Cookie Consent Best Practices

Does your website need a pop-up? Yes. Yes it does.

Unless you’ve been buried under a mound of the most delicious chocolate chip cookies on the planet for the last 6 months, you’ve undoubtedly noticed many of your favorite websites asking you to accept that it uses cookies. Typically this request looks something similar to this cookie consent pop-up.

A screengrab from the Neux Technologies website showing an example of a Cookie Consent popup
Screenshot from the NeuX website.

This image is a screenshot of the popup on the NeuX website. I started working with NeuX about 6 months ago and this pop-up was in place when I arrived. The design is nice enough, but unfortunately, even if you hit the “Accept Cookies” button, the pop-up would continue to display every time you visited the homepage. NeuX asked me if I could help them address that issue and I was happy to help.

Luckily, NeuX is on the Webflow platform, and {finsweet has a whole component library to manage cookie consent. Rest assured, I’ll write more about {finsweet and Webflow in future posts, but the technology integration is only one part of this issue. Researching cookie consent and how it relates to GDPR and CCPA compliance opened up a whole new level of understanding on how this issue should be addressed. If you’re interested, be sure to check out my article on Why Cookies Consent Matters. Otherwise, read on to learn the best practices for implementing a cookie consent popup on your website.

An example of a cookie consent pop-up

Pop-Up Basics

So first, let's get the basics out of the way. The simplest pop-ups simply alert your web visitors that your website uses cookies. If you’ve implemented a pop-up on your website, you should definitely have in place the following basics:

  • Place on every page of your website.
    The pop-up needs to be on every page of your website, not just the homepage. Ideally, your visitors may be finding your website through SEO or backlinking that brings them to the internal pages of your website. Your cookie consent applies to those pages also, so your pop-up needs to be implemented at any point of entry on your website.
  • Provide a link to your cookie policy.
    Your website should have an official cookie policy drafted by your legal counsel or privacy officer. This can be integrated into your larger privacy policy.
  • Acknowledge A Cookie, Get a Cookie!
    Once a user acknowledges that your site uses cookies, you should store that information as (you guessed it) a cookie. Set a cookie with an expiration date so your customers don’t have to see that cookie every single time they visit your website, or on every single page that they attempt to load. How long should that expiration date be? Check with your legal counsel or privacy officer to determine the best time for your region.
Another example of a cookie pop-up

Advanced Cookie Compliance

If the only cookies on your website are related to the functional operation of your website, a pop-up that simply alerts users that you use cookies should be sufficient. But in reality, most websites have plug-ins related to Analytics (Google, Omniture), Social feeds (Facebook, Instagram), Email / Newsletter sign-ups (Mailchimp, Constant Contact), or Marketing plugins (Add This, Marketo), etc. It’s likely that these services are storing cookies on your consumer's browsers, and regulations can require that YOU are responsible for managing the cookie compliance for any service you use on your website. CCPA requires you to give consumers the ability to opt out of these services, while the GDPR requires that consumers have to opt-in to them. (More on that discrepancy below.)

Essentially, you need to offer your audience the ability to manage which cookies are stored on their browser and these cookies can typically be managed by “type.”

  • Necessary Cookies: Cookies that are needed for your website to function… typically related to your web platform (Webflow, Wordpress, for example)
  • Preferences: Cookies that store your user’s preferences.
  • Statistical: Cookies related to your analytic monitoring. Although this can get complicated if your analytics data includes campaigns or other marketing data.
  • Marketing: Cookies that collect demographic data or track users across websites for the purpose of delivering relevant ads or content.

Managing so many different cookie integrations can be technically challenging and there are ever-changing standards and categorizations. I encourage your tech team to install a javascript service that is specifically designed to manage cookies and that is updated regularly. (Have I mentioned {finsweet?)

Best Case Examples:

POPSOCKET

PopSocket has a nice and intuitive Cookie Consent user flow that allows visitors to quickly “Accept,” but also encourages users to visit their website’s “Cookie Settings” to manage what type of cookies they accept.

This option is a good one for midsized companies based in the US that aren’t too concerned about lawsuits related to GDPR regulations.

Here are some screengrabs that illustrate how this option is implemented.

A pop up allows users to quickly Accept Cookies or to open more specific settings.

Users can turn off specific types of cookies.

SITEIMPROVE.COM

SiteImprove’s cookie consent implementation is handled a bit differently. In addition to letting users accept all cookies, they also provide an option to accept just the necessary cookies without getting users bogged down with understanding every type of cookie and deciding which is appropriate.

Here’s a quick look at the SiteImprove cookie consent:

Users have options to Allow all cookies, but transparency of use of cookies is baked right into the introductory copy.

An option to accept only the necessary cookies.

SiteImprove’s Cookie Declaration takes transparency to a whole new level by listing out every single cookie that they use and its purpose. Whether you think this would be confusing for your consumers or informative is probably subjective and depends on your industry and consumers.

eBAY UK

eBay UK uses a hybrid approach combining a pop-up and a more detailed privacy page within their website. Users who don’t want to accept all cookies are taken to a very detailed privacy page that outlines all the various types of cookies available and allowing users to opt-out of each independently as required by GDPR regulation.

This transparent approach is a good one for companies that operate in the EU and/or have concerns about their need to comply with GDPR regulations. It’s also just a good forward-thinking approach to privacy transparency in an age where privacy is a growing concern among legislatures and consumers alike.

eBay UK’s initial pop up. Note the level of detail and transparency.

A screenshot of the eBay GDPR page where users can opt-in or out of various tracking cookies.

Conclusion.

If your company gets traffic from international sources, or if you meet any of the CCPA guidelines for compliance, you should implement a cookie policy and a cookie consent process on your website as soon as possible.

Need help? I work with businesses of all sizes to help with digital transformation, marketing strategy, and product design. Reach out to me if you need help!


More Blog Posts

Tech Trends

Facebook's Ad Library

New insights into the ads that are currently running on Facebook.

Tech Trends

Cookies & Privacy Regulation

A look at the regulations that govern cookie policy.

Tech Trends

Designing with Atomic Design Methodologies

A look at the popular processes for designing modular based websites and digital products.

Case Study

"If I Made" a Website

Transforming a static website into a templated structure

Follow Us:

Our design director Shannon Rednour blogs and posts at these locations:

LinkedIn
Medium
Twitter

Newsletter Sign Up:

I won't clog your inbox with marketing email, but I do occasionally
share interesting digital trends and techniques.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.