Cookies are small data files that websites place on people’s devices when they are browsing and then store in their web browsers.

Cookies can enable websites to remember individual users and their preferences and settings when they return to the site. For example, a website may use cookies to remember what your username and password are so you can automatically log in next time. Cookies can also enable advertisers to track people’s online activity so that they can target them with personalized ads.

Because cookies can store enough information to potentially identify an individual, they fall under GDPR’s definition of personal data and are therefore subject to the regulation.

GDPR Cookie Consent Notice Example

A typical cookie consent notice includes a few common elements. It usually covers: 

  • Types of cookies being used
  • How you’re using each type of cookie
  • Whether you’re sharing data stored in cookies with advertisers or other third parties
  • How users can manage cookies
  • A link to a page where users can learn more

It’s a common practice to display this notice in a banner. This banner will include buttons that allow users to accept or reject cookies. Each of these options must be presented clearly so users can reject cookies as easily as they can accept them.

Below is an example from the UK ICO’s website:

Notice that users are able to click on the link to their cookie page, which further details what cookies are, how they’re being used on the website, and how users can manage their cookie settings. Here’s what that page looks like: