Free GDPR & Cookie Consent Banners

Create a compliant GDPR & cookie banner. No coding required!
Last Updated January 10, 2021

What is a Cookie Banner?

Cookies are extremely useful for website owners who want to learn a good deal about user behavior on their sites. They can help provide insight into return visitors, and behavior of these users. They are often used for purposes of creating highly targeted advertising. Cookies can, however, store a large amount of data, which could go against the guidelines set forward in the GDPR. A cookie banner describes the text or text box that comes across many websites on the internet, wherein you must either acknowledge that the site is using cookies to proceed, and to either accept this use, or decline to use cookies. In some cases, you are only given one option (e.g. if cookies are required to use the site). You always have the option of leaving a site that prompts with this.

What is the GDPR?

GDPR stands for General Data Protection Regulation, which is a European Union law which specifies how personal data can be used and processed by a website. It also extends to any members of European Economic Area (EEA). It is designed to protect individuals who wish to maintain some level of control over their personal information and to be able to maintain some level of privacy.  The basic stipulations of the GDPR are that organization or person who deals with individual personal data must adapt “appropriate technical and organizational measures” to ensure that data of individuals are protected against inappropriate use. In order to be compliant, anyone who controls data on individuals must disclose any collection of this data to the subjects involved. They must state explicitly how the data is being used, and how long this information is retained.

What are the different types of cookies?

Cookies can be classified in several ways, and they are used for multiple purposes. They can be described in the following ways:

Duration

  • Session Cookies – these only exist while a user is on a site and are discarded immediately upon exit.
  • Persistent Cookies – this refers to any type of cookie that will remain on the hard drive of the user after they have left a site. They should not last longer than a year, but often do.

Provenance

  • First-party cookies – these are cookies assigned by the owner of the site being visited.
  • Third-party cookies – these are placed not by the site that is being visited, but often used for advertising or analytics purposes.

Purpose

  • Necessary – those that are used for browsing a site and are required for any login purposes.
  • Preference – those that are designed to save information that a user wishes to employ to remember past activity, favorites, and the like.
  • Statistics – these are used for gathering statistics about a user.
  • Marketing – these track online activity to help marketers better serve ads most directly associated with a user’s interest, based on their online activity.


Why do I need a Cookie Banner for GDPR?

According to the GDPR, users must consent to storing data on their computer placed by any website. Stipulations about retention of user data is directly associated with the use of cookies on a website. Users must explicitly state that they agree to let a website place cookies on their computer. By using a cookie banner, you are essentially providing a contract to the end-user informing of the fact that that you will be placing a tracking cookie onto their machine, and that if they wish to use your site, they must agree to this process. Even if you are not in the EU, you still need to do this, if your site is accessible to anyone within the specified realm. This is it's helpful to get a user's IP address and then do IP geolocation via API, so you can determine when to show the banner. This means that, unless you site is explicitly restricted to countries not covered by the GDPR, you must make modifications to your site if you gather any information whatsoever about your users or run the risk of litigation.

What do I need to have to make sure it is GDPR compliant?

There are a number of criteria that are absolutely necessary for a cookie banner to be fully GDPR compliant. While it may be difficult to include all of this information on the banner itself, it is acceptable to have a banner with a link to the full agreement upon which the viewer can click and read the full document. The following are required for full compliance:

  • You need informed consent from the user that you will be using cookies to track their behavior on your website.
  • The agreement needs to be explicit. In other words, they must state outright that they accept the use of cookies on their computer.
  • While it is not 100% necessary that you maintain records of consent, you should keep a record of all of the cookies stored on a user’s computer.
  • You must tell users if you intend on using third party cookies on your site. This includes any third-party trackers or cookies used by external entities for any purpose.
  • While you do not need to list all third-party cookies (this is understandable as these can change fairly often) you must state the category of cookie and the purpose for including it.

In your cookie notice, you need to include the following:

  • You must include an explanation of the purpose of installing cookies onto the user’s computer.
  • Explain that when they consent to allow these cookies to be installed, what actions are actually being taken as a result.
  • The cookie notice must be obvious on your site; it must be clearly able to be seen and users should know to what they are consenting.
  • You need to either provide the full details of the cookie purpose, usage and activity of cookies installed by you and by third parties, or you must provide a clear link where this information can be viewed and read.
  • You need to provide an option for opting out of any cookies being used on the site, where possible. If not, it is permissible to deny access to the site if cookies are required.

Other requirements include:

  • This notice must be available to be read in any and all languages that the site includes.
  • You must block cookies prior to consent; in other words, you may not place a cookie onto the user’s computer prior to their clicking on the approval button.