Cookie Consent 101: How to Ensure Your Website Meets Legal Privacy Requirements

Estimated reading time: 7 minutes

In today’s digital world, respecting user privacy is paramount.

With regulations like the General Data Protection Regulation (GDPR) and the ePrivacy Directive (Cookie Law) in force, website owners must prioritise cookie consent compliance.

We’ve have spent extensive time with data privacy experts to create practical solutions for your website. This in-depth guide will walk you through the essential steps for managing cookie consent effectively and building user trust.

1. Informing Users Clearly
2. Obtaining Explicit Consent
3. Implementing a Cookie Banner and Consent Management
4. Documenting and Reviewing Compliance
5. Recognising Necessary Cookie Exceptions
Acceptable vs. Unacceptable Practices
- Examples of Compliance Requirements
Need help setting up a Cookie Consent System?
Further Reading on Cookie Consent Requirements

1. Informing Users Clearly

Provide Clear and Comprehensive Information: Transparency is key. When a user visits your site, they should immediately understand your cookie usage. This means you need to:

Inform users about the types of cookies you use and their purposes.
Explain any third parties that might access the collected data.

Maintain a Detailed Cookie Policy: This policy should outline what cookies are, how they’re used on your site, and how users can control or disable them.

Before setting any non-essential cookies, obtain explicit user consent. This means:

No cookies, except those strictly necessary for the website’s functionality, should be placed on a user’s device without their approval.
Seek Explicit and Unambiguous Consent: Consent must be given through a clear affirmative action, like clicking an “Accept” button. Avoid using pre-ticked checkboxes, as they do not constitute valid consent.
Offer Granular Consent Options: Users should have the ability to consent to different types of cookies separately. For instance, they might accept analytics cookies but reject advertising cookies.

A cookie banner should appear when a user first visits your site. This banner should:

Inform users about cookie usage.
Provide options to accept or reject cookies and link to the full cookie policy.
Provide User-Friendly Consent Management: Allow users to easily change their cookie preferences or withdraw consent at any time. Implementing a persistent cookie icon or link on your website facilitates this process.

4. Documenting and Reviewing Compliance

While direct tracking of full IP addresses or emails is not necessary, you should maintain records of the consent given by users. This includes:

Date and time of consent.
Consent status (accepted or rejected).
User preferences for different types of cookies.
This documentation is crucial for demonstrating compliance with regulatory requirements. Anonymised or partially masked IP addresses can be stored if necessary for functionality, but full IP addresses should generally not be tracked without explicit necessity and user consent.

Regularly Review Your Practices: Conduct regular reviews of your cookie practices and consent mechanisms to ensure they remain compliant with evolving regulations.

Cookies essential for the operation of your website do not require prior consent. Inform users about these necessary cookies to maintain transparency.

Acceptable vs. Unacceptable Practices

To make it clear what is expected when users land on your site, here’s a table outlining acceptable and unacceptable practices:

Aspect	✅ Acceptable Practices	❌ Unacceptable Practices
Cookie Banner	Displaying a cookie banner immediately upon visit	No banner displayed
	Providing clear options to accept or reject cookies	Banner only informs without consent options
	Linking to a detailed cookie policy	Banner disappears without user action
Consent Mechanism	Explicit user action required to consent (e.g., clicking ‘Accept’)	Pre-ticked checkboxes for consent
	Options to consent to different types of cookies separately	Implied consent without clear action
	Easy-to-find and use cookie settings link/icon	Consent assumed from continued use without clear opt-in
Necessary Cookies	Clearly inform users about necessary cookies and their purposes	Setting non-essential cookies without prior consent
		Not informing users about necessary cookies
Cookie Policy	Detailed and accessible cookie policy explaining all aspects of cookie usage	Cookie policy hard to find or missing
	Regular updates to the cookie policy	Outdated or incomplete information in the cookie policy
Consent Records	Keeping records of user consents	No records of user consent
	Regular reviews of consent practices	No regular review of cookie consent practices

Examples of Compliance Requirements

Let’s clarify what these requirements look like in practice with straightforward examples:

Example 1: Standard Website Visit

User Lands on Your Website: A cookie banner appears at the bottom or top of the screen, informing users about the use of cookies and providing options to accept or reject different types of cookies.
Cookie Banner Details: The banner might read, “We use cookies to improve your experience. By clicking ‘Accept’, you consent to all cookies. Manage your preferences in the cookie settings.”
User Consent Options: Users can click ‘Accept’ to agree to all cookies or ‘Cookie Settings’ to customize their preferences.
Storing Consent: User preferences are stored, and cookies are set accordingly. Users can adjust these settings anytime via a visible cookie icon or link.

Example 2: Informational Cookie Policy

Cookie Policy Page: Your site includes a dedicated cookie policy page, accessible via a link in the footer or cookie banner, explaining what cookies are, how they’re used, and how users can control them.
Detailed Explanations: The policy details the types of cookies (e.g., session, persistent), their purposes (e.g., remembering preferences, analytics), and any third-party services (e.g., Google Analytics).

Example 3: Necessary Cookies

Necessary Cookies: Inform users that essential cookies, required for functionalities like logging in or completing purchases, do not need prior consent. Ensure the cookie banner and policy clearly identify these necessary cookies.

Navigating cookie consent compliance can be challenging, but you don’t have to do it alone.

We provide a comprehensive cookie consent system tailored for WordPress websites. Our solution helps your site adhere to compliance requirements, providing a seamless and user-friendly experience for your visitors. We’ll scan your entire site, categorise cookies, present a banner with cookie acceptance option and log user consent.

Whether you need assistance setting up a cookie banner, managing user consents, or updating your cookie policy, we’re here to help. Let us take the stress out of compliance, so you can focus on what you do best – running your business.

Contact us today to learn more about our cookie consent solutions and how we can help you achieve compliance.

For those who want to delve deeper into the specifics of cookie consent regulations, here are some key resources:

General Data Protection Regulation (GDPR)

Region: European Union (EU)
Effective Date: May 25, 2018
Overview: The GDPR sets guidelines for the collection and processing of personal information from individuals who live in the European Union. It includes specific requirements for obtaining user consent for cookies.
Key Points:
- Cookies that process personal data can only be used with explicit consent.
- The consent must be informed, specific, and freely given.
- Users must have the ability to withdraw consent as easily as they gave it.
Detailed Information: GDPR Full Text

Region: European Union (EU)
Effective Date: July 12, 2002 (Directive 2002/58/EC), amended in 2009
Overview: The ePrivacy Directive requires websites to obtain consent from visitors before storing or retrieving any information on a computer, smartphone, or tablet.
Key Points:
- Requires informed consent before placing cookies.
- Users should be given clear and comprehensive information about the purposes of the cookies.
Detailed Information: ePrivacy Directive Text

UK Data Protection Act 2018

Region: United Kingdom
Effective Date: May 23, 2018
Overview: The UK Data Protection Act 2018 is the UK’s implementation of the GDPR, with additional provisions specific to the UK.
Key Points:
- Similar requirements to GDPR regarding consent and the use of cookies.
Detailed Information: UK Data Protection Act 2018

California Consumer Privacy Act (CCPA)

Region: California, United States
Effective Date: January 1, 2020
Overview: CCPA gives California residents more control over the personal information that businesses collect about them. While it is not specifically about cookies, it affects how businesses disclose data collection practices, which includes the use of cookies.
Key Points:
- Users must be informed about the categories of data being collected and the purposes.
- Users have the right to opt-out of the sale of their personal information.
Detailed Information: CCPA Full Text

Brazilian General Data Protection Law (LGPD)

Region: Brazil
Effective Date: August 15, 2020
Overview: LGPD is similar to the GDPR and sets out provisions for the protection of personal data.
Key Points:
- Requires consent for the collection and use of personal data.
- Users must be informed about the purpose of data processing.
Detailed Information: LGPD Full Text

Canada’s Anti-Spam Legislation (CASL)

Region: Canada
Effective Date: July 1, 2014
Overview: CASL regulates the installation of computer programs (which includes cookies) on another person’s computer system without their consent.
Key Points:
Requires express consent before installing cookies.
Users must be informed about the purpose of cookies.
Detailed Information: CASL Overview

Useful Resources for Compliance:

Information Commissioner’s Office (ICO) Guide on Cookies: The ICO provides guidance on how to comply with cookie consent requirements in the UK.
European Commission – Data Protection: Provides an overview of data protection laws in the EU.
CCPA Compliance Checklist: Detailed checklist for CCPA compliance.
Guidelines from the Brazilian National Data Protection Authority (ANPD): Official site for guidelines on LGPD.

All blogs

Cookie	Duration	Description
connect.sid	1 month	This cookie is used for authentication and for secure log-in. It registers the log-in information.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_8NTFJV7H0T	2 years	This cookie is installed by Google Analytics.
_gat_gtag_UA_29337709_1	1 minute	Set by Google to distinguish users.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
ajs_anonymous_id	1 year	This cookie is set by Segment to count the number of people who visit a certain site by tracking if they have visited before.
ajs_group_id	never	This cookie is set by Segment to track visitor usage and events within the website.
ajs_user_id	never	This cookie is set by Segment to help track visitor usage, events, target marketing, and also measure application performance and stability.
brwsr	2 years	This cookie is set by the provider Impact Radius. This cookie is used for affiliate marketing.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
vuid	2 years	Vimeo installs this cookie to collect tracking information by setting a unique ID to embed videos to the website.

Cookie	Duration	Description
debug	never	No description available.
loglevel	never	No description available.
loom_anon_comment	session	No description available.
loom_referral_video	session	No description
mkjs_group_id	never	No description available.
mkjs_user_id	never	No description available.

Cookie	Duration	Description
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.

Cookie Consent 101: How to Ensure Your Website Meets Legal Privacy Requirements

Table of contents

1. Informing Users Clearly

2. Obtaining Explicit Consent

3. Implementing a Cookie Banner and Consent Management