Iubenda logo
Start generating


Table of Contents

What is Cookie Compliance?

In practical terms, what does cookie compliance mean for websites? What laws should you comply with? How can you easily meet all legal requirements and avoid potential fines for non-compliance? All your questions answered in this article on what is cookie compliance.

In the digital era, privacy and data protection are paramount. Cookie compliance has emerged as a crucial aspect to regulate cookies and similar technologies by websites, used to track user behavior and preferences or serve them personalized content like ads.

This article delves into what cookie compliance is, covering main regulations like the GDPR and CCPA/CPRA and steps toward ensuring your website meets legal requirements.

Meet legal cookie requirements the easy way

  • Custom clauses icon

    Create your free compliant cookie banner

  • Webserver module icon

    Collect and manage cookie consent

  • Clauses icon

    Store your users’ preferences

Try it now

Generate your cookie banner in minutes

compliant cookie banner

Cookie compliance is the adherence to laws and regulations like the GDPR and ePrivacy directive governing the use of cookies and similar technologies by websites online. It involves implementing a series of measures like obtaining consent before any cookies are installed via a cookie banner, providing options for managing preferences, as well as informing users via a cookie policy.

💡 As a quick reminder, cookies are small text files stored on a user’s device when they visit a website, used to remember the their actions and preferences.

Below are 3 practical and detailed examples of cookie compliance on a website:

  1. Cookie Consent Banner: Upon visiting the website, users are presented with a cookie consent banner or pop-up. This banner informs users that the site uses cookies for various purposes such as analytics, advertising, or preferences. It also includes options for users to either accept all cookies, decline all cookies except necessary ones, or customize their preferences.
  2. Cookie Policy Page: A website that uses cookies typically includes a dedicated website cookie policy page accessible from the footer and through a link in the banner mentioned previously. This page provides detailed information about the types of cookies used (including third-party cookies), their purposes, and how users can manage their preferences and opt out.
  3. Cookie Preferences Management: Generally part of the banner, the website displays a small privacy button on the page to allow users to easily go back to their cookie settings in more detail even after initially consenting. It empowers users to have more control over their privacy preferences.

The cookie compliance regulations are generally referring to two main laws that complement each other, the General Data Protection Regulation (GDPR) and the ePrivacy Directive (also known as Cookie Law) in Europe. We can also mention California’s CCPA/CPRA and PIPEDA in Canada.

In the EU, each country has a data protection authority that has been granted the duty and power to make these laws enforceable. For example, they give extensive guidance on EU cookie compliance for businesses and can distribute fines.

🔎 Learn more on each cookie compliance regulation:

👉 GDPR: A regulation in EU law on data protection and privacy for all individuals. It is not specifically written for cookie compliance, but addresses everything surrounding personal data in general. An important concept from the GDPR is consent: it mandates that websites must obtain explicit consent from users before storing or accessing cookies on their devices, except for essential cookies necessary for the website’s operation.

👉 ePrivacy Directive (Cookie Law): Established to put guidelines in place for the protection of electronic privacy, including email marketing and cookie usage, and it still applies today. We can think of it as complementing the GDPR. It requires websites to obtain informed consent from users before storing or accessing cookies on their devices, with some exceptions for essential cookies. The directive has been implemented differently in each EU member state.

👉 California Consumer Privacy Act (CCPA) & California Privacy Rights Act (CPRA): Intended to enhance privacy rights and consumer protection for residents of California, United States. It requires businesses to disclose their data collection and sharing practices, including the use of cookies, and provide consumers with a right to opt out.

Are cookies allowed in the EU?

Yes, cookies are allowed in the EU. However, cookies that are not strictly necessary to browsing the site (e.g. login, account management, items saved in shopping cart), are highly regulated. The ePrivacy Directive, often referred to as the “Cookie Law,” along with the GDPR, outlines the requirements for EU cookie compliance. Websites must provide clear and detailed information about the cookies being used and obtain explicit consent from users for these non-essential cookies like analytics or ads cookies.

💡 Using Google Ads or Google Analytics cookies? Make sure to activate Google Consent Mode to preserve essential marketing features and to get accurate conversion data through modeling. More on this here.

GDPR cookie compliance is a set of practices that websites must follow to align with the GDPR’s requirements on the protection of personal data in the EU. This means that if you use cookies you must:

  • inform your users that your site/app (or any third-party service used by your site/app) uses cookies;
  • explain, in a clear and comprehensive manner, which cookies you use and what for;
  • obtain informed consent prior to the storing of those cookies on the user’s device;
  • maintain records of consent and provide users with the option to withdraw consent at any time.

Check out our software solutions for a quick and easy GDPR cookie compliance here.

compliant cookie banner

To comply with Cookie Law, you’ll need to show a compliant cookie banner (also called cookie notice or cookie popup) upon the user’s first visit, implement a cookie policy and collect user consent to these cookies – unless your website uses strictly necessary cookies only, which is highly unlikely.

Make sure to categorize cookies (i.e. necessary, performance, functionality, marketing) for clarity. And remember, as a general rule of thumb, always to provide information that is easy-to-understand, concise but precise, and unambiguous.

The CCPA cookie consent generally refers to your business’s obligation to disclose legally-required information including any non-essential cookies used via a notice to residents of California, USA. Although the CCPA does not require opt-in consent, the notice should provide them with an option to opt out.

One thing here to be aware of, the CCPA requires opt-in consent for the use of cookies if it relates to the sale and sharing of personal information of minors (individuals between 13 to 16 years old – if younger, you must obtain consent from their parents or guardians).

🔎 Types of Cookie Compliance Banners

  • Opt-in: Users must actively agree to the use of cookies before they are set, excluding strictly necessary cookies. By “actively”, we mean they need to perform a clear and positive action like clicking on an “Accept” button. This is the case for the GDPR in the EU.
  • Opt-out: Cookies are set but their use is generally disclosed in a specific notice AND users are given the option to opt-out. This is the case for the CCPA in California.
  • Notice only: Users are informed about the use of cookies without explicitly asking for consent. This approach is not compliant under GDPR but may be seen under less stringent regulations.

  1. Step 1: Use tools like this cookie scanner to identify all cookies your website sets on a user’s device.
  2. Step 2: Implement legally-required processes like a consent banner + website cookie policy.
  3. Step 3: Ensure your cookie management practices are compliant, e.g. you provide clear options to accept, reject, and manage cookies.
  4. Step 4: Test across browsers and devices to make sure compliance measures are working consistently.
  5. Step 5: Keep your processes up-to-date with how your site and EU cookie compliance regulations evolve.

💡 Find out your website’s compliance rate

👉 Scan your site for free now!

To become cookie compliant, you need to understand the specific requirements of regulations that may apply to you like the GDPR and Cookie Law, depending on where you and your users are based. You most likely have to set up a compliant cookie banner on your site, as well as a cookie policy page. For the latter, you need to conduct a thorough inventory of the cookies used on your website, including types and purposes for which they are used.

A cookie policy for website is a legal document and can be tricky to draft yourself. Same for the cookie banner, which comes with various requirements like preference management, consent collection, and can be a technical challenge to create and install on your site.

To become cookie compliant in the easiest way, try out some all-in-one software solutions like iubenda. They are expert in online compliance and have everything that you need to make your site compliant with cookie regulations.

Quick and easy cookie compliance with iubenda

Leave the tricky work to us!

🚀 Cookie banner customization + straightforward integration on your site
🚀 Cookie consent collection, preference management and records
🚀 Automatic blocking of cookies before consent is obtained
🚀 Cookie policy generation with lawyer-crafted clauses to choose from
🚀 Products updated when regulations change

EU cookie compliance

The easiest start to your cookie compliance journey

Try iubenda now