You see it on almost every website – the cookie consent banner that asks you to agree to cookies being placed on your device. While some websites give you an actual choice to agree or deny, others ask you to just agree, and others just say that cookies are being placed on your website without you having the ability to disagree, there is no doubt that the cookie consent banner is everywhere in every form imaginable. This feature helps websites obtain consent for the placement of cookies on a user’s device. So, whether you call it a cookie consent banner, a cookie consent tool, or a cookie management platform, you may be wondering if your website needs to have one as well. In this article, we will help you understand which privacy laws require websites to have a cookie consent banner and determine whether your website needs one too.
Table of Contents
What are cookies?
While we all normally think of cookies as a delicious treat, when it comes to websites, cookies (also called tracking technologies) are a small piece of code is put on a user’s device or browser and that tracks them as they use that website (to determine what pages they clicked on, for example) or as they go from your website to different websites (to show Facebook advertisements, for example). Usually, cookies are put on a user’s device automatically.
Why are website cookies regulated?
While certain cookies are used for purposes that a website visitor would expect such as protecting the website from hacking, displaying images, or displaying the website in general, other cookies can be more intrusive by tracking website visitors to show them advertisements or to send them marketing messages. Many consumers are not aware of the fact that advertising cookies can track the products that they viewed online and then use that data to show them Facebook advertisements for those same products. Regulators have passed multiple privacy laws that require certain websites to obtain the consent of the user for placing cookies on their device that were not strictly required for the proper operation of the website. A website cookie consent banner does just that – helps websites obtain the consent of the website user to the collection of certain types of cookies.
When do you need a cookie consent banner?
The first step to determine whether your website needs a cookie consent banner is to determine whether your website has cookies (or other tracking technologies that act as cookies). You can use this complimentary cookie scanner to determine if your website collects cookies. If your website does not have cookies, then you do not need to have a cookie consent banner as there is nothing that the users of your website have to consent to. If your website does collect cookies, then you should consider adding a cookie consent banner to your website to gather the consent of your website’s users as you may be required to provide one by law.
What laws require websites to have a cookie consent banner?
The laws that require websites to have a Cookie Consent Banner can be split into two categories: Opt-in consent frameworks & Opt-out consent frameworks.
Laws that require Opt-in consent framework
Opt in consent frameworks are consent banners where website visitors are opted out of non-essential Services by default (analytics embeds, ad trackers, third party video embeds, etc). They must take action (such as clicking ‘accept all’) in order to provide explicit consent to being tracked via these Services.
The following laws require an opt-in consent framework. We’ve even pulled screenshots from our Privacy Law Identifier to show what questions we ask to determine if these laws apply to your website.
California Invasion of Privacy Act (CIPA)
If you include California in your answer to the following question, you likely need a consent banner for CIPA coverage in Privacy Policy remaining questions
General Data Protection Regulation (GDPR)
If you answer “yes” to EITHER ONE of these questions, GDPR will apply and a cookie banner will be required:
United Kingdom Data Protection Act 2018 (UK DPA)
If you answer “yes” to EITHER ONE of these questions, UK DPA will apply, and a Consent Banner will be needed:
Personal Information Protection and Electronic Documents Act (PIPEDA)
If you answer “yes” to the following question, PIPEDA will apply, and a Consent Banner will be needed:
Quebec Law 25
If you answer “yes” to the following question, Quebec Law 25 will apply, and a Consent Banner will be needed:
Laws that require Opt-out consent framework
Opt out consent frameworks are consent banners where website visitor data is allowed to be collected and/or shared with third party technologies and the visitor is tracked by those technologies, which are considered non-essential (analytics embeds, ad trackers, third party video embeds, etc.), but users are provided a choice if they want to opt out of that data being collected, shared, or sold.
The following laws require an opt out consent framework:
California Privacy Rights Act (CPRA)
If you generate over $25 million per year in revenue, or you answer “Yes” to any of the questions below, then you will need an opt-out consent banner for CPRA coverage:
Virginia Consumer Data Protection Act (VCDPA)
If you answer “Yes” to any of the questions below, then you will need an opt out consent banner for VCDPA coverage.
Colorado Privacy Act
If you answer “Yes” to any of the questions below, then you will need an opt-out consent banner for Colorado Privacy Act coverage.
Utah Consumer Privacy Act (UCPA)
If you generate over $25 million, or answer “Yes” to any of the questions below, then you will need an opt-out consent banner for UCPA coverage.
Connecticut SB6
If you answer “Yes” to any of the questions below, then you will need an opt-out consent banner for Connecticut SB6 coverage.
Texas Data Privacy and Security Act (TDPSA)
If you answer “Yes” to the question below, then you will need an opt-out consent banner for TDPSA coverage.
Oregon Consumer Privacy Act (OCPA)
If you answer “Yes” to any of the questions below, then you will need an opt-out consent banner for OCPA coverage.
Indiana Consumer Data Protection Act (ICDPA)
If you answer “Yes” to any of the questions below, then you will need an opt-out consent banner for ICDPA coverage.
Where can you get a cookie consent banner?
Now that you know what laws require websites to have a cookie consent banner, you are probably wondering where you can get one for your website. The Termageddon/Usercentrics integration means that all Termageddon accounts include a cookie consent banner that you can enable right from your license.
