What does a cookie banner need to handle?
A cookie banner is the part of the cookie solution that the visitor meets on the website. It should help the visitor understand which cookies are used and what choices are available.
But a working cookie solution is not only about showing a box. It also needs to control what actually happens on the website, so that cookies and scripts are handled according to the visitor’s choice.
Provide clear information
The visitor needs to understand which cookies are used, why they are used and what choices are available.
The information should be clear, concrete and easy to understand. It should help the visitor make a conscious choice, not only meet a formal information requirement.
It should be clear which categories exist, what purposes they have and which cookies are used. A general text saying that the website uses cookies is rarely enough on its own.
Collect consent where it is needed
Not all cookies require consent. Necessary cookies can normally be used without consent when they are needed to provide a service that the visitor has explicitly requested, such as login, shopping cart functionality or remembering the cookie choice. The visitor still needs to be informed that the website sets them.
For functional cookies, statistics and marketing, the website should wait for the visitor’s consent before cookies are set or scripts that belong to the category are loaded.
The choice should be presented in a way that is easy to understand and easy to use. The visitor should not have to search for the option to decline or change their settings.
Categorize correctly
Cookies need to be placed in the right categories. This affects both the information shown to the visitor and which scripts may run.
Necessary cookies need to be separated from functional cookies, statistics and marketing. The website owner should inform the visitor about the necessary cookies that are set. Cookies in the other categories should wait for the visitor’s consent before they are set.
A common issue is that all cookies are treated as necessary. Not everything that is useful for the website owner is necessary for the visitor.
If cookies are placed in the wrong category, the category needs to be adjusted and the implementation checked.
Condition scripts against consent
It is not enough to show a cookie banner if scripts that require consent still run immediately.
Scripts that belong to functional cookies, statistics or marketing need to be conditioned against the right consent category. This means that the script should not be loaded until the visitor has given consent that covers the relevant purpose.
This is often where the difference becomes clear between a banner that is only displayed and a cookie solution that actually works.
Let the visitor change their choice
The visitor should be able to change or withdraw consent.
That is why the cookie banner or cookie dialog should be possible to open again, for example through a clear link in the footer. It should be easy for the visitor to change their choice.
When the visitor changes their choice, the website needs to adapt to the new choice as far as technically possible.
This may mean stopping future scripts and deleting cookies from the browser where they can be deleted. Third-party cookies cannot always be deleted by the website, but the visitor should receive information about how they can be removed in the browser.
Show which cookies are used
The visitor should be able to review which cookies are used.
The cookie list needs to reflect the cookies that the website actually uses. Some cookies may only appear after specific interactions, such as forms, login, purchase flows or embedded services.
New cookies may also be added when the website changes or when new third-party services are added. That is why the information needs to be followed up over time.
Document consent
When consent is used, the website owner needs to be able to show that consent has been given.
Saving a choice in the visitor’s browser may be necessary to remember the choice. But it is not always the same thing as being able to show later which consent was given, when it was given and which information applied at the time.
A consent solution should therefore support documentation that can be followed up.
Follow up changes
A cookie solution needs to work even when the website changes.
New scripts can be added through the CMS, Google Tag Manager, campaigns, forms, embedded services, plugins or external providers. This can affect which cookies are set, which category they belong to and which consent is required.
That is why the website owner needs a routine for detecting, reviewing and handling changes.
Summary
A cookie banner does not only need to be shown. It needs to work together with the website’s technology and the visitor’s choice.
A working cookie solution should help the website owner:
- inform the visitor about which cookies are used
- inform the visitor about necessary cookies that are set
- collect consent for functional cookies, statistics and marketing
- categorize cookies correctly
- condition scripts against the right consent category
- let the visitor change their choice
- show which cookies are used
- document consent
- follow up changes over time
The cookie banner is what the visitor sees. The cookie solution is what makes consent work in practice.
More about cookies and consent
Do you need help reviewing your cookie banner?
CookieTractor helps you handle the cookie dialog, consent, cookie list, documentation and follow-up.
If you are unsure whether your current solution is enough for the requirements you need to consider in the EU or EEA, we can help you review how cookies, consent and scripts work on your website.
Feel free to contact us at info@cookietractor.com.