Products
By Use Cases By Roles
DataControls Cloud^TM
View
Learn more

Asset and Data Discovery

Discover Data Assets

Learn more

Data Access Intelligence & Governance

Identify which users have access to sensitive data and prevent unauthorized access

Learn more

Data Privacy Automation

PrivacyCenter.Cloud | Data Mapping | DSR Automation | Assessment Automation | Vendor Assessment | Breach Management | Privacy Notice

Learn more

Sensitive Data Intelligence

Discover & Classify Structured and Unstructured Data | People Data Graph

Learn more

Data Flow Intelligence & Governance

Discover & Classify Structured and Unstructured Streaming Data

Learn more

Data Consent Automation

First Party Consent | Third Party & Cookie Consent

Learn more

Data Security Posture Management

Protect data systems by discovering and automatically remediating misconfigurations

Learn more

Data Breach Impact Analysis & Response

Analyze impact of a data breach and coordinate response per global regulatory obligations

Learn more

Data Catalog

Automatically catalog enterprise datasets

Learn more

Data Lineage

Track changes and transformations of data throughout its lifecycle
Data Controls Orchestrator
View
DataControls Cloud^TM
View
Sensitive Data Intelligence
View

Asset Discovery
Data Discovery & Classification
Sensitive Data Catalog
People Data Graph
Learn more

Privacy

Automate compliance with global privacy regulations

Data Mapping Automation

View

Data Subject Request Automation

View

People Data Graph

View

Assessment Automation

View

Cookie Consent

View

Universal Consent

View

Vendor Risk Assessment

View

Breach Management

View

Privacy Policy Management

View

Privacy Center

View

Learn more

Security

Identify data risk and enable protection & control

Data Security Posture Management

View

Data Access Intelligence & Governance

View

Data Risk Management

View

Data Breach Analysis

View

Learn more

Governance

Optimize Data Governance with granular insights into your data

Data Catalog

View

Data Lineage

View

Data Quality

View
Data Controls Orchestrator
View
Solutions
Technologies

Covering you everywhere with 1000+ integrations across data systems.

Snowflake

View

AWS

View

Microsoft 365

View

Salesforce

View

Workday

View

GCP

View

Azure

View

Oracle

View

Learn more

Regulations

Automate compliance with global privacy regulations.

US California CCPA

View

US California CPRA

View

European Union GDPR

View

Brazil’s LGPD

View

Thailand’s PDPA

View

China PIPL

View

Canada PIPEDA

View

Thailand PDPA

View

+ More

View

Learn more

Roles

Identify data risk and enable protection & control.

Privacy

View

Security

View

Governance

View

Marketing

View
Resources

Blog

Read through our articles written by industry experts

Videos

Solution and customer videos.

Collateral

Product brochures, white papers, infographics, analyst reports and more.

Knowledge Center

Learn about the data privacy, security and governance landscape.

Securiti Education

Courses and Certifications for data privacy, security and governance professionals.
Company

About Us

Learn all about Securiti, our mission and history

Partner Program

Join our Partner Program

Contact Us

Contact us to learn more or schedule a demo

News Coverage

Read about Securiti in the news

Press Releases

Find our latest press releases

Careers

Join the talented Securiti team

Cookie Text: A Comprehensive Guide

By Privacy Research Team

Published on February 2, 2022

A decade ago, a user would type in the name of their preferred website and begin their browsing. They would note how the more they browsed the site, the better ads they received that directed them towards the exact goods/services they were looking for. This was possible because of cookies. Cookies are small bits of text stored on your browser by the site that help it collect information on your browsing behavior. Naturally, this results in the website showing the user better goods/services based on what they were searching for.

A decade later, the average user journey on a website hasn't changed much, except for one major thing. Depending on where the user was accessing the site, the first thing they would see on the website would be a dialogue box, asking them to Accept or Manage cookies.

Thanks to GDPR and several other data protection laws, websites cannot store cookies on a user's device by default when catering to EU and UK residents. They need proper and informed consent from the visitor to do so. The text in the dialogue box, where the user will choose to either accept cookies or manage what cookies they want to be stored, is known as Cookie Text.

As surprising as it may seem, this small piece of text is the current standard way a website uses to convince the consumers to accept cookies on their website.

In simple terms, cookie text is the actual text a user will see on the dialogue box when they are presented with the choice to either accept cookies or reject them. While it may not seem like a big deal, a cookie text is essentially the only tool a website has to gain consent from users to store cookies on their site. Given how cookies can help ensure a user sees highly targeted ads that are more likely to convert and help a website identify its users better, it becomes clear just how vital cookie texts are.

The European Data Protection Board's definition states that "valid consent is a freely given, informed, specific and unambiguous indication of a user's wishes. Scrolling and continued browsing on websites is not valid consent, and cookie banners are not allowed to have pre-ticked checkboxes".

Naturally, a website's cookie text should adhere to this definition and seek to elicit consent while guiding users to appropriate resources on the website if they have any further questions on the matter.

Why Websites Use Cookie Texts

Cookie texts are how a website can communicate its exact cookie consent policy. The dialogue box where the cookie text is shown must be precise enough without limiting any information a user must know.

Usually, the cookie text is the first thing a user will see when visiting a website. Unlike the cookie policy statement where a website has to explain what kind of cookies are being used, how the website uses them, what information they store, and how users can manage them, a cookie text is a far more straightforward form of text that greets a user upon arrival to the site and requests their consent to store cookies on their device.

Cookie texts can be thought of as a permission tool as it is the only way a website can make a case for storing cookies on a user's device.

The General Data Protection Regulation (GDPR) set the benchmark for data protection laws. The GDPR required all websites using cookies to take robust precautions to ensure their users' data privacy and elicit proper consent before collecting any form of data. This is known as opt-in consent, where a user has to opt-in with express consent to have their data collected.

One of the things that stands out the most about how the GDPR deals with cookies is the fact "cookies" are not mentioned at all within the regulation. Instead, the term used is "personal data identifiers". Most websites use cookies to carry out that exact function, i.e., to store information about a user's age, language, device being used, time zone, country, etc. However, since there are cookies that do not collect personal information but are strictly necessary for a website to function properly, those technologies are exempt from GDPR.

As far as cookie text is concerned, the GDPR deals with how a website is supposed to inform its users about cookies. Any cookie text on any webpage on a website must contain the following information:

Information about using cookies and their purpose when users visit the website.
How to accept and reject cookies before storing them on a device.
Keep cookies (except strictly necessary cookies) blocked until the user gives consent.
How users can select what cookies they want the website to store on their device.
How users can allow or withdraw cookie consent if necessary.
Keep a log of all the user consent.
Renew cookie consent every six months (depends on the local data protection authority guidelines).

Cookie Text for CCPA Compliance

The California Consumer Privacy Act (CCPA) has a somewhat different approach towards cookies than the GDPR. While the GDPR follows the opt-in consent model, the CCPA follows the opt-out model. Under the opt-out model, websites have the right to store cookies and collect information on a user by default. A user can only ask a website not to share or sell any data collected on them to a third party. Furthermore, websites are under no obligation to discontinue data collection even after a user requests so.

Under the opt-out model, a website must make it easier for users to opt-out of having their data sold or shared with third parties by making a "Do Not Sell My Personal Information" link clearly available and accessible on every website's webpage. The cookie text for such a Do Not Sell My Personal Information must fulfill the following requirements:

Inform the users about cookies, their source, and their purpose.
Allow users to opt-out of cookies ("Do Not Sell My Personal Information" link) that sell or share personal information with third parties.
Link to privacy or cookie notice that explains what type of cookies the site uses, the source, the data collected, their purpose, and how users can control them.

Cookie Text Examples

Here are some examples of cookie text from various websites from different countries adhering to various data protection laws from across the world:

Best Cookie Text Practices

It should be clear by now that there is no "one size fit all" approach when it comes to your cookie text. Owing to the different legal requirements of various data protection laws around the world, it is likely that a website may need to alter its cookie text per country. Or in the case of the US, this alteration in cookie text will be needed on a state level since different states have their own data protection laws.

However, there are some key practices that any website can inculcate in their cookie text wherever they may be operating from to ensure they remain legally compliant without making things more complicated than they need to be.

Use simple & easily understandable language
Avoid jargon and technical or legal terms
Give users an equal opportunity to opt-in or out without restricting their browsing experience
Explain exactly what kind of cookies you use
Explain what information you share/sell to third parties and how users can opt-out of it

How Securiti Can Help

Cookie consent management has taken an unprecedented level of importance in 2022. Several data protection laws are being enacted worldwide that mandate all websites ensure their users are adequately informed and educated about their digital privacy rights. Businesses have to figure out how they can continue trying to optimize their users' browsing experience without breaching any consent requirements.

A robust and instantly adaptable cookie consent management system is the key to achieving that goal. And such a robust and instantly adaptable cookie consent management system can only be achieved via automation. Owing to the sheer amount of data involved, it makes sense for businesses to automate this vital process to ensure effectiveness and efficiency.

Securiti is a market leader in providing AI and machine-learning-based enterprise solutions to various data compliance-related problems such as cookie consent management.

Request a demo today to see Securiti's tools in action and learn how Securiti can help your business.

Privacy Center
Fully Functional In Minutes

Elegant Consumer Frontend, Fully Automated Backend, Privacy Regulation Intelligent Everywhere.

Take a Tour

Take a
Product Tour

See how easy it is to manage privacy compliance with robotic automation.

Watch a demo

At Securiti, our mission is to enable enterprises to safely harness the incredible power of data and the cloud by controlling the complex security, privacy and compliance risks.