steps:

  1. Explain the Use of Cookies: Your banner must briefly describe why the site uses cookies.
  2. Consent Action: Clearly state what action by the user will mean they agree to the use of cookies.
  3. Visibility: Make sure the banner is easy to see and understand.
  4. Link to More Information: Provide a link to a detailed cookie policy that includes information about the types of cookies used, their purposes, and any third-party access to the data collected by the cookies.
  5. Use a Cookie Banner Generator: Consider using a consent banner generator. This tool can help you easily create a banner that meets all the legal requirements and fits your website’s needs.

To enable a cookie banner, you can use a Cookie Banner Generator, which is a tool designed to help create a customizable and legal consent banner easily. These generators often come with a visual configurator to meet legal requirements and are user-friendly. You simply input your website’s details, customize the banner to fit your needs, and then paste the generated code to your website. This will display the cookie notice to first-time visitors, asking for their consent as required by law.

🔎 Before diving into the specifi banner requirements, it’s important to understand the different types of user consent that can be involved with cookies and privacy regulations. ⬇️

In the context of cookie consent banner, “Types of Consent” refers to the different ways users can agree to or decline the use of cookies on a website. The main types include:

  • Opt-in Consent: The user actively agrees to the use of cookies by taking an action, like clicking an “Accept” button.
  • Explicit Consent: Similar to opt-in, but requires a more direct action from the user, often used for more sensitive types of cookies.
  • Granular Consent: Allows users to choose which types of cookies they consent to, providing more control over their personal data.

Different laws, such as the GDPR in the EU, the California Consumer Privacy Act (CCPA) in the US, and the Brazilian General Data Protection Law (LGPD), may require different types of consent. Ensuring the right type of consent is obtained is crucial for compliance with these laws.

Note

If you’re doing business in California or you’re targeting California-based users, you should comply with the CCPA requirement of informing your users of any selling activity and allow them to opt-out. This means that you should display a notice of collection and a “Do Not Sell My Personal Information” (DNSMPI) link. Learn more here.

Cookie consent banners play a crucial role in ensuring compliance with data protection regulations, such as the General Data Protection Regulation (GDPR), California Privacy Rights Act (CPRA), and the Brazilian General Data Protection Law (LGPD). In this article, we will explore the key characteristics and requirements of GDPR, CPRA, and LGPD cookie banners, shedding light on the distinct types of consent they entail.

GDPR Cookie Banners 🇪🇺

GDPR sets the standard for data protection in the European Union, and cookie consent banners must adhere to specific requirements across EU member states. A compliant GDPR cookie banner typically includes the following characteristics:

Best Practices for EU Cookie Banners:
  • Opt-in or Explicit Consent: GDPR mandates that users must actively provide consent for cookies. Therefore, the banner should employ an opt-in mechanism, requiring visitors to explicitly accept cookies.
  • Cookie Acceptance and Selection: A GDPR-compliant banner includes a clear “Accept Cookies” button, allowing users to choose which cookie categories they consent to.
  • Explanation of Cookie Usage: The banner should provide transparent information about the purpose and use of cookies on the website, informing visitors why cookies are necessary.
  • Link to Cookie Settings: Users should have the option to access and modify their cookie preferences at any time. The banner should provide a prominent link to the cookie settings page.
  • Third-Party Data Sharing Notification: If the website shares data through third-party cookies, the GDPR banner should notify visitors about this practice.
  • Link to Cookie Policy: The banner should include a link to the comprehensive cookie policy, offering detailed information about the cookies used, their lifespan, and how visitors can manage their preferences.

👀 To make your life easier, we’ve created a GDPR Cookie Consent Cheatsheet →

U.S. Cookie Banners 🇺🇸

For privacy notices in the United States, relevant laws include the California Consumer Privacy Act (CCPA) and other state privacy laws, see the US State Privacy Laws Overview here →

Best Practices for US Cookie Banners:
  • Clear and Concise Language: Ensure that the language used in the consent banner is easy to understand and transparent, clearly explaining the purpose of cookies and their impact on user privacy.
  • Granular Consent Options: Provide users with granular consent options, allowing them to choose which cookie categories they wish to enable or disable. This empowers users to exercise control over their data.
  • User-Friendly Design: Create a visually appealing and user-friendly banner that seamlessly integrates with the website’s design and does not hinder the user experience.
  • Link to Privacy Policy: Include a prominent link to the website’s privacy policy, providing users with comprehensive information about data handling practices, including cookies.
  • Regular Updates: Periodically review and update your consent banner to ensure ongoing compliance with evolving privacy regulations.

LGPD Cookie Banners 🇧🇷

The Brazilian General Data Protection Law (LGPD) has requirements for cookies that closely align with GDPR. Therefore, a GDPR-compliant consent banner can generally fulfill the requirements of LGPD. Key requirements for LGPD consent banners include:

  • Opt-in or Explicit Consent: Similar to GDPR, LGPD necessitates opt-in or explicit consent for cookies.
  • Transparency in Cookie Usage: The banner should provide clear information about the purpose and usage of cookies, ensuring transparency for website visitors.

🚀 The Brazilian data protection authority (ANPD) has published new guidance on cookies. Learn about it here →

The banner below is an example of a compliant cookie notice – once implemented in accordance with the law. Remember that cookie notices are just one part of the cookie consent management requirements of the Cookie Law and GDPR. In order to be fully compliant, you must also link to an accurate cookie policy and block cookies prior to user consent.

Cookie banner

Easily create your own cookie consent banner with iubenda


Our Privacy Controls and Cookie Solution allow you to generate a GDPR, CCPA/CPRA, LGPD compliant cookie notice, link to a legally required cookie policy, block cookies until you collect consent, and run scripts asynchronously once consent is obtained, and more!

Cookie Banner Generator

Create your own cookie consent banner for free by using the generator below.

Generate a cookie banner

See also