Cookie Consent Management – How to Do It Right?

Did you know that you could be losing valuable data about your website users if your consent management platform is not implemented correctly? Furthermore, you could be at risk of facing financial penalties from the Data Protection Authority. Learn how to avoid these issues!
Cookie Consent Management – How to Do It Right?

Why Do You Need a Consent Management Platform?

We all remember the time when websites first started requiring notifications about the use of cookies. Back then, the pop-ups were typically brief and simply included a link to the privacy policy. Some websites still use this practice today, but it no longer meets all legal requirements.



In 2019, the Court of Justice of the European Union issued a ruling concerning a website operated by a German company. The court ruled that “the use of cookies requires the active consent of users.” Moreover, it stated that consent cannot be given through a pre-checked checkbox. The ruling also clarified that users must be informed about how long the cookies will function and whether third parties will have access to them.

As a result, in 2020, the European Data Protection Board mandated that website owners must obtain user consent for cookies before running tracking scripts. The guidelines emphasize that users must have the option to consent, decline, or withdraw their consent easily. All three actions should be equally straightforward.

To meet these requirements, you need a tool that integrates with the systems responsible for tracking codes. While you could develop your own software, this is both time-consuming and labor-intensive. Moreover, you’d need to continuously update it in line with evolving regulations. A faster and easier solution is to use one of the many consent management platforms already available on the market.

What to Consider When Choosing a Consent Management Platform

Since 2020, user privacy policies have become increasingly strict. There are reports of potential fines running into millions for websites that fail to comply with user privacy regulations. Additionally, Google has warned that it will block advertising accounts linked to websites that do not comply with these requirements.

Given this, the demand for consent management platforms continues to grow, and providers compete to offer the most attractive packages. Popular tools include CookieBot, CookieYes, and OneTrust. When choosing a platform, consider the following factors:

  • Does your website qualify for a free package?
  • What determines the package pricing? It’s worth investing in a solution that covers both the main domain and its subdomains in one package. Some tools offer separate packages for domains and subdomains.
  • Does the system automatically identify cookies and categorize them appropriately?
  • Does the package offer essential options for your website, such as multiple language versions, banner customization, or even white-label features?
  • Is the consent management panel user-friendly and easy to navigate? Many platforms offer trial accounts so you can test their configuration options.
  • Does the platform support Google Consent Mode? This feature allows you to retain valuable data even if a user declines cookies. More on this below.

What Does Proper Consent Management Implementation Look Like?

In my experience, many websites use consent management platforms as little more than decorative features. In some cases, this is intentional, but often it results from an incorrect implementation.

Below is an example of improper cookie consent management implementation. Ironically, this is found on a website dedicated to data protection.

As seen in the screenshot, cookies related to Google Analytics are being triggered before the user has made a choice regarding their cookie preferences. In this case, the banner serves no real purpose, and the website does not respect the user’s rights.

So, how should you implement a consent management platform correctly? First, remember that configuration needs to take place both in the consent management panel (mainly for banner settings) and in Google Tag Manager—or directly in the website’s code (to condition tracking scripts). Here are two key principles in a nutshell:

  1. Tracking codes should only trigger based on user consent for cookies. The default consent status should be set to „denied.” Advertising or analytical cookies must not activate until the user consents.
  2. Accepting cookies should immediately trigger tracking codes by automatically reloading the page. If this step is skipped, the user will only be tracked from the next page they visit, or not at all if they don’t navigate to another page.

How to Avoid Losing Data When Users Decline Consent

Many website owners hesitate to implement a cookie consent management system due to concerns about losing valuable data. However, Google Consent Mode offers a solution for cases where users decline cookies. It sends „cookie-less pings” to services like Google Analytics, Google Ads, and Floodlight, informing them of site visits.

This data is aggregated and anonymized, so it’s not used for remarketing. However, it still provides Google with basic information, which is then used to model data and predictions in Google Analytics 4.

To use this feature, you’ll need to integrate your consent management system with Google Consent Mode. Many platforms offer ready-made templates for this integration via Google Tag Manager, and Google tags in these templates require no further editing. However, remember to manually configure the triggering of tracking scripts for other services you use, such as Facebook or Pinterest Ads.

What Should Be Included in a Cookie Banner?

There’s a wide variety of designs and content when it comes to cookie banners. According to both the Telecommunications Act and GDPR, the banner must provide clear and understandable information about the use of cookies on the website. Ignoring the banner should default to non-consent.

Website owners aim to get as many users as possible to accept cookies. To encourage consent, consent management systems offer various tactics. Here are a few examples:

No button for rejecting cookies
No button for rejecting cookies

 

The "Save and Exit" button is inactive until at least one option is accepted
The „Save and Exit” button is inactive until at least one option is accepted

 

A banner that encourages users to change their decision after rejecting cookies
A banner that encourages users to change their decision after rejecting cookies

 

Closing the site if cookies are declined
Closing the site if cookies are declined

 

Managing Preferences
Managing Preferences


Legal regulations concerning cookie banners are quite general, leading to various interpretations of these guidelines. It’s hard to definitively categorize which practices are bold, controversial, or borderline illegal. In cases of uncertainty, it’s always wise to consult a lawyer or data privacy expert.

What is certain, however, is that the technical implementation of a consent management platform must be correct. This means ensuring that all tracking scripts trigger based on the user’s cookie preferences.

Conclusion

In an era of increasingly strict privacy regulations, consent management is a must-have if you want to avoid legal headaches. While third-party cookies may soon become a thing of the past, first-party cookies are still here to stay. Remember that cookie consent actually refers to consent for processing data via cookies, but also other similar technologies—which are rapidly emerging to meet market demands.

Properly implementing a consent management system poses many challenges, so it’s understandable that those who don’t deal with this regularly may feel overwhelmed. If setting up a cookie consent management platform is still on your to-do list, we’d be happy to do it for you! Contact us for a quote.

O AUTORCE

Katarzyna Góraj

Senior Digital Analyst​

Pierwsze kroki na ścieżce zawodowej stawiała w social listeningu, po czym doszczętnie przepadła w świecie badań. W Yetiz zajmuje się analityką, ale i prowadzeniem kampanii PPC. Prywatnie jest uzależniona od górskich wędrówek i nie wyobraża sobie życia bez wokalu Freddiego Mercurego.

Meer te weten komen