Cookie compliance is the adherence to laws and regulations like the GDPR and ePrivacy directive governing the use of cookies and similar technologies by websites online. It involves implementing a series of measures like obtaining consent before any cookies are installed via a cookie banner, providing options for managing preferences, as well as informing users via a cookie policy.

💡 As a quick reminder, cookies are small text files stored on a user’s device when they visit a website, used to remember the their actions and preferences.

Below are 3 practical and detailed examples of cookie compliance on a website:

1. Cookie Consent Banner: Upon visiting the website, users are presented with a cookie consent banner or pop-up. This banner informs users that the site uses cookies for various purposes such as analytics, advertising, or preferences. It also includes options for users to either accept all cookies, decline all cookies except necessary ones, or customize their preferences.
2. Cookie Policy Page: A website that uses cookies typically includes a dedicated website cookie policy page accessible from the footer and through a link in the banner mentioned previously. This page provides detailed information about the types of cookies used (including third-party cookies), their purposes, and how users can manage their preferences and opt out.
3. Cookie Preferences Management: Generally part of the banner, the website displays a small privacy button on the page to allow users to easily go back to their cookie settings in more detail even after initially consenting. It empowers users to have more control over their privacy preferences.

The cookie compliance regulations are generally referring to two main laws that complement each other, the General Data Protection Regulation (GDPR) and the ePrivacy Directive (also known as Cookie Law) in Europe. We can also mention California’s CCPA/CPRA and PIPEDA in Canada.

In the EU, each country has a data protection authority that has been granted the duty and power to make these laws enforceable. For example, they give extensive guidance on EU cookie compliance for businesses and can distribute fines.

Yes, cookies are allowed in the EU. However, cookies that are not strictly necessary to browsing the site (e.g. login, account management, items saved in shopping cart), are highly regulated. The ePrivacy Directive, often referred to as the “Cookie Law,” along with the GDPR, outlines the requirements for EU cookie compliance. Websites must provide clear and detailed information about the cookies being used and obtain explicit consent from users for these non-essential cookies like analytics or ads cookies.

💡 Using Google Ads or Google Analytics cookies? Make sure to activate Google Consent Mode to preserve essential marketing features and to get accurate conversion data through modeling. More on this here.

GDPR cookie compliance is a set of practices that websites must follow to align with the GDPR’s requirements on the protection of personal data in the EU. This means that if you use cookies you must:

• inform your users that your site/app (or any third-party service used by your site/app) uses cookies;
• explain, in a clear and comprehensive manner, which cookies you use and what for;
• obtain informed consent prior to the storing of those cookies on the user’s device;
• maintain records of consent and provide users with the option to withdraw consent at any time.

Check out our software solutions for a quick and easy GDPR cookie compliance here.

To comply with Cookie Law, you’ll need to show a compliant cookie banner (also called cookie notice or cookie popup) upon the user’s first visit, implement a cookie policy and collect user consent to these cookies – unless your website uses strictly necessary cookies only, which is highly unlikely.

Make sure to categorize cookies (i.e. necessary, performance, functionality, marketing) for clarity. And remember, as a general rule of thumb, always to provide information that is easy-to-understand, concise but precise, and unambiguous.

The CCPA cookie consent generally refers to your business’s obligation to disclose legally-required information including any non-essential cookies used via a notice to residents of California, USA. Although the CCPA does not require opt-in consent, the notice should provide them with an option to opt out.

One thing here to be aware of, the CCPA requires opt-in consent for the use of cookies if it relates to the sale and sharing of personal information of minors (individuals between 13 to 16 years old – if younger, you must obtain consent from their parents or guardians).

1. Step 1: Use tools like this cookie scanner to identify all cookies your website sets on a user’s device.
2. Step 2: Implement legally-required processes like a consent banner + website cookie policy.
3. Step 3: Ensure your cookie management practices are compliant, e.g. you provide clear options to accept, reject, and manage cookies.
4. Step 4: Test across browsers and devices to make sure compliance measures are working consistently.
5. Step 5: Keep your processes up-to-date with how your site and EU cookie compliance regulations evolve.

To become cookie compliant, you need to understand the specific requirements of regulations that may apply to you like the GDPR and Cookie Law, depending on where you and your users are based. You most likely have to set up a compliant cookie banner on your site, as well as a cookie policy page. For the latter, you need to conduct a thorough inventory of the cookies used on your website, including types and purposes for which they are used.

A cookie policy for website is a legal document and can be tricky to draft yourself. Same for the cookie banner, which comes with various requirements like preference management, consent collection, and can be a technical challenge to create and install on your site.

To become cookie compliant in the easiest way, try out some all-in-one software solutions like iubenda. They are expert in online compliance and have everything that you need to make your site compliant with cookie regulations.