Cookie banner text – this must be included!

Cookie banner text recipe

When it comes to what exactly needs to be in a cookie banner, website operators – maybe even you – are often at a loss. But good news: If it is possible to mount a car on a rocket and catapult it into the vastness of space (thanks Elon!), you will definitely succeed in creating an ePrivacy Directive- and GDPR-compliant Cookie Banner 🚀

In this article, we explain to you what types of cookie banners there are, what you need to pay attention to when creating a text in the cookie banner, show you great and not-so-great cookie consent text examples and tell you where you can quickly and easily obtain data protection-compliant templates for your cookie banner.

💡 Tip: If you don’t know what the term “cookie banner” means and cookies are nothing more than a delicious snack, we recommend you read our articles What is a cookie banner? and What are cookies?

We have also explained in two separate articles when you need a cookie banner and what you need to obtain consent for.

Attention: This article is not legal advice! We as developers of WordPress plugins and contractors of website projects have dealt intensively with the topic of cookie banners, as it is essential in our daily work. However, we are neither lawyers, nor can we guarantee the completeness, timeliness and accuracy of the following information. In case of doubt, always consult a lawyer.

Types of cookie banners

When you start looking for the ideal cookie consent banner for your needs, you will increasingly come across plugins and cloud cookie banners that often falsely claim to be legally compliant. They are often implemented according to now outdated legal requirements or the statement of the supposedly perfect cookie banner is used for marketing purposes to attract desperate cookie banner newbies.

That’s why we explain to you what types of cookie banners there are, so that you can distinguish them yourself. This is important so that you don’t mistakenly use a cookie notice banner that could get you into legal trouble.

It should be noted that some integrated WordPress plugins or services technically set several cookies or cookie-like information. For the sake of simplicity, we will refer to these as “cookies” in the following.

✅ Opt-in Cookie Banner

In the EU (and Germany), only opt-in cookie banners are permitted under the current legal situation.

Cookie consent banners, which ask for the active and informed consent of your visitors whether cookies may be set, are referred to as opt-in cookie banners.

This type of cookie banner ensures that when your visitors visit your website for the first time, they are presented with a dialogue or banner in which they can select which services may be loaded and cookies set. It is important that the user is free to choose which cookies they want to accept, and that each cookie can be rejected individually. The cookie banner must not pre-select cookies. This is explicitly forbidden by law.

The opt-in cookie banner ensures that cookies are only set after consent has been given. Conversely, this also means that services such as Google Analytics may only be integrated after the user has explicitly agreed to this.

❌ Opt-out Cookie Banner

The counter model to opt-in cookie banners are the opt-out cookie banners – who would have thought it 😉

With this type of cookie banner, cookies are initially set. However, the user of your website must be given the opportunity to object to this immediately after entering your website. Typically, these solutions display a “Do Not Sell My Personal Information” link at the bottom of the screen. If the user objects, all cookies must be deleted again and the use of the corresponding plug-ins and services must be prevented.

This type of cookie banner is required by the California Consumer Privacy Act (CCPA), but not by EU law. This law is intended to protect residents of California in the United States. Consequently, this type of cookie notification is only relevant for websites targeting the US market. At the same time, the more restrictive opt-in cookie banner process from the EU should meet the requirements of the CCPA in the same way.

❌ Reference to cookies

At the time of writing, mere references to the use of cookies are still very common. For example, even large publishers from Germany still write cookie notice texts on their websites such as:

“We use cookies to provide you with the best possible user experience. You agree to our use of cookies and our privacy policy.”

For a long time, many websites – especially in Germany – placed such cookie popup texts on their website. In addition, there were instructions scattered throughout the privacy policy on how the user could object to the use of certain cookies. A very user-unfriendly implementation of the opt-out procedure. In most cases, however, the data protection declarations did not explain how to object to all cookies, so that only a reference to the cookies remained.

Why are many cookie banners not legally compliant?

There are numerous false – if not already illegal – cookie banners. But what is the reason for this?

In short: the legal requirements. Who doesn’t love reading heaps of legal texts? We can definitely understand if reading laws written in legalese – let alone understanding them – is not part of your preferred reading 🤯 Especially when it comes to a small hobby blog, the effort usually seems to be far too great for many website operators. As a result, the simplest requirements, such as the presence of a cookie banner, usually fail.

We can understand the legislator’s intention to ensure more data protection on the internet. This is to prevent large (personal) data collections. However, practice shows that implementing the legislator’s wishes is simply far too complex and can only be done with great effort, even by professionals.

What must be included in the cookie banner?

Now we come to the much-awaited core of the article: What must be included in the cookie notice?

In addition to common cookie banner mistakes and cookie banner design faux pas, the cookie banner wording can, of course, cause serious and costly mistakes.

Example for a cookie banner

This is how a cookie banner on your website could be structured. In the following, we will explain to you what you should pay attention to when creating your cookie notice text. For this purpose, we will take a closer look at the English text examples of our cookie banner 🔎

💡Tip: The Real Cookie Banner Plugin for WordPress already includes all text templates in English and German.

cookie banner example

Title of the dialogue

Privacy preferences

Transparency is the key. Therefore, you should explain to your user right at the beginning that privacy settings can be made in the following.

Information on data processing and legal notice

We use cookies and similar technologies on our website and process personal data about you, such as your IP address. We also share this data with third parties. Data processing may be done with your consent or on the basis of a legitimate interest, which you can object to in the individual privacy settings. You have the right to consent to essential services only and to modify or revoke your consent at a later time in the privacy policy.

Even today, many website operators wrongly assume that a simple “We use cookies” sentence is sufficient as legally compliant cookie notice text – however, this is not the case.

Therefore, we advise you to explain to your user:

  1. What exactly is used and processed incl. example.
  2. Why this data is used and processed.
  3. How consent can be revoked or changed at any time.

Data processing in the USA

Some services process personal data in the USA. By consenting to the use of these services, you also consent to the processing of your data in the USA in accordance with Art. 49 (1) lit. a GDPR. The USA is considered by the ECJ to be a country with an insufficient level of data protection according to EU standards. In particular, there is a risk that your data will be processed by US authorities for control and monitoring purposes, perhaps without the possibility of a legal recourse.

In this cookie banner sample text section, we inform our users that some services used on our website process data in the USA. It is therefore not enough to tell your users that data is processed in general. You should also inform them that this also happens in countries outside the EEA – in this case the USA.

Why? The Privacy Shield was declared invalid by the ECJ in July 2020. This agreement between the EU and the US was supposed to guarantee the same level of data protection as within the EU also in the US for EU citizens. The ECJ said that the agreement could not fulfil this mandate. How can services like Google Analytics from the USA still be used?

One idea is to inform the visitor to your website about the danger of data transfer to the USA and to obtain consent from you as the website operator. The visitor to your website must agree to surrender parts of his or her fundamental rights. Whether this is really possible has not yet been confirmed by the highest courts. However, this is the sensible approach to continue using services from the USA (as of mid-2021).

Age warning for the protection of minors

You are under 16 years old? Then you cannot consent to optional services, or you can ask your parents or legal guardians to agree to these services with you.

According to Article 8 of the GDPR, consent to services that process personal data and/or set cookies can only be given from the age of 16 (different in some EU countries) or together with a parent or guardian. Therefore, as a website operator, you must take appropriate measures to ensure that persons under this age limit only consent together with their parent or guardian.

A legally suitable remedy here would again appear to be to instruct the children and young people. Because we all know, at this age, people are keen on reading these texts 😉

Cookie Groups

Essential Functional Statistics  Marketing

If you divide cookies and services into groups, show your website visitor which cookie groups exist on your website and how they are composed. Your visitor should always be able to reject individual groups and individual services in these groups. Exceptions are essential – also called technically necessary cookies. Without such cookies, the basic functionality of your website would not be possible.

Choices for the website visitor

Accept all

Buttons in the cookie banner are important to make it as easy as possible for your user to consent and decline. The buttons should be equally visible and easy to understand in the cookie banner. It is important that you do not slip into the legal grey area of dark patterns.

Continue without consent

Your user must always have the option to reject cookies or not give consent. Just like the “Accept all” button, the button for rejecting cookies should also be placed clearly visible on the first level of the cookie message. These two buttons should appear on the same level! You also need to name this button so that your user understands the functionality easily and quickly. Depending on how your cookie banner is structured, “Continue without consent” or “Reject all” could be a suitable label.

Individual privacy preferences

By clicking on “Individual privacy settings”, we enable the user to individually configure their preferred settings. Often this function is also called “Configure cookies”. The website visitor should in any case be able to decide which services are allowed to read/set cookies and process personal data.

Linking legally relevant pages

Privacy Policy ● Imprint

Legal pages such as the imprint (depending on the country) and the privacy policy may not be covered by a cookie pop-up according to the law. It is therefore a good idea to link such pages directly in the cookie banner so that your user can access the pages at any time. Or you can design your cookie banner in such a way that it does not cover links to the legally relevant pages, e.g. in the footer of your website, at any time – not even on mobile devices with small screens.

How useful is a Cookie Banner Text Generator?

Is a cookie notice generator your saviour in need? – we say no. Even if it may seem tempting that you can integrate a supposedly perfect cookie banner on your website in just a few steps and for free, we strongly advise you not to use a cookie generator. They promise to generate an “optimal” cookie notice with one or two clicks. Many cookie banner generators are simply not legally up-to-date and/or do not cover all the legal requirements. The same also applies to the use of many cookie banner plugins.

You should rather carefully select a suitable cookie banner solution – as a plugin or for integration as a script – for your website. You should always check predefined texts again for each individual case. In case of doubt, you should always seek the advice of a lawyer.

Create your legally compliant cookie banner with Real Cookie Banner

The headaches are over: With our WordPress Cookie Banner plugin, you can quickly and easily create a cookie banner tailored to your needs. In Real Cookie Banner you will find relevant text examples that you can use in your cookie banner or modify as you wish.

Try Real Cookie Banner now and create your legally compliant cookie banner that even data protectionists will like! 🍪

Menu
GDPR Cookie Consent with Real Cookie Banner