The General Data Protection Regulation (GDPR) makes it mandatory for companies and organizations that serve the EU to be transparent about the data that they collect from their online users. Cookies are one of the ways websites collect and use people’s personal data. This article shows some of the best examples of how different websites are taking cookie consent from their users per GDPR standards.

Recommended reading: Ultimate Guide to GDPR

Why is GDPR Cookie Consent necessary?

Most of the time, users are not even aware of the fact that the website is collecting their data. When a user visits a website, it installs cookies on the user’s browser. There are cookies without which a website cannot function properly, like the cookies that store a user’s login information. These cookies do not usually track any user data. They get deleted from the browser after a while, posing no threat to the users’ privacy.

However, some third parties like Google Analytics or Facebook Pixel use tracking scripts to install cookies. These data can then later be used by the website or other third parties, mainly for targeted advertisements. Such tracking cookies provide more personalized content and ads to the users, improving their experience surfing through the internet. But it also develops privacy concerns among people.

Read more about cookies and how they track users here.

With the law in place, every website owner that serves EU individuals has to be transparent about the data they collect. The first step is to inform the users of the usage of cookies on the website. Most of the sites inform their users about the cookies they use by displaying a notification banner on the screen. The notification banner gives a message to the user that the website uses cookies. It also takes consent from the user and provides a link to the website’s cookie and privacy policy.

Read more about GDPR Cookie Consent here.

Here are some examples of websites that have implemented cookie notifications per the GDPR requirements.

Google Marketing Platform

GDPR Cookie Consent - GMP

The Google Marketing Platform website uses a simple notification bar on the website footer to inform users that it uses cookies to analyze the traffic to the site. The bar provides a button to link to Google’s Privacy & Terms page and another button where the user can agree to the use of the cookies. In the privacy and Term page, Google has given details about the cookies it uses and how to manage them. 

With the banner still on the website, the user can navigate through the website even if the user has not agreed to the message cookie notification.

Visit Website

Almiar Magazine

GDPR Cookie Consent - Almiar

On the cookie notification banner of the website, the users can either accept or reject the cookies. There is a button “More Information’ that links to the cookie policy, where information about cookies and how to manage them are available. If the user decides to change their consent, the site also provides a provision to reverse the consent by revisiting the cookies notification bar.

Visit Website

Zara

GDPR Cookie Consent - Zara

This website has a cookie notification at one corner of the website. The notification is a small dismissible widget that only serves the purposes of informing the users that the site uses cookies. It does not ask for the users’ consent for the use of the cookies. However, it clearly states on the notification that if the user continues to browse, it means they have accepted the use of cookies through the website. There is no option for users to opt-out of the use of cookies if they want to continue using the site. However, the cookie notification also provides a link to the Privacy and Cookie Policy of the website. It explains the cookies in use and how users can use their browser settings to manage them.

Visit Website

EU GDPR Compliant

GDPR Cookie Consent - EUGDPR

The notification for this website does not cover any content of the site or make the user unable to browse through the website. However, the notification bar is noticeable and informs the users clearly about the cookies used on their website. The notification also informs the users of the types of cookies used on the site and how many scripts come under each type.

Out of these types of cookies, the essential cookies are always enabled, and the users cannot disable them. On the other hand, the Analytics and Social cookies, which are non-necessary cookies, are kept disabled by default. The users can enable them if they wish. The users also have the option to then give their consent by clicking on the Accept all button. There are links to their privacy policy details. 

The cookie notification disappears after obtaining user consent. But the user can click on the button on the screen, which displays the cookie notification again, allowing the user to reconsider their consent.

Visit Website

The Times UK

GDPR Cookie Consent - The Times UK

The Times UK uses a detailed footer banner that provides links to its policies and a ‘Purposes/Features’ button to manage the cookie consent. It lists the type of cookies the site will use. Each one has a toggle switch that users can activate if they wish. The cookie banner only disappears after the user selects.

 Visit Website

CookieYes

GDPR Cookie Consent - CookieYes

CookieYes’ website uses a footer banner that links to its privacy policy. Users can click ‘Accept,’ and it will load only necessary cookies. Clicking on ‘Cookie Settings’ will open a settings box, where they can set their cookies preferences. Necessary cookies are always enabled by default. They can activate only the cookies they want the site to use and save the changes. The cookie banner is dismissed only after a choice is made and if the users can change their preference from the privacy policy.

Visit Website

Wrapping Up

There are many ways that websites have chosen to display their cookie consent banner, which varies depending on the website’s privacy and cookie policy. Please note that this article does not represent any legal advice. These are some examples of how sites of different companies follow the GDPR to take cookie consent from users. The websites have not been checked whether they are fully complying with the data protection laws.