With so much attention on cookie consent for legal compliance, it's easy to overlook the wording on your cookie banner (i.e., the cookie text). Yet, it matters more than you may realize.
Having well-written cookie text not only supports compliance with privacy laws but tells visitors you have nothing to hide, which can help build trust and credibility.
This article explains how to phrase your cookie text in a way that's both legally effective and fosters a positive interaction with your website visitors.
Let's get into it.
Use our Cookie Consent all-in-one solution (Privacy Consent) for cookies management to comply with GDPR & CCPA/CPRA and other privacy laws:
- For GDPR, CCPA/CPRA and other privacy laws
- Apply privacy requirements based on user location
- Get consent prior to third-party scripts loading
- Works for desktop, tables and mobile devices
- Customize the appearance to match your brand style
Create your Cookie Consent banner today to comply with GDPR, CCPA/CPRA and other privacy laws:
Start the Privacy Consent wizard to create the Cookie Consent code by adding your website information.
At Step 2, add in information about your business.
At Step 3, select a plan for the Cookie Consent.
You're done! Your Cookie Consent Banner is ready. Install the Cookie Consent banner on your website:
Display the Cookie Consent banner on your website by copy-paste the installation code in the
</head>section of your website. Instructions how to add in the code for specific platforms (WordPress, Shopify, Wix and more) are available on the Install page.
- 1. What are Cookies?
- 2. What is Cookie Text?
- 3. Why Do You Need Cookie Text?
- 4. Are There Legal Requirements for Cookie Texts?
- 4.1. Cookie Text Requirements Under the GDPR and EU Cookie Law
- 4.2. Cookie Text Requirements Under the CCPA (CPRA)
- 5. How to Draft Compliant and Effective Cookie Text
- 5.1. Provide a simple and descriptive heading
- 5.2. Be transparent about your cookie practices
- 5.3. Use plain, relatable language
- 5.4. Include clear user control options
- 6. What are Some Other Examples of Valid Cookie Texts?
- 7. Frequently Asked Questions About Cookie Texts
- 7.1. What is cookie text, and why does it matter for my website?
- 7.2. Is cookie text required by data privacy laws?
- 7.3. How can I balance compliance with user experience in my cookie text?
- 7.4. What happens if I don't have valid cookie text?
- 8. Summary
What are Cookies?
Cookies (also called web or HTTP cookies) are small text files stored on users' browsers by websites they visit. They're typically used to:
- Remember users' preferences (like language selection)
- Personalize browsing experience
- Improve website performance
It's worth noting that some cookies can monitor users' activities and track them across the web, which raises privacy concerns.
What is Cookie Text?
The cookie text shouldn't be confused with a Cookies Policy, which is a more comprehensive account of the cookies being used.
In practice, cookie text concisely summarizes the following details:
- Who places the cookies: Is it just your website, or are third-party trackers also involved?
- How cookie data is used: Will you analyze user preferences or share data with advertisers, or both?
- What controls users have: Can users accept, reject, and customize their cookie preferences?
A run-of-the-mill cookie text could read as follows:
Here's an example of comprehensive cookie text that addresses all key elements above:
Why Do You Need Cookie Text?
The most important reason you need a cookie text is to comply with the transparency requirements of privacy laws.
Cookies are primarily used to gather data about website visitors. And while some cookies collect purely statistical insights, others collect personal information (e.g., username, location data, IP address) that can identify users.
Once personal information is involved, privacy laws come into play, and they set out distinct rules for handling data responsibly - including how to disclose cookie usage.
Some of the more prominent laws are as follows:
- The EU's General Data Protection Regulation (GDPR)
- California's Consumer Privacy Act (CCPA/CPRA)
- Canada's Personal Information Protection and Electronic Documents Act (PIPEDA)
- Australia's Privacy Act of 1988
- Brazil's Lei Geral de Proteção de Dados (LGPD)
Beyond legal compliance, having well-written cookie text can help build trust and contribute to your website's credibility. It's your chance to create a positive first impression and set the stage for a smooth online experience.
Are There Legal Requirements for Cookie Texts?
There's no concrete set of legal requirements when it comes to cookie text. However, there are consent and transparency requirements for cookies themselves that ultimately impact the cookie text.
To illustrate, let's look at the cookie text requirements under two major legal jurisdictions.
Cookie Text Requirements Under the GDPR and EU Cookie Law
If you have users in the European Union (EU) and the European Economic Area (EEA), your cookie text must factor in the requirements of the GDPR and the EU Cookie Law.
Neither law addresses cookie texts directly, but they do spell out how to handle cookies and disclose their use to website visitors.
In short, the GDPR and the EU Cookie Law set the following rules for cookies (and, by extension, the cookie text):
- Obtain active consent (e.g., ticking an empty checkbox) before placing cookies on users' devices
- Don't place cookies on users' devices without their consent (excluding strictly necessary cookies)
- Allow users to change their preferences and withdraw their consent as easily as they gave it
- Keep proof of users' consent choices
- Renew cookie consent at least once every six months (depending on region-specific guidelines)
Here's how Bumble presents its cookie text to EU users, including all relevant details as required:
Cookie Text Requirements Under the CCPA (CPRA)
The CCPA (CPRA) uses an opt-out consent system. This means consent isn't necessary for cookies under California's law (with some exceptions). And the cookie text requirements reflect this.
One important thing to note under the CCPA (CPRA) is that using third-party cookies may constitute a sale of personal information. For this reason, a valid cookie notice banner (and cookie text) should meet the following requirements:
- Inform users about cookies, their source, and their purpose
- Obtain active consent for third-party cookies as a precautionary measure
- Allow users to opt out of cookies that sell information via a "Do Not Sell My Personal Information" link
Here's Bumble's cookie banner once again, but for California users this time. Note how Bumble changes its cookie text completely to focus on the sale or sharing of personal information:
Now that we've seen why you should pay keen attention to your cookie text, let's go over some best practices to observe when drafting one.
How to Draft Compliant and Effective Cookie Text
For the best results, your cookie text needs to balance legal obligations with user experience.
This means including relevant details required by applicable laws while optimizing language, style, and presentation for user-friendliness.
The key elements of a winning cookie text are as follows:
- Use a simple but descriptive heading
- Be transparent
- Use language that's easy to understand
- Offer users options for controlling or changing settings
Let's look at each in more detail.
Provide a simple and descriptive heading
Though optional, it's a good idea to start your cookie text with a heading that clearly communicates the purpose to visitors. Avoid legalese and jargon to make it easily understandable.
Here's how Spotify writes it heading in its cookie consent banner:
Be transparent about your cookie practices
Your cookie text should be a transparent but concise summary of the cookies you use and their functions. You can then provide more information in your preference center and Cookies Policy.
In terms of their purposes, cookies typically fall into one of the following categories:
- Strictly Necessary Cookies: These cookies are essential for your website to function properly.
- Functionality Cookies: These cookies help remember users' choices (e.g. language preferences, location, etc.).
- Performance Cookies: These cookies collect anonymous data about how visitors use your website (e.g., page views and click-through rates) to improve performance.
- Marketing Cookies: These cookies collect information about users' browsing habits to target them with relevant ads (e.g., Google AdWords/AdSense).
Here's how EY concisely highlights its cookie categories in its consent banner, including a link to customize cookies:
Once users click the customize cookies link, they're directed to EY's cookie settings page, where they can get more information about cookie categories and choose their preferences:
Use plain, relatable language
Your audience may or may not be tech-savvy, so it's best to use language that resonates with all visitors.
Talk to your visitors like you would a friend explaining something important. Short sentences, plain language, and relatable expressions are best practices for effective outcomes.
Here's a good example of a plainly written cookie text from McKinsey & Company:
Include clear user control options
Depending on applicable laws, your cookie text should include clear choices for users to either accept or reject cookies.
You may also consider offering granular choices to let users decide which specific cookie types they're comfortable with. Though not explicitly required by law, it's considered a best practice to give users an extra layer of control.
In practice, granular options are offered through links labeled "Manage Cookies," "Customize Cookies," or similar anchor texts that lead to a cookie preference center.
Here's how user control options can look from Deloitte:
And here's how granular options can look, from Adidas:
What are Some Other Examples of Valid Cookie Texts?
For more practical guidance, let's take a look at additional examples of valid cookie texts from various websites.
QuillBot uses a simple cookie consent notice that clarifies its cookie types and includes equally prominent accept and reject buttons. The notice also offers customization options and includes a link to the Cookies Policy for more information:
LinkBuilder takes a unique approach by offering granular choices right on its cookie consent notice alongside other key elements of a valid cookie text:
Frequently Asked Questions About Cookie Texts
Below, we answer some of the most frequently asked questions about cookie texts.
What is cookie text, and why does it matter for my website?
Is cookie text required by data privacy laws?
Privacy laws don't explicitly require a cookie text. However, having a well-written one can support your compliance with these laws, particularly when it comes to transparency obligations.
How can I balance compliance with user experience in my cookie text?
Use plain, easily understandable language to explain why you need cookies, what cookie categories you use, and how visitors can manage their preferences.
This way, you remain transparent (as privacy laws require) while ensuring a positive, user-centric experience for your audience.
What happens if I don't have valid cookie text?
Your cookie text shouldn't be an afterthought. It not only supports legal compliance but can help create a positive first impression on your website visitors.
While there's no one-size-fits-all approach for cookie text, effective and legally compliant cookie text should include the following elements:
- A simple and descriptive heading
- Plain, relatable language
- A transparent explanation of your cookie practices
- Clear options for users to accept, decline, or customize cookie preferences