Cookie Banner Texts

Cookie banner texts serve a strict purpose: they inform users about privacy practices and request cookie consent. Read this article and decide what will work best for your brand.

Cookie banner texts have a clear goal: they tell users how privacy is handled and ask for their permission to use cookies (learn more about GDPR compliance).

The GDPR, LGPD, CCPA, PIPEDA, and other data protection laws specify how to provide such information to users and how to request opt-in processing properly. If you do not meet these requirements, the consent you have obtained is null and void.

Now you may wonder: what should you write as your cookie banner text?

What Should Your Cookie Banner Text Say?

Since your cookie banner serves a legal purpose, you need to ensure that it meets the requirements set by the law. Each data protection law prescribes a set of requirements for what you should inform users about. Once you know what laws you must comply with, you’ll quickly discover what your cookie banner text should say to website visitors.

In the following few paragraphs, we’ll give you some ideas related to the GDPR (General Data Protection Regulation of the European Union), the ePrivacy Directive of the EU, the Californian Consumer Privacy Act (CCPA), and the Brazil LGPD.

GDPR/ePrivacy Cookie Consent Banner Text Requirements.

The requirements of the GDPR and the ePrivacy Directive overlap. The GDPR’s requirements are a bit broader and require more detailed information about what you do with data.

They do not even require you to set up a cookie notice. It is, however, the easiest way to ask users for permission to use cookies and get them.

Before any personal data collection, the GDPR requires you to:

• Tell users what you do with their user data and why, and
• Obtain consent where necessary.

The GDPR lists the information you must provide to the user in Article 12, and that’s a lot of information. To avoid putting all that information in the faces of every single website visitor, online businesses have figured out a simple way to meet the requirements:

• Provide a cookie banner with a consent request, and
• Provide a link to the privacy policy on the cookie banner.

If your privacy policy is accurate and complete, the link to it will lead the user to all the information you need to give them when you ask for their permission.

With the buttons on your cookie notice, the user can accept, decline, or change how cookies are used.

It becomes clear that on the cookie banner, you should write:

• The required information about data processing If you process only a little bit of data, you may fit it all into the cookie banner. If you process a lot of data for multiple purposes, it may be better to direct them to the privacy policy.
• For example, if you collect only website analytics data, you’ll comply by saying: “We collect IP addresses for website analytics purposes and share them with Google. Do you accept cookies? Read more in our privacy policy. “
• On the other hand, if your website uses plenty of cookies, it is better to say: “Our website uses cookies to give us insights and improve your experience. You can accept all the cookies, decline them, or accept only some. Read more in our privacy policy.”
• Buttons for cookie choices. It would be best if you allowed them to accept, decline, or customize the cookie and tracker choices. At the same time, both the buy and decline buttons must be easy to find. This means that neither the colors nor the style of the buttons should make accepting cookies more obvious than declining them.
• Checkboxes or toggles to accept cookies for a specific purpose. You need explicit consent for each processing purpose, be it marketing, website analytics, performance, or another. Remember that the user must take action to give consent, which means that your checkboxes must not be pre-checked. Moreover, users must have the freedom to express their cookie preferences.

Your GDPR-compliant cookie banner text should inform users about your data processing practices. In addition, it will ask for specific consent for each processing purpose and let the user take action by giving or declining consent.

LGPD Cookie Text Requirements:

The LGPD follows the example set by the EU cookie law. The requirements overlap in many areas.

In general, you’ll comply with the Brazil LGPD cookie banner text requirements if:

• In the text of your cookie banner, you tell the user what you want permission for and how you will use it.
• You allow them to give consent for each specific processing purpose, and
• The user can take unambiguous action to confirm their cookie choices.

So, suppose your site uses Google Analytics for statistics and social media pixels for advertising. In that case, you need to ensure that your pop-up cookie banner asks for separate user consent for each purpose as if you were talking to EU citizens.

You’re all set for compliance if your cookie notification meets these LGPD requirements.

CCPA Cookie Text Requirements:

The CCPA and CPRA take a different approach than all other data protection laws worldwide. These laws rely on the opt-out principle, meaning businesses can use cookies if the user does not object. 

That determines the CCPA cookie banner requirements. The CCPA/CPRA privacy notice is the more accurate description of what is widely known as a “cookie banner.”

Californian consumer privacy laws require three types of privacy notices, and there are different requirements for all of them:

• The collection notice, in which you inform users that you collect and process their personal information. This notice must say what kinds of data are being processed and why and provide a link to the privacy policy. You must include a “Do Not Sell My Personal Information” link if you sell personal information.
• Notice on opt-out of sales of personal information if you sell personal data. This notice needs to describe in detail your sales of private data practices. You can tell them in the privacy policy and include a link in the notification banner.
• Take note of financial incentives. If you have a program in which users must provide personal information in exchange for economic incentives from your company (coupons, loyalty programs, discounts, etc.), take note of the financial incentives. You can describe the program in your privacy policy and put the link in the notice. You need to summarize the program and explain how people can join or leave the program.

If you need to serve users with more than one notice, you are free to combine all the requirements into one privacy notice banner. The law sets no constraints. Read about CCPA fines.

How to Create Engaging Cookie Banner Texts?

A compliant cookie banner doesn’t mean users would want to interact with a nice and engaging cookie banner.

Due to the legal requirements, businesses usually play it safe with their cookie banners, which leads to banners that look all the same. They all use the exact words, which gives cookie banners the reputation of being dull and blunt because that’s what the law says they have to be.

That, however, could not be further from the truth.

Cookie banner text must meet specific legal requirements to be valid, but it can be funny and witty and invite users to interact with it.

Internet users are accustomed to reading dull, easy-to-ignore text. But, if you choose a creative copy of your cookie banner, you may see better results in the future. See more GDPR cookie banner examples.

Feel free to experiment while adhering to the legal requirements. If you’re stuck for ideas, here are some exciting results from around the internet to get you started.

Engaging Cookie Banner Text Examples

Some use well-known language with a twist, while others have entirely unleashed their creativity.

Take a look and then decide what will work best with your brand.

Important note: The cookie banner texts comply with local data protection laws and may or may not comply with regulations worldwide. Use these examples as an inspiration, but get advice on the legal requirements your cookie banner must fulfill.

Amurabi

Declamatuus

Revolut

PichiAvo

Vintageria

CertiKit

Lunchbox

Borussia Dortmund

H&M

Hilarious

National Geographic

Moooi

Maryland

Sifted

Why Do the Data Protection Laws Require Cookie Consent Banners?

The purpose of data protection laws is to ensure the protection of personal information. The purpose of cookies is to process personal information. That’s why the use of cookies falls under the scope of data protection laws, such as the GDPR, CCPA, LGPD, PIPEDA, and many others.

Cookies are small text files (usually JavaScript code) that the website sends to the user’s device as soon as they land on their homepage or any other webpage.

When cookies appeared for the first time a few decades ago, it was for a noble purpose. They let website owners improve the user experience, remember information about users’ shopping carts for convenience, ensure the website is safe and secure, and so on.

Over time, advertisers realized the vast power of cookies. They started using the so-called third-party cookies on a massive scale to bring profits through the roof. There is nothing wrong with using data to sell more, but how data is used means that website owners now share users’ data with third parties. Some went even further and sold personal information to other companies.

This led to spammy marketing taking over the internet, relying on customer manipulation to sell more, and several data breaches. Governments responded to these trends and passed data protection legislation.

The European Union took the lead by passing the General Data Protection Regulation (GDPR). It introduced the opt-in principle, which requires websites not to use cookies until the user consents. Explicit consent is now required. Implied consent is the idea that a user agrees to cookies just by staying on a website, and is no longer legal.

Brazil followed the trend with the LGPD. California, on the other hand, still relies on the opt-out principle.

As a result, the internet was flooded with new types of consent notices. Now cookie messages have to inform users about the categories of cookies they use, why they use them, with whom they share data, and so on. For a better user experience, website owners can post a link to the privacy policy, which would be enough to obtain informed consent and comply.

Otherwise, you risk a fine from the data protection authority. The GDPR sets the cap at 4% or EUR 20 million—whichever is greater. It doesn’t mean that you’ll get the highest possible penalty right off the bat, but you must not underestimate how hefty these penalties can be.

For example, the Belgian data protection authority fined a media company for using Google Analytics cookies on their website without requesting user consent. They were fined €50.000. The penalties are not minor, so ensure you present users with a legal cookie notice that meets the legal requirements.

Final Thoughts

The takeout from this article would be that as long as you meet the cookie banner text legal requirements, you are free to choose how to present the required information to the users.

Some brands opt for strict legal text, while others experiment more and opt for unique options. It is good practice to seek legal advice on the legality of your cookie banner text, but do not forget that anything is allowed as long as it meets the requirements.

Our cookie notice solution has several templates for your cookie banner text, but you are free to redesign it and change the text as you wish. If you want to suit your brand better and it works for you, go for it. On top of that, we take care of all the consent management you will need.

It can also be connected to major platforms like Shopify, WordPress, Squarespace, Magento, Bigcommerce, and many more.

The legal requirements for the GDPR, CCPA, LGPD and other laws are embedded into the solution; it comes with pre-made designs and texts, and you don’t need to make any design or text decisions if you don’t want to. Sign up for a free trial.