search
Where Thought Leaders go for Growth
Reference a solution

How to set up an RGPD-compliant cookie banner in 2024?

How to set up an RGPD-compliant cookie banner in 2024?

By Jennifer Montérémal

Published: October 28, 2024

The entry into force of the RGPD (General Data Protection Regulation) has shifted the lines when it comes to the protection of personal information, and the issue of the cookie banner is no exception to this paradigm.

Indeed, the trend is increasingly towards user control over how their data is used. From now on, users must express their consent (or non-consent) to the deposit and reading of cookies on their various browsing devices. If cookies are not forbidden, it's important to be as transparent as possible.

That's why, in this article, we take a look at the regulations governing cookie banners and how they will evolve in 2021, the rules you need to follow to comply, and the tools that can help you in this task.

But first of all, what is a cookie?

What is a cookie?

Cookie definition

Cookies, which take the form of a small alphanumeric text file, are tracers deposited on the user's terminal (computer, tablet, smartphone) when he or she consults a web page, application or uses software.

The purpose of these files is manifold:

  • to obtain data on the sites they visit, in order to discover their centers of interest and better target the advertising they receive;
  • find out about their preferences on your own site (time spent on each page, for example), using Google Analytics in particular;
  • remember certain information (such as login details) to facilitate their browsing experience.

The different types of cookies

As you can see, there are different types of cookies:

  • Necessary cookies, which contribute to the proper functioning of the site;
  • analytical cookies, used to measure the audience and performance of your web pages;
  • advertising cookies, which focus on the consumer's online habits and preferences;
  • social network cookies, which are activated via social media sharing buttons.

How do you make an effective, RGPD-compliant cookie banner?

Comply with legal obligations and the CNIL's new rules.

Since April 1, 2021, the law relating to cookies has become stricter: the deposit of tracers on users' terminals is now conditional on obtaining their consent beforehand.

This obligation concerns cookies developed :

  • for marketing and advertising purposes,
  • for sharing on social networks.

It applies regardless of the technology used, whether computer, cell phone or tablet.

To meet the CNIL's new requirements, a number of principles must be observed.

Clearly inform the surfer

Today, users need to be told as clearly as possible, in layman's terms:

  • the use of cookies
  • the functions of each type of cookie
  • the consequences of giving or withholding consent.

Internet users must also be informed as to the identity of the various players who will exploit the tracers if they give their consent.

💡 For reasons of clarity, the CNIL specifies that a first concise explanation can be delivered (first level of information), followed by a second more detailed one (second level of information).

In this way, the user is provided with the optimum level of information to make informed choices.

Enable Internet users to give their prior consent by means of a clear positive act

It is now compulsory to obtain clear and explicit prior consent from the web user for the placement and reading of cookies and other tracers on their devices. To do this, you must ensure that the user consents easily, and by a clear positive act.

This rule imposes several obligations:

  • The user must approve by clicking on an "I accept" button. In other words, you must display a cookie banner offering the option of saying "yes" or "no".
    Phrases such as "By continuing to browse the site, you consent to the deposit of cookies" are therefore to be avoided.

  • Web users should be able to refuse cookies just as easily as accept them. For this reason, the "I accept" and "I refuse" buttons must be presented with the same level of legibility and simplicity. Gone, for example, is the multi-click access to refusal.

  • Any absence of response is now considered as non-consent, and must not allow browsing to continue with the deposit of cookies.

  • The CNIL is also calling for the abandonment of practices that are misleading or make it difficult for users to understand, such as :
    • default checkboxes,
    • the mere presence of a "Parameterize" button in addition to the "I accept" button,
    • small, unreadable cookie banners,
    • buttons designed with an illegible color, etc.

Here's an example of a non-compliant cookie banner:

Indeed, the option of refusing cookies is not presented at the same level as consent. It is a priori necessary to click on "Learn more", and therefore to execute several clicks to inform one's preferences.

💡 Good to know: the CNIL recommends a consent or non-consent period of 6 months, before asking for the surfer's opinion again.

Allowing users to choose by purpose

As we have seen, there are several types of cookies. This is why the CNIL strongly suggests that users should be able to make different choices depending on the nature of the tracers.

This recommendation applies in particular to the use of checkboxes, through which users can express their preferences: accepting, for example, audience cookies, but refusing those developed for advertising purposes.

☝️ The CNIL specifies, however, that it is possible to give global consent, using buttons such as "Accept all" and "Refuse all".Accept all" and "Refuse all" buttons, as long as the objectives have been clearly explained beforehand.

Allow users to modify their choices

Make sure that visitors can modify their choices at any time.

We recommend that you display a "Set your cookies" link in the footer of your website, for example, giving access to a management interface so that users can manage their preferences.

Provide proof of consent

Finally, any professional using cookies must be able to provide, at any time, proof of the user's "free, informed, specific and unambiguous" consent.

In short, the aim of this new regulation is to obtain perfectly explicit, fully informed consent from the user.

Example of a compliant cookie banner

In the example below, the "Reject cookies" button remains perfectly visible.

The informative text appears clear (1st level of information), and it is possible to find out more (2nd level of information) by clicking on "Cookie policy".

Finally, the "Cookie settings" button lets you specify your preferences.

Which cookies are exempt from consent?

Please note that these new obligations do not apply to all cookies. There are a few exceptions. These are those deemed necessary for the proper functioning of the site and the fluidity of communication by the service.

For example

  • cookies used for user authentication,
  • cookies relating to browsing preferences (language, display, etc.),
  • cookies used to store the contents of the user's shopping cart, etc.

☝️ Tracers of this type are in no way intended to collect or share personal data.

Work on the text and design of your cookie banner

Beyond compliance, an effective cookie banner needs to be ergonomic and clear, to offer a real experience to Internet users and encourage them to consent as much as possible.

It's important to make it more engaging, visual and UX-friendly.

Here are a few tips

  • choose the right place for your cookie banner (header, footer, middle of the page, pop-up window, etc.) so that it aligns with your site's design and your visitors' behavior;
  • personalize your text to make it more playful, while remaining precise and concise. If your brand image allows it, why not allow yourself a touch of humor?
  • Take great care with the appearance of your banner and call-to-action buttons, in keeping with your graphic charter. Some professionals use GIFs, for example, to make it more attractive;
  • think responsive, so that your cookie banner adapts as well as possible to growing mobile usage.

Here's an example of a cookie banner that seeks to stand out through the originality of its text:

What tools can I use to create a cookie banner?

Free cookie banner generators

You'll find free HTML cookie banner generators on the web, such as Bandeau cookie Generateur.

But while this may seem tempting, beware: these platforms quickly show their limitations when it comes to complying with new legal requirements. They are often more informative than they allow users to make a real choice, manage their preferences and so on.

In such cases, it's best to opt for a more effective tool, one that can easily trace the authorizations of each user.

☝️En Furthermore, the customization possibilities that guarantee a good opt-in rate are limited by the use of free software.

Wordpress cookie banner management plugins

If you're using a Wordpress site, good news. There are many plugins dedicated to managing your cookie banners. To find the one that's right for you, go to the publisher's plug-in catalog and enter the word "cookie" in the search bar.

☝️Restez is a good place to start. Take the time to compare them to see which ones :

  • best meet the new European requirements;
  • are sufficiently simple to use to enable you to correctly track consent and provide proof where necessary.

Specialized cookie banner software

The use of a specific management solution for your cookie banners is highly recommended, particularly in view of increasing regulatory requirements.

These tools support companies in their compliance efforts , while avoiding the many time-consuming and complex "manual" manipulations required of even the most code-writing neophyte.

Here are just a few examples:

🛠️ consentmanager is a software program that informs users about the use of cookies, collects consents and refusals, and automatically blocks the deposit and reading of cookies in the event of non-consent. This solution remains easy to use and intuitive, so that it can be adapted to the needs of all professionals, even those less familiar with IT. Finally, consentmanager offers a high degree of customization of cookie banners, so that they blend in perfectly with your website, while respecting your brand image.

🛠️ iubenda is a software expert in legal compliance for the protection and confidentiality of user data. By using its platform, you can be sure of complying with the law even as it evolves, and save precious time by using templates drafted by our legal team. What's more, customizing an RGPD-compliant cookie banner according to your graphic charter is highly intuitive. Another significant advantage is that you can automatically adapt the banner to a country's regulations and language, depending on the user's geolocation.

Good cookie management: a legal and business requirement

By now, you're familiar with all the cookie banner requirements... and no doubt find them restrictive. What's more, given the large number of sites that don't comply with the legislation, you may be tempted to ignore it yourself.

But beware, if you don't comply with the RGPD, you risk a lot: a fine from the CNIL amounting to up to 4% of your total sales.

At the same time, the use of a transparent and honest consent policy is a growing consumer requirement.

80% of customers say they have left a brand because it used their data without their consent .

Cookiebot

More and more of us are concerned about the use of our personal data, and a company that doesn't play the game will soon find itself suffering from a bad reputation.

So the cookie banner is not just a matter of law... it's a real way of improving the customer experience!

Article translated from French