background

GDPR Cookie Consent Notice Template

  • gdprangle-right
  • GDPR Cookie Consent Notice Template

Cookies are small data files that websites place on people’s devices when they are browsing and then store in their web browsers.

Cookies can enable websites to remember individual users and their preferences and settings when they return to the site. For example, a website may use cookies to remember what your username and password are so you can automatically log in next time. Cookies can also enable advertisers to track people’s online activity so that they can target them with personalized ads.

Because cookies can store enough information to potentially identify an individual, they fall under GDPR’s definition of personal data and are therefore subject to the regulation.

GDPR Cookie Consent

In the 88-page legal document of the GDPR regulation, cookies are only mentioned once.

Supplementing GDPR is the ePrivacy Directive (EPD) — or the “cookie law.” Last amended in 2009, it will eventually be replaced by the Regulation on Privacy and Electronic Communications, which contains specific provisions on cookies. 

Complying with the regulations governing cookies under both GDPR and the EPD requires organizations to:

  • Receive users’ consent before you use any cookies except strictly necessary cookies
  • Clearly explain the data each cookie tracks and why
  • Document and store users’ consent 
  • Allow users to access your service even if they do not allow the use of certain cookies
  • Make it easy for users to withdraw their consent

To meet these requirements and inform customers how your organization collects and uses their data, organizations can create a cookie consent notice.

GDPR Cookie Consent Notice Example

A typical cookie consent notice includes a few common elements. It usually covers: 

  • Types of cookies being used
  • How you’re using each type of cookie
  • Whether you’re sharing data stored in cookies with advertisers or other third parties
  • How users can manage cookies
  • A link to a page where users can learn more

It’s a common practice to display this notice in a banner. This banner will include buttons that allow users to accept or reject cookies. Each of these options must be presented clearly so users can reject cookies as easily as they can accept them.

Below is an example from the UK ICO’s website:

Notice that users are able to click on the link to their cookie page, which further details what cookies are, how they’re being used on the website, and how users can manage their cookie settings. Here’s what that page looks like:

Privacy Policy with GDPR Cookie Consent Notice Template

It’s also common to include cookie clauses in your privacy notice. You can use this template as a foundation for building your own.

angle-rightGDPR Privacy Notice ExamplesGDPR Trainingangle-right

GDPR Overview

GDPR Requirements

Automating GDPR Compliance

GDPR Tools and Resources