IDC Names Securiti a Worldwide Leader in Data Privacy


What Is A Cookie Notice And How To Get It For Gdpr, Ccpa & Lgpd?

By Securiti Research Team
Published January 29, 2022 / Updated April 10, 2023

Transparency is quickly becoming a vital asset for websites online. It is a tool that helps them gain a competitive advantage over their competitors. At the same time, a lack of transparency can signal an irrecoverable loss of trust by the users. A key contributor to achieving transparency is by gaining proper consent from users online before using any tool that may infringe on their right to digital privacy.

The cookie consent agreement, better known as a cookie notice, is a website's way of communicating what cookies they use, how they use them, and how it helps them help their users. Depending on which website a user visits, the cookie notice could be a pop-up, a header, or a footer.

However, the important thing is that all cookie notices serve a single purpose; to inform users how cookies on the site work and how they can accept them or manage them otherwise. There are certain rules a cookie notice has to fulfill, namely the European Data Protection Board's guidelines on valid consent:

Article 4(11) of the GDPR stipulates that consent of the data subject means any:

  • freely given,
  • specific,
  • informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

For more information about why these cookie notices are important, examples, and requirements under various laws around the world, read on below:

In short, yes. As per new data protection laws already enforced or in the process of being enforced, the first thing a user will see when they visit any site is the cookie consent notice. They can then decide whether they agree to all the cookies being stored on their device or whether they'd like to manage which cookies are stored.

The user must have the ability to make a free choice without feeling pressured into a particular option. Hence, the cookie consent notice will play an important role in getting the user to agree to have the cookies stored with complete and proper consent.

A cookie consent notice is a legal requirement in most countries. Users now expect to have a more extensive degree of control over their data. Similarly, websites cannot restrict users' access to a site or its features due to their refusal to accept cookies.

In such a scenario, a consent notice is the website's way of presenting its case for how cookies help make the user's browsing experience better in real-time.

Requirements for GDPR, CCPA, & LGPD Compliance

The most cumbersome part about having a reliable cookie notice is the need to alter it depending on which country the website is being accessed from. This is all down to the fact that most data protection laws have varying requirements for websites' cookie notices.

However, considering how the GDPR, the CCPA, and the LGPD represent the laws that are considered the benchmark for most other data protection regulations globally, complying with them should set you on the right trajectory towards achieving compliance under all other laws. Here's what's required from a website's cookie notice under these three laws:


As per GDPR, a compliant cookie consent notice must:

  • Acquire clear and unambiguous consent.
  • Collect consent before processing a user's data.
  • Document all records of collected consents.
  • Specify all the types of cookies and tracking technology it uses.
  • No pre-ticked checkboxes.
  • Enable users to revoke consent on each category of cookies.
  • Annual consent renewal.


Cookie consent notice requirements under the California Consumer Privacy Act (CCPA) differ in some major categories from the GDPR. The first is the opt-out model, where a website can continue to store cookies and collect user data until the user opts out of having such data collected. Some requirements a business is still expected to comply with include:

  • Acquire clear and unambiguous consent.
  • Document all records of collected consents.
  • Specify all the types of cookies and tracking technology it uses.
  • Enable users to revoke consent on each category of cookies.


The General Personal Data Protection Law (LGPD) places the following obligations on websites when implementing cookie consent notices online:

  • Consent must be affirmative, specific, and unambiguous.
  • Identification of the data handlers purpose of processing.
  • Duration of the cookie's storage.
  • Links to resources on how to withdraw consent.
  • Links to complain, correct, and transfer data.
  • An option to decline.

Here are some examples of Cookie Notices from a few major websites indicating that there are different ways to notify users about cookies:

Ways to Notify Your Users About Cookies

A website has to take appropriate steps to ensure its users know about the cookies that might be stored on their device. To get their consent to store cookies, they must be appropriately notified. Some commonly used tools to ensure this includes:

Fixed Footer Notification

Considering how traditionally the footer has been used on websites to relay crucial legal information, this is considered the most effective way of notifying the users about cookies. A website can present a user with all their options, and the proper links to other important resources they may feel might help the user make an informed decision.

Top Header Notification

The main benefit of using a header notification to inform the user about cookies is that it is impossible to miss or ignore. Unless the user accepts or manages cookies appropriately, the header notification remains on each web page they visit. Like the footer, a website can include links to any appropriate resources.

Inline Top Header Notification

This is a variation of the top header notification. Instead of a separate section for the cookie consent text, the cookie notice is presented as part of the content on the website. While a lot more aesthetically pleasing, it is also helpful if you want to regularly gain your users' consent if you make changes to your privacy policy, since this notice will be noticeable on the main content that a user may interact with rather than just the homepage of the website.

Box Notification

By far the most radical variation of the cookie consent notice, the box notification shows up on the screen when a user types in the URL. It's a bit extreme, but it ensures a website has proper user cookie consent from each user before they can begin navigating the website. What sets it apart from the other tools is that unless the user takes an appropriate action to accept or manage their cookie, they cannot access the site.

User consent has taken on an unprecedented level of importance in 2022. With all major countries in the world having operationalized or are operationalizing data protection laws, there is a greater responsibility on businesses and websites to elicit informed consent from their users and educate them on their rights.

While cookie consent may sound like a simple enough task, the sheer volume of data involved and the varying degrees of requirements under different data protection laws from around the world make it a daunting task. The most logical approach is to opt for an automated solution.

Securiti is a market leader in providing AI and machine-learning-based enterprise solutions to various data compliance-related problems such as cookie consent management for all businesses of any size in any domain.

Request a demo today to see Securiti's tools in action and learn how Securiti can help your business.

Privacy Center
Fully Functional In Minutes

Elegant Consumer Frontend, Fully Automated Backend, Privacy Regulation Intelligent Everywhere.


Join Our Newsletter

Get all the latest information, law updates and more delivered to your inbox


More Stories that May Interest You

Take a
Product Tour

See how easy it is to manage privacy compliance with robotic automation.

At Securiti, our mission is to enable enterprises to safely harness the incredible power of data and the cloud by controlling the complex security, privacy and compliance risks.


Gartner Cool Vendor Award Forrester Badge IAPP Innovation award 2020 IDC Worldwide Leader RSAC Leader CBInsights Forbes Security Forbes Machine Learning G2 Users Most Likely To Recommend