Cookie Banner Texts
Cookie banner texts serve a strict purpose: they inform users about privacy practices and request cookie consent. Read this article and decide what will work best with your brand.
Cookie banner texts serve a strict purpose: they inform users about privacy practices and request cookie consent. Read this article and decide what will work best for your brand.
The GDPR, LGPD, CCPA, PIPEDA, and other data protection laws specify how to provide such information to users and how to request opt-in processing properly. If you do not meet these requirements, the consent you have obtained is null and void.
Now you may wonder: what should you write as your cookie banner text?
What Should Your Cookie Banner Text Say?
Since your cookie banner serves a legal purpose, you need to ensure that it meets the requirements set by the law. Each data protection law prescribes a set of requirements for what you should inform users about. Once you know what laws you must comply with, you’ll quickly discover what your cookie banner text should say to website visitors.
In the following few paragraphs, we’ll give you some ideas related to the GDPR (General Data Protection Regulation of the European Union), the ePrivacy Directive of the EU, the Californian Consumer Privacy Act (CCPA), and the Brazil LGPD.
GDPR/ePrivacy Cookie Consent Banner Text Requirements.
The requirements of the GDPR and the ePrivacy Directive overlap. The GDPR’s requirements are a bit broader and require more detailed information about what you do with data.
Before any personal data collection, the GDPR requires you to:
- Tell users what you do with their user data and why, and
- Obtain consent where necessary.
The GDPR lists the information you must provide to the user in Article 12, and that’s a lot of information. To avoid putting all that information in the faces of every single website visitor, online businesses have figured out a simple way to meet the requirements:
- Provide a cookie banner with a consent request, and
With the buttons on your cookie notice, the user can accept, decline, or change how cookies are used.
It becomes clear that on the cookie banner, you should write:
- Buttons for cookie choices. It would be best if you allowed them to accept, decline, or customize the cookie and tracker choices. At the same time, both the buy and decline buttons must be easy to find. This means that neither the colors nor the style of the buttons should make accepting cookies more obvious than declining them.
- Checkboxes or toggles to accept cookies for a specific purpose. You need explicit consent for each processing purpose, be it marketing, website analytics, performance, or another. Remember that the user must take action to give consent, which means that your checkboxes must not be pre-checked. Moreover, users must have the freedom to express their cookie preferences.
Your GDPR-compliant cookie banner text should inform users about your data processing practices. In addition, it will ask for specific consent for each processing purpose and let the user take action by giving or declining consent.
LGPD Cookie Text Requirements:
The LGPD follows the example set by the EU cookie law. The requirements overlap in many areas.
In general, you’ll comply with the Brazil LGPD cookie banner text requirements if:
- In the text of your cookie banner, you tell the user what you want permission for and how you will use it.
- You allow them to give consent for each specific processing purpose, and
- The user can take unambiguous action to confirm their cookie choices.
So, suppose your site uses Google Analytics for statistics and social media pixels for advertising. In that case, you need to ensure that your pop-up cookie banner asks for separate user consent for each purpose as if you were talking to EU citizens.
You’re all set for compliance if your cookie notification meets these LGPD requirements.
CCPA Cookie Text Requirements:
That determines the CCPA cookie banner requirements. The CCPA/CPRA privacy notice is the more accurate description of what is widely known as a “cookie banner.”
Californian consumer privacy laws require three types of privacy notices, and there are different requirements for all of them:
If you need to serve users with more than one notice, you are free to combine all the requirements into one privacy notice banner. The law sets no constraints. Read about CCPA fines.
How to Create Engaging Cookie Banner Texts?
A compliant cookie banner doesn’t mean users would want to interact with a nice and engaging cookie banner.
Due to the legal requirements, businesses usually play it safe with their cookie banners, which leads to banners that look all the same. They all use the exact words, which gives cookie banners the reputation of being dull and blunt because that’s what the law says they have to be.
That, however, could not be further from the truth.
Cookie banner text must meet specific legal requirements to be valid, but it can be funny and witty and invite users to interact with it.
Internet users are accustomed to reading dull, easy-to-ignore text. But, if you choose a creative copy of your cookie banner, you may see better results in the future. See more GDPR cookie banner examples.
Feel free to experiment while adhering to the legal requirements. If you’re stuck for ideas, here are some exciting results from around the internet to get you started.
Engaging Cookie Banner Text Examples
Some use well-known language with a twist, while others have entirely unleashed their creativity.
Take a look and then decide what will work best with your brand.
Important note: The cookie banner texts comply with local data protection laws and may or may not comply with regulations worldwide. Use these examples as an inspiration, but get advice on the legal requirements your cookie banner must fulfill.
Why Do the Data Protection Laws Require Cookie Consent Banners?
When cookies appeared for the first time a few decades ago, it was for a noble purpose. They let website owners improve the user experience, remember information about users’ shopping carts for convenience, ensure the website is safe and secure, and so on.
Over time, advertisers realized the vast power of cookies. They started using the so-called third-party cookies on a massive scale to bring profits through the roof. There is nothing wrong with using data to sell more, but how data is used means that website owners now share users’ data with third parties. Some went even further and sold personal information to other companies.
This led to spammy marketing taking over the internet, relying on customer manipulation to sell more, and several data breaches. Governments responded to these trends and passed data protection legislation.
Brazil followed the trend with the LGPD. California, on the other hand, still relies on the opt-out principle.
Otherwise, you risk a fine from the data protection authority. The GDPR sets the cap at 4% or EUR 20 million—whichever is greater. It doesn’t mean that you’ll get the highest possible penalty right off the bat, but you must not underestimate how hefty these penalties can be.
For example, the Belgian data protection authority fined a media company for using Google Analytics cookies on their website without requesting user consent. They were fined €50.000. The penalties are not minor, so ensure you present users with a legal cookie notice that meets the legal requirements.
The takeout from this article would be that as long as you meet the cookie banner text legal requirements, you are free to choose how to present the required information to the users.
Some brands opt for strict legal text, while others experiment more and opt for unique options. It is good practice to seek legal advice on the legality of your cookie banner text, but do not forget that anything is allowed as long as it meets the requirements.
Our cookie notice solution has several templates for your cookie banner text, but you are free to redesign it and change the text as you wish. If you want to suit your brand better and it works for you, go for it. On top of that, we take care of all the consent management you will need.
It can also be connected to major platforms like Shopify, WordPress, Squarespace, Magento, Bigcommerce, and many more.
The legal requirements for the GDPR, CCPA, LGPD and other laws are embedded into the solution; it comes with pre-made designs and texts, and you don’t need to make any design or text decisions if you don’t want to. Sign up for a free trial.
This article keeps track of the new CPRA regulations passed by the California AG. In the first part, we’ll briefly overview the existing regulations. The proposed regulations follow. Finally, we’ll provide a brief overview of all the regulations that could be expected in the next few years.
The Data Protection and Digital Information Bill: Data Privacy Reform in the UK Government
The introduction of Bill 143 to the House of Commons on July 18, 2022, follows the UK Government’s consultation in September 2021. The consultation detailed the UK Government’s proposed reforms to the UK’s data protection regime following Brexit and is a big step towards achieving the planned reform of the UK's data protection framework, with many significant proposed changes for companies to be aware of. To get started, here are some key provisions to consider about this new data protection legislation.
CPRA Guide | Full Text Summary
If you need to comply with the CCPA, you must also comply with the California Privacy Rights Act (CPRA). Here we have the full text of the CPRA. California legislature bodies have written it in legalese, of course, but we added notes at the beginning of each section to help you understand what that specific section is about.