search
Where Thought Leaders go for Growth
Reference a solution

How do you set up a RGPD-compliant cookie banner in 2024?

How do you set up a RGPD-compliant cookie banner in 2024?

By Jennifer Montérémal

Published: 28 October 2024

The entry into force of the General Data Protection Regulation (GDPR ) has changed the face of personal data protection, and the issue of the cookie banner is no exception to this paradigm.

The trend is increasingly towards giving users control over how their data is used. Users must now express their consent (or lack of it) to the placing and reading of cookies on their various browsing devices. If cookies are not banned, it is important to be as transparent as possible.

That's why in this article we take a look at the regulations on cookie banners and how they will change in 2021, the rules to follow to ensure compliance, and the tools that can help you in this task.

But first of all, what is a cookie?

What is a cookie?

Cookie definition

Cookies, which take the form of a small text file in alphanumeric format, are tracers deposited on the user's terminal (computer, tablet, smartphone) when they consult a web page, an application or use software.

These files have a number of purposes:

  • to obtain data on the sites they visit, in order to discover their centres of interest and target the advertising they receive as effectively as possible;
  • to find out their preferences on your own site (time spent on each page, for example), using Google Analytics in particular;
  • remember certain information (such as login details) to facilitate their browsing experience.

The different types of cookie

As you will have realised, there are different types of cookies:

  • Necessary cookies, which help the site to function properly;
  • Analytical cookies, which are used to measure the audience and performance of your web pages;
  • advertising cookies, which focus on the consumer's online habits and preferences;
  • social network cookies, which are activated via the social media sharing buttons.

How do you create a cookie banner that complies with the RGPD and is effective?

Comply with legal obligations and the new CNIL rules

Since 1 April 2021, the law relating to cookies has been strengthened: the deposit of tracers on users' terminals is now conditional on obtaining their prior consent.

This obligation applies to cookies developed :

  • for marketing and advertising purposes
  • for sharing on social networks.

It applies regardless of the technology used, be it a computer, mobile phone or tablet.

To meet the CNIL's new requirements, a number of principles must be observed.

Clearly informing Internet users

Today's users need to be told as clearly as possible, in layman's terms :

  • the use of cookies
  • the functions of each type of cookie
  • the consequences of consenting or not consenting.

Internet users must also be informed as to the identity of the various parties who will use the tracers if they give their consent.

💡 For reasons of clarity, the CNIL specifies that an initial concise explanation may be provided (first level of information), followed by a second more detailed explanation (second level of information).

In this way, the user has an optimum level of information to make informed choices.

Enabling Internet users to give their prior consent by means of a clear positive act

It is now compulsory to obtain the Internet user's prior consent, in a clear and explicit manner, to the placing and reading of cookies and other tracers on their devices. To do this, you must ensure that the user consents easily and by a clear positive act.

This rule imposes several obligations:

  • The user must approve by clicking on an "I accept" button. In other words, you must display a cookie banner offering the option of saying "yes" or "no".
    Phrases such as "By continuing to browse the site, you consent to the deposit of cookies" should therefore be avoided.

  • Internet users should be able to refuse cookies as easily as accept them. For this reason, the "I accept" and "I refuse" buttons must be presented with the same level of legibility and simplicity. Gone, for example, is the multi-click access to refusal.

  • Any absence of response is now considered as non-consent and must not allow browsing to continue while cookies are being deposited.

  • The CNIL is also calling for an end to practices that are misleading or that make it difficult for web users to understand, such as :
    • boxes that are pre-checked by default
    • the mere presence of a "Settings" button in addition to the "I accept" button,
    • small, illegible cookie banners,
    • buttons designed in an illegible colour, etc.

Here is an example of a non-compliant cookie banner:

The possibility of refusing cookies is not presented at the same level as consent. It is a priori necessary to click on "Find out more", and therefore to perform several clicks to inform your preferences.

💡 Good to know: the CNIL recommends a consent or non-consent period of 6 months, before asking for the Internet user's opinion again.

Allowing Internet users to choose by purpose

As we have seen, there are several types of cookie. This is why the CNIL strongly suggests allowing users to make different choices depending on the nature of the cookies.

This recommendation applies in particular to the use of checkboxes, through which users can express their preferences: accepting, for example, audience cookies, but refusing those developed for advertising purposes.

☝️ However, the CNIL specifies that it is possible to give global consent, using buttons such as "Accept all" and "Refuse all".Accept all" and "Refuse all" buttons, as long as the objectives have been fully explained beforehand.

Allow users to modify their choices

Make sure that Internet users can change their previously established choices at any time.

We recommend that you display on your website, in the footer for example, a "Set your cookies" link giving access to a management interface so that users can manage their preferences.

Providing proof of consent

Finally, any professional using cookies must be able to provide proof of the user's "free, informed, specific and unambiguous" consent at any time.

In short, the aim of this new regulation is to obtain perfectly explicit consent from the user, in full knowledge of the facts.

Example of a compliant cookie banner

In the example below, the "Reject cookies" button remains perfectly visible.

The informative text appears clear (1st level of information), and it is possible to find out more (2nd level of information) by clicking on "Cookie policy".

Finally, the "Cookie settings" button allows users to specify their preferences.

Which cookies are exempt from consent?

Please note that these new obligations do not apply to all cookies. There are a few exceptions. These are those deemed necessary for the site to function properly and for the service to facilitate communication.

For example

  • cookies used to authenticate the user,
  • cookies relating to browsing preferences (language, display, etc.),
  • cookies used to store the contents of the user's shopping basket, etc.

☝️ This type of tracker is never intended to collect and share personal data.

Work on the text and design of your cookie banner

In addition to compliance, an effective cookie banner needs to be ergonomic and clear, to offer a real experience to web users and encourage them to give their consent as much as possible.

So it's a good idea to work on it to make it more engaging, visual and UX friendly.

Here are a few tips

  • choose the location of your cookie banner intelligently (header, footer, middle of the page, pop-up window, etc.) so that it fits in as well as possible with the design of your site and the behaviour of your visitors;
  • personalise your text to make it more entertaining, while remaining precise and concise. If your brand image allows it, why not allow yourself a touch of humour?
  • take care with the appearance of your banner and your call-to-action buttons, in line with your graphic charter. Some professionals use GIFs, for example, to make it more attractive;
  • think responsive, so that your cookie banner adapts as well as possible to growing mobile usage.

Here is an example of a cookie banner that seeks to stand out through the originality of its text:

What tools can I use to create a cookie banner?

Free cookie banner generators

You can find free HTML cookie banner generators on the web, such as Bandeau cookie Generateur.

But while the fact that they are free may seem tempting, beware: these platforms quickly show their limitations when it comes to complying with the new legal requirements. They are often more informative than they allow web users to make a real choice, manage their preferences and so on.

It is therefore advisable to opt for a more effective tool that can easily trace the authorisations of each user.

☝️En In addition, the possibilities for customisation, which guarantee a good opt-in rate, are limited by the use of free software.

Wordpress cookie banner management plugins

If you use a Wordpress site, the news is good. There are many plugins dedicated to managing your cookie banners. To find the one that's right for you, go to the publisher's plug-in catalogue and enter the word "cookie" in the search bar.

☝️Restez Be aware of the different offers on the market. Take the time to compare them to see which ones :

  • best meet the new European requirements;
  • are sufficiently simple to use to enable you to track consent correctly and provide proof where necessary.

Specialised cookie banner software

The use of a specific management solution for your cookie banners is highly recommended, particularly in view of the increasing regulatory requirements.

These tools help companies to achieve compliance, while avoiding the many time-consuming and complex manual operations required of those who are new to writing code.

Here are a few examples of these tools:

🛠️ consentmanager is software that informs users about the use of cookies, collects consents and refusals, and automatically blocks the deposit and reading of cookies in the event of non-consent. This solution is easy to use and intuitive, so it can be adapted to the needs of all professionals, even those less familiar with IT. Finally, consentmanager offers a high degree of customisation for cookie banners, so that they fit in perfectly with your website and respect your brand image.

🛠️ iubenda is a software expert in legal compliance for the protection and confidentiality of user data. By using its platform, you can ensure that you comply with the law, even as it evolves, and save precious time by using templates drafted by the legal team. What's more, customising a RGPD-compliant cookie banner to match your graphic charter is highly intuitive. Another significant advantage is that you can automatically adapt the banner to the regulations and language of a given country, depending on the user's geolocation.

Good cookie management: a legal and business requirement

By now you are familiar with all the requirements for the cookie banner... and no doubt find them restrictive. What's more, given the large number of sites that do not comply with the legislation, you too may be tempted to ignore it.

But be warned: if you don't comply with the RGPD, you're risking a lot: a fine from the CNIL of up to 4% of your total turnover.

At the same time, consumers are increasingly demanding a transparent and honest consent policy.

80% of customers say they have left a brand because it used their data without their consent .

Cookiebot

More and more of us are concerned about how our personal data is used, and a company that doesn't play the game quickly finds itself suffering from a bad reputation.

So the cookie banner is not just a matter of law... it's a real way of improving the customer experience!

Article translated from French