It is essential both from a business transparency perspective, as it will allow you to build trust with your users, and from a legal perspective, as some privacy laws and directives, such as the GDPR and the ePrivacy Directive, just to name these two, require it.
As you can see, some elements need to be included. Namely, warning your users that you are using cookies, explaining what cookies are and which ones you are using, why you are using these cookies (the purpose), and finally how users can opt out or change their cookie preferences.
British newspaper The Guardian is bold when it comes to letting its website visitors know that it is using cookies:
This is the cookie banner that pop-ups when you first land on the .com version of its website while it is in line with the newspaper’s brand colors, it is impossible to miss as it takes up almost half the screen, especially on mobile.
The newspaper does a great job of vulgarizing a complicated subject and, while its policy is wordy, it is effective in letting users know exactly what types of cookies are used and for what purposes.
Email marketing service Mailchimp is used by customers across the globe. Here is the cookie consent pop-up that appears when you land on www.mailchimp.com:
You will note that one has the option to “accept all cookies” or to click on “cookie settings” – if selecting the latter, a column pop-ups on the left-hand side of the screen:
This is an easy way to allow website visitors to manage their cookie preferences without them having to navigate to a separate page of the website. It also provides succinct and easy-to-understand summaries of the cookies used.
The cookie banner links to Mailchimp’s Cookie Statement which is a separate page under the Legal section of its website.
It covers the basics, such as what cookies are, why they are used, the types of first and third-party cookies as well as other tracking technologies used on Mailchimp’s sites, a section about targeted advertising, and one about how to control cookies.
The cookie statement also contains elements that are more specific to the service that it offers (email marketing automation tool) namely the cookies served to end-users through the use of its email marketing platform by Mailchimp customers or “Members” as the company calls them.
Mailchimp lists out the cookies used in clear tables which provides transparency to its users and makes it easy for them to have a quick scroll through the page:
The website of the European Commission, the executive branch of the European Union, is the perfect example of requesting affirmative consent from users. When users land on the homepage, they are served with this cookie banner:
The European Commission’s cookies policy has its own page and covers in layman’s terms what types of cookies are used on the website as well as their purposes and duration:
It also links to the policies of the third-party services used on the website, such as YouTube and Soundcloud:
Professional services company Accenture uses a different approach and relies on users’ implied consent:
If one chooses to click on “Cookies Settings” they are faced with an overview and short explanation of the cookies used on the website as well as the option to change the default settings, which is to allow all cookies, by sliding the toggle switches to the left.
This is a different approach from the one used by the European Commission above.
Depending on where your website users are located you may want to request active, affirmative consent from your website visitors by using a cookie banner with a checkbox that has to be ticked or an “I agree” button that has to be clicked instead of relying on implied consent, as some countries’ privacy regulations are stricter than others and prohibit the use of pre-ticked boxes, instead of requiring clear and positive action from website users.