Back to blog
Cookie ConsentFebruary 2024 · 5 min read

Cookie Banner Requirements Under GDPR: What You Actually Need

58% of websites have a non-compliant cookie banner. Some have no banner at all. Regulators are actively fining companies for dark patterns and pre-ticked boxes. Here's what the law actually requires.

Do you even need a cookie banner?

You need a cookie banner if your site sets any cookies that are not strictly necessary for the service. This includes:

  • Analytics cookies (Google Analytics, Matomo, Plausible)
  • Marketing / retargeting cookies (Facebook Pixel, Google Ads)
  • A/B testing tools (Optimizely, VWO)
  • Session recording tools (Hotjar, FullStory, Microsoft Clarity)
  • Live chat widgets (Intercom, Drift, HubSpot)

Strictly necessary cookies (session cookies, shopping cart, authentication) do not require consent.

Do's and Don'ts

Do

  • Show the banner before setting any non-essential cookies
  • Make "Accept" and "Reject" equally prominent — same font size, same visual weight
  • Allow users to withdraw consent as easily as they gave it
  • List specific cookie categories (analytics, marketing, preferences)
  • Store consent records with timestamps for audit purposes
  • Block all non-essential scripts until consent is given
  • Provide a link to your full Cookie Policy / Privacy Policy

Don't

  • Pre-tick any consent boxes or default to "Accept"
  • Hide the "Reject" button behind multiple clicks
  • Use dark patterns like making "Reject" a tiny grey link
  • Continue loading tracking scripts before consent
  • Count "continued browsing" as consent
  • Require users to register/pay to access reject option
  • Refresh the banner immediately after rejection to pressure re-consent

Recommended CMPs (Consent Management Platforms)

CookieYes

Best for: Most websites

Free tier

Cookiebot

Best for: WordPress / enterprise

From €9/mo

Axeptio

Best for: French businesses

From €0

Usercentrics

Best for: Complex setups

From €0

Osano

Best for: Simple sites

Free tier

Does your site have a compliant cookie banner?

Run a free scan and find out in 60 seconds.

Scan my site free →

This article is for informational purposes only and does not constitute legal advice.