If your business is based in the EU or is directed toward EU citizens, you are required by law to comply with the EU Cookies Directive. That means that you have to notify your site's visitors that you're using cookies, and you must obtain their consent for cookie usage.
There are a number of ways you can go about displaying a cookies consent notification on your website. You can use a simple banner notification such as a header notification or a fixed footer notification. You also could use a pop-up notice.
In this post, we'll take a look at examples of cookies notices. We will also look at the wording they use. But before we begin, let's quickly discuss what a Cookies Policy is and why it's required.
When you visit the website again, the site automatically looks for the cookie on your device and reads its contents to tailor your browsing experience based on how you interacted with the website in the past.
The benefit of cookies is a more personalized and often faster browsing experience. However, some consumers may not want you to track their browsing behaviors.
Therefore, some privacy laws require you to disclose and explain your Cookies Policy to your site visitors.
The strictest laws require you to get informed consent from users before using cookies.
What is a Cookies Policy?
The purpose of a Cookies Policy is to let your end users know that you're using cookies on your website or app.
At minimum, your Cookies Policy should address the following:
- The types of cookies you're using
- How you're using the cookies
- How your end users can manage cookie settings on their device(s)
Simply put, your Cookies Policy is where your end users can find detailed information about your cookies usage and how they can manage cookie settings on their devices.
Why You Need a Cookies Policy
However, if your business is based in the EU or targets EU-based citizens, you're required by the EU Cookies Directive to post a separate Cookies Policy on your website.
The GDPR also has requirements for businesses that collect or use the personal information of people in the EU, and most cookies collect personal information.
In the European Union (EU)
The EU Cookies Directive requires you to post a fully separate Cookies Policy on your website and requires that your cookies usage is compliant with the EU Cookies Law.
For example, Amazon's UK website has a separate Cookies Notice linked from the homepage footer.
The law requires you to notify your end users and visitors that you're using cookies, let them know why you're using cookies, and obtain informed consent from them before you can place cookies on their devices.
Let's take a closer look at each requirement.
You can notify your end users that you're using cookies on your website by displaying a banner-style notice across the top of your website.
This notice should be written in easy-to-understand language and not legalese. You should include information about which types of cookies you're using, why you're using them, and how they're being used.
In addition to this, the notice should link to your complete Cookies Policy.
You have to obtain the user's consent before you can place cookies on their devices and access information about them, their interaction with your website, or their devices.
Here's a nice example from Mikesdotnetting of a compliant Cookies Notice in banner form that collects informed consent from the user before placing cookies on a device:
Most importantly, the site will not place cookies on the user's device unless and until the "I'm happy with this" button is clicked.
In the United States
Businesses and companies based in the United States aren't required to post a separate Cookies Policy on their website or comply with the EU Cookies Directive unless they're doing business directed toward EU citizens.
Examples of Websites with Cookie Notifications
Most EU businesses have taken appropriate measures to ensure compliance with the EU Cookies Directive. They have done this by posting a separate Cookies Policy on their website in addition to displaying a banner or pop-up notification to collect informed consent from website visitors.
Banners are eye-catching, which makes them an excellent way of displaying cookie notifications. You can use the banner space to display a simple yet informative notice that you're using cookies on your website and link to your complete Cookies Policy from there.
What to Do
What Not to Do
This example from The Co-Operative bank shows an outdated, passive approach to assuming cookies consent.
Much of this is good. However, this example falls short of complying with the EU Cookies Directive because it does not require active and informed consent from the user.
Links to Your Cookies Policy
In addition to a Cookies notice, you should include a link in your website's footer that redirects to your Cookies Policy. Note that skipping a Cookies notice and only adding a footer link is not compliant because it doesn't acquire active consent from users to place cookies on their devices.
Here's how Vimeo includes a Cookies link in its website footer:
Additionally, your cookies notice should be very easy for first-time visitors to see. Because visitors might land on a page that's not the homepage, it's a good idea to display the notification on all pages on your website.
Finally, you should provide an easy-to-find link to your Cookies Policy and simple instructions for opting out of your cookies use.
Compliance with the EU Cookies Directive means you'll need to display a cookies notice on your website or mobile app that:
- Informs your end users that you're using cookies
- Explains what cookies are and why you use them
- Obtains the user's active and informed consent to place cookies on a device