10 min read
Cookie texts are the first element users encounter when opening up a website and it serves as a compliant notice for users about data collection practices. As privacy concerns grew, regulations like the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) pushed website owners to prioritize compliance to avoid hefty fines.
To meet privacy law requirements, websites have adopted banners or pop-ups with transparent cookie text. However, according to a report by Privado.ai, 75% of the 100 most popular websites across the US and Europe don’t have a fully compliant cookie banner. Part of the reason is the varying interpretations of privacy regulations.
In this guide, I’ll discuss what is a cookie text, the main requirements for using one, and practical steps to become compliant.
Free plan availableOne-click setupWhat does cookie text mean?
Cookie text is the message displayed on a website consent banner to inform users about the use of internet cookies. Its main goal is to introduce users to the types of cookies used on a site and their purposes. It must also include approval or rejection consent options.
Cookie text is displayed on cookie banners or pop-ups. It’s the first thing users have to interact with when they visit a website. Here’s an example of what it looks like on TinyIMG:
All a cookie text requires is that your message is written in a way that any person would understand what they’re agreeing to. Under the GDPR Article 12, communication regarding data processing should be presented in a “concise, transparent, intelligible and easily accessible form, using clear and plain language.”
How to add cookie text to your site?
Cookie text is usually displayed on a cookie banner or popup. The exact process of adopting it will depend on the website-building platform you’re using, but it’s usually quite similar. Just follow these steps:
1. Choose a customizable cookie banner. For Shopify users, I recommend TinyCookie.
2. Download the app onto your website and follow the setup instructions.
3. Go to the Content settings section and type down the cookie text you want.
4. You can also change the text of buttons, title, and preferences. Once done, click Save.
That’s it – the cookie banner with custom text is visible on your site.
Cookie text requirements under different laws
Many privacy laws come with similar requirements for the use of cookies. They usually involve informing users about cookie usage and providing a choice to opt out. However, some of them also have nuances. Let’s look over the most widely adopted privacy regulations and their guidelines.
GDPR cookie text requirements
Although there aren’t any explicit mentions of cookies in the GDPR, they qualify as personal data by definition. That’s because different cookie types can be used to collect data, such as IP address, email address, or browsing activities.
According to the GDPR Article 4, personal data means any information related to an identifiable person. Since strictly necessary cookies don’t collect user data to share it with other parties, they don’t require obtaining consent.
Let’s review the main GDPR cookie text requirements:
- Provide a cookie banner or pop up as soon as users enter the site.
- Inform users about the use of cookies and their purposes.
- Block all non-essential cookies until consent is granted.
- Include a “Reject cookies” button.
- Allow users to choose which types of cookies to consent to.
- Create a cookie policy and include the lawful basis for processing.
- Gather and store user consent in one place.
Free plan availableCustomizable cookie bannerSince strictly necessary cookies don’t require consent, you may add an “Accept essential only” or similar button instead of “Reject all.” A GDPR-compliant cookie banner should look something like this:
Also, keep in mind that, according to the EDPB consent guidelines, consent has to be specific and granular, meaning you also need to provide cookie preference management options. Here’s an example of what it looks like:
This can be done by placing a “Cookie settings” or “Manage preferences” button on your cookie notice. Since the GDPR Article 4 states that consent must be unambiguous and involve affirmative action, make sure you don’t pre-tick boxes.
CCPA cookie text requirements
California Consumer Privacy Act (CCPA) requirements are similar to GDPR but there are a few key differences. The main one is that the CCPA doesn’t require obtaining user consent (except for minors). Instead, users are opted in by default and they can opt out at any time.
So, let’s take a look at the main CCPA cookie text requirements:
- Add a cookie banner or pop up (for providing information to users).
- Inform users about cookie usage and reasons for it.
- Create a cookie policy and place a link to it on the cookie banner.
- Add a “Do not sell or share my personal information” link.
Since CCPA requirements are a little different than GDPR, naturally, the cookie banner is going to look a little different too. Let’s review an example:
As you can see, the user is still informed about cookie usage but only has the option to opt out.
You can place the “Do not sell or share” link on your cookie banner or on your website footer. It should lead to a simple method to opt out of data selling. For example, the Disney website opt-out method looks like this:
The box wasn’t pre-ticked, so all the user has to click to opt out is “confirm my choices.”
Best practices for compliant cookie text
Since GDPR, CCPA, and many other privacy regulations have similarities, you can create a cookie text that follows the general requirements of most regulations. Your cookie banner and the text within it should meet these requirements:
- Write a statement about the use of cookies. Check the types of cookies your website uses, like performance or analytics. Then, type down the purposes for using those cookies accordingly. Mention what data they collect and for how long.
- Use clear and simple language. To ensure transparency, make sure you write your cookie text in clear language without technical jargon.
- Add accept and reject buttons. Consent should be unambiguous and involve affirmative action, so name the buttons clearly. For example, the most common button text for consent is “Accept” and “Reject.”
- Link to your cookie policy. Write a separate cookie policy or include a section about cookies in your privacy policy. Then, add a hyperlink to the document on your cookie banner for easy access.
You can find the in-depth requirements for privacy regulations in our GDPR cookie consent or CCPA compliance guides.
Frequently asked questions
The EU cookie consent message, enforced by the GDPR and ePrivacy Directive, requires informing users about the use of cookies on a website and obtaining explicit consent for it.
Cookie messages are a legal requirement under many privacy regulations, such as CCPA or GDPR, for websites that use cookies. They usually come in the form of a cookie banner or popup and their purpose is to inform users about cookie usage as well as get their consent.
While there are no definite legal requirements for cookie text, it’s still required. Under regulations like the GDPR, website owners are required to inform users about the use of cookies on a website and ensure transparency. A cookie text is the most common way to do it.
