Living in the digital age undoubtedly has numerous advantages. From unprecedented access to information to seemingly endless avenues for business growth, digital innovations have revolutionized our society and way of life.

But you know what they say, there are two sides to every coin.

The digital revolution has also brought data protection and privacy concerns to the forefront of people’s collective consciousness. Until recently, there has barely been a day without talks of data breaches, identity thefts, and companies misusing customer information.

Knowing something had to be done to end this madness, the European Union (EU) lawmakers introduced the General Data Protection Regulation (GDPR) in 2016. This regulation would go on to inspire other major data protection laws globally, and for good reason.

Among other things, GDPR entirely transformed the concept of cookies and cookie consent. How? That’s exactly what this guide is here to show you. Understanding how cookie consent works today is crucial for anyone operating a website, both from a legal and a marketing standpoint.

Keep reading to learn more.


What Are Cookies?

Before diving in, let’s go back to basics. What are cookies?

Cookies are text files stored within browsers. These handy tools allow websites to track user behaviors and activities and use the gained insights to personalize their future experience.

Spend a few minutes online, and you’ll likely witness the effects of cookies firsthand.

Let’s say you browse an online pet supply store. Once you’re done, you head to YouTube to relax a bit. But what is that ad popping up before your video plays? That’s right, an ad for the exact kind of food you were just looking at on the pet supply store’s website.

Now put yourself in the shoes of the website’s owner, and you’ll instantly understand the business potential of using cookies properly.


The Many Types of Cookies

All these tiny yet mighty text files are collectively called “cookies.” However, not all cookies are the same. In fact, they can be divided into several categories based on how long they track user behavior, who places them on the website, and what they do.

Tracking Period

There are two types of cookies based on their tracking period – session and persistent cookies.

Session Cookies
As their name implies, these cookies only track user activities for a single session (a single visit to the website). They allow owners and administrators to track the user journey throughout their website, from page to page. Why? To improve user experience (UX) in the future.

Persistent Cookies
When a user visits a website with persistent cookies, these text files get saved on their device. They stay there for a while (usually between 30 days and two years) and consistently track user activities on the website. With these cookies, website owners and administrators can personalize the user’s experience based on their preferences and choices over time.


Cookies don’t necessarily have to be placed by the website where users encounter them. That’s where the first-party cookies vs. third-party cookies difference comes into play.

First-Party Cookies
First-party cookies are placed directly by the website the user is visiting. These cookies can come in handy both for website administrators and visitors, as they help remember user preferences, keep shopping carts active, and facilitate a seamless login experience.

Let’s say you like browsing The New York Times, so you create an account. Thanks to the first-party cookies, the website for this newspaper will store your password, eliminating the need to enter your login credentials every time you want to read an article or two. On top of that, these cookies will track the topics you like to read about to give you a better reading experience.

Read about cooking and recipes for a while, and the next time you log in, you’ll see other cooking-related New York Times articles in the sidebars and footers of the articles
you’re currently on.

(Image Credit: Cookiebot)

Third-Party Cookies
Third-party cookies are placed by – you guessed it – a third party and not the website itself. The third party in question is usually an advertiser or another website that uses these cookies for marketing purposes (like showing targeted ads to users based on their browsing history).

These are the cookies that sometimes make users feel uneasy, like they’re being “followed”.

Just imagine looking for the perfect dinner recipe on, only for an ad for the NYT Cooking subscription to pop up in the corner.

To avoid annoying your website visitors and getting a bad reputation, try not to overuse these cookies.


While cookies can accomplish various purposes, four stand out the most. Interestingly, not all of these cookie types require consent. How can you tell the difference? Well, if the cookies are critical for the website’s operation or they provide a service the user has explicitly requested, no consent is needed. As soon as analytics and advertising come into play, so does the cookie consent.

Necessary Cookies
The name of these cookies says it all – they’re absolutely necessary for the website’s seamless functioning (remembering items in the shopping cart, authenticating user identity, etc.). As such, they’re exempted from the cookie consent requirements. Still, you might want to explain to your visitors what these cookies do, as this move will help build customer trust and loyalty.

Preferences Cookies
Preference cookies, also known as functionality cookies, allow your website to remember the data associated with your users’ past visits. Language preference, time zone, login credentials, and notification preferences are just some examples of what these cookies store.
Statistics Cookies

Statistics cookies track website visitors anonymously to determine how well the website itself functions. Let’s say you’re comparing two similar web pages based on performance. With these cookies, you’ll be able to tell which leads to more user engagement, has a higher conversion rate, keeps visitors engaged longer, and the list can go on and on.

Statistics cookies play a huge role in Search Engine Optimization (SEO) activities and can be used to inform your business’s content strategy.

Marketing Cookies
For the most part, marketing cookies are third-party cookies. After all, their purpose is to track users’ online activities to serve them better-targeted ads. It goes without saying that these cookies are incredibly useful to marketers. However, they’re also the subject of numerous federal regulations aiming to protect consumer privacy.


What Is Cookie Consent?

As you can see, cookies can help you gain valuable insight into your visitors’ behavior, which you can use to advance your business goals. But before non-essential cookies can start tracking and collecting data, the website visitor must consent to these actions. The GDPR made sure of this.

In other words, cookie consent refers to obtaining permission from website visitors to store information on their devices and retrieve it when necessary.

But how do websites go about obtaining these permissions?

There are several ways to obtain cookie consent. Some websites will redirect visitors to a separate page where they can decide which types of cookies to allow. Others will display a pop-up, prompting the visitor to accept or reject cookies. But most websites rely on banners to get their message across and receive the necessary consent.

Which method a website uses doesn’t solely depend on the owner’s preferences. It primarily boils down to the website’s jurisdiction. For instance, GDPR cookie-consent regulations concern the EU. This means all websites targeting EU visitors must abide by them and choose the cookie-consent model accordingly.

On the other hand, the U.S. doesn’t have federal laws regulating cookie consent. However, there are specific state-level laws that do.

Does My Website Need Cookie Consent?

Unfortunately, there’s no “yes” or “no” answer to this question. It all depends on your website’s jurisdiction and visitors.

Let’s say your business and website are based in a U.S. state that doesn’t regulate cookie consent. It’s perfectly understandable to think you don’t need a cookie consent banner. But what if your website gets visitors from the EU? Without a cookie-consent system in place, you can get into serious legal trouble.

When it comes to cookie consent, it’s always better to err on the side of caution.

This, of course, means asking for cookie consent, regardless of your location. Besides avoiding hefty fines, you’ll also build trust with your visitors. After all, who doesn’t appreciate transparency?


The Primary Types of Cookie Consent Banners

Now that we’ve established that cookie consent should be a must-have rather than a nice-to-have, let’s see how you can go about obtaining it. Whichever cookie consent banner you use, make sure it’s clearly worded and perfectly visible.

Notice-Only Consent
Notice-only consent banners serve as more of a “heads up” than a formal request for consent. These banners simply inform the visitors that the website uses cookies without giving them a formal option to opt in or out.

(Image Credit: Cookiebot)

While this is the simplest approach to obtaining cookie consent, it isn’t necessarily the most prudent. It might fly in regions without strict cookie consent regulations. However, it spells nothing but trouble for businesses needing to be compliant internationally.

Soft Opt-In Consent
This type of cookie consent banner is similar to the notice-only type. The website visitor doesn’t really get a choice of whether to opt in or out of cookies. But unlike the notice- only model, websites with soft opt-in consent don’t start employing cookies until the visitor interacts with the page somehow. Even a click on a link is taken as consent in this situation.

Implied Consent
The implied consent model allows website visitors to opt out of cookies. But this option is typically significantly less prominent than the opt-in option, as shown below.

(Image Credit: Cookiebot)

When done correctly, this model is the least interruptive for user experience. Basically, it gives users a concrete choice without getting in the way of their online journey. Plus, regulators mostly see this model as safe, especially when the banner links to the cookie usage policy within that website. Of course, clicking on the link should never be perceived as an automatic opt-in.

Explicit Consent
As its name suggests, this model asks visitors for explicit cookie consent. In other words, simply staying on the website or clicking on a page isn’t enough. The only thing that allows cookies to track data is clicking on the “Accept” option.

Unlike in previous models, the options to accept and deny consent are clearly visible and similarly positioned, as you can see below.

(Image Credit: Cookiebot)

Sometimes, these banners even include a “Customize” option.

(Image Credit: European Data Protection Board)

By clicking on this option, website visitors can opt out of specific non-essential cookies.

Comprehensive Consent
With the comprehensive consent model (a term we came up with!), website visitors receive detailed information regarding their consent options. Plus, they’re often given the chance to fully customize their cookie consent preferences.

Check out the example below, courtesy of McKinsey & Company.

The website visitor can either accept the cookies right away or click on the “Manage my preferences” button, which launches a new window.

(Image Credit: McKinsey & Company)

In this window, each type of cookie is explained in detail. Armed with all the necessary information, the user can choose which cookies to opt in for. Of course, the essential cookies are the exception; they’re always on. But one look at the explanation below, and the users will immediately understand why this is the case.


The Downside to Using Cookie Consent Banners

We’ve already gone through why your website needs cookie consent. But are there any downsides to using cookie consent banners?

Unfortunately, the answer is positive. Research has shown that roughly half of website visitors will opt out of cookies upon spotting the banner, which makes it impossible to gain insight into their behavior.

Since you can’t change the policies regulating cookies, you can do everything in your power to make users grant you consent. This involves devising attention-grabbing cookie consent banners with clear and concise messaging. Also, try playing around with the banner placement to determine which results in the highest opt-in rate.


Going Beyond Cookie Consent Banners

Since many people opt out of cookies, marketers can no longer rely solely on these text files to inform their decisions. But this doesn’t have to be a bad thing. In fact, all the commotion around cookie-consent laws has pushed businesses to think out of the box and find new ways to interact with their consumers directly, gathering first-party data.

First-party data refers to the data your consumers give out voluntarily. There are many ways to go about collecting this data, but two have proven the most successful so far – investing in high-quality content and engaging with people on social media.

Create relevant, up-to-date, and informative content, and your consumers will be quick to sign up for more. With no cookies needed! The only thing you do need is a team of experienced writers who can deliver such appealing content.

The same goes for social media. Team up with the right people and build a platform your ideal audience will gravitate toward. By clicking the “Follow” button, they will essentially opt in to see your updates. With carefully thought-out social media campaigns, you can go a step further and collect valuable information through giveaways and similar interactive activities.


What’s Next on Your Consumer Data Journey?

Let’s be honest – most consumers aren’t particularly fond of cookies. They either find them utterly annoying or are completely indifferent. While this shouldn’t prevent you from using cookie consent banners and protecting your business, it should get you thinking of other ways to collect consumer data.

That’s where Netwave Solutions comes into play.

Say goodbye to relying exclusively on cookies, which can be rather off-putting to consumers. Instead, allow us to refine your website, manage your marketing campaigns, and write compelling content, and the first-party data will start pouring in.

Contact us today to get started.