Skip links
gdpr cookie consent

What is GDPR Cookie Consent? A Guide for Business 2023

Have you ever wondered how you are repeatedly shown the same advertisement across a different website you visit daily? 

How does the internet know what you search for on Google and put a similar ad when watching a video on YouTube? 

How do you get non-stop e-mails and push notifications from spammy companies you don’t know about? 

Well, it’s all about third-party cookies. 

Third-party cookies are the stalker you never knew about!  

But don’t worry. A cookie consent management is there to help your business grow while complying with data privacy laws globally. 

What is Cookie Consent? 

Cookie consent is the interaction between a user and a consent management platform (CMP) on a business website when the user explicitly consents to a website owner to deploy and use cookies to collect the user’s personal information. 

A clear and specific request made by the website/app/business owner to the end user to consent to collect personal data via cookies.  

Further, this consent is dependent on two fundamental factors:   

  • The consent must educate the consumer about cookies and the purpose of their usage. 
  • Giving users the right to accept, reject, change the data, or change their preferences. 

Businesses can either use a pop-up or integrate their website/app with a Cookie Consent management that will centralize all the compliance requirements in one place.  

So, what are these cookies?  

According to Google:   

“Cookies are small pieces of data sent to your browser by a website you visit.  

They help the website remember information about your visit, making it easier for you to revisit the site and make it more useful.   

Other technologies, including unique identifiers, used to identify a browser, app or device, pixels, and local storage, can also be used for these purposes.”   

Cookies help business owners know how you interact with their website/app with specific parameters like the duration of your visit, sessions, language preference, etc.  

This helps them make better decisions that will enhance your overall experience with the website.   

Now we’ll dive deep and understand what other purpose these cookies are used for.   

Functionality 

Some cookies are necessary for the user and the website/app/business owners.  

These are called “Essential Cookies.” These cookies are essential to access the website.    

Essential cookies store essential information to give you an optimal user experience.  

It includes preferences such as your choice of language, sessions, shopping cart content, product optimization, and more.  

So, the “essential cookies “are mandatory and do not require any consent from the user to function.   

Other cookies maintain and enhance user experience during a specific session.  

For example, Google services have a cookie named ‘NID’ or ‘ENID’ respectively in their browsers, depending on their cookie choices.    

These cookies collect and store your preferences and other information, such as your preferred language, how many results you want Google to show on the search result pages, and whether you would like to turn on Google’s SafeSearch filter. 

Each ‘NID’ cookie expires six months from a user’s last use, while the ‘ENID’ Cookie lasts 13 months.    

YouTube uses the ‘PREF’ cookie to maintain your data, such as your preferred page configuration and playback preferences like player size, shuffle content, and explicit autoplay choices.    

Apart from this, the preference for YouTube Music includes autoplay, volume, and repeat mode.  

This cookie expires eight months from a user’s last use.  

The cookie’ pm_sess’ also helps maintain your browser session for 30 minutes.   

Security  

Cookies are also used to make a user experience for the website and the user secure and reliable.  

This includes user authentication, fraud prevention, and user protection while using different services.   

Some other cookies are used for user authentication to verify whether a given account belongs to the owner when accessing the report.  

For example, Google uses ‘SID’ and ‘HSID,’ which are embedded with Digitally signed and encrypted records of a user’s Account ID and their recent log-in time.  

These cookies also help Google to optimize security and prevent unwarranted attacks from Black-hat bots and unethical hackers.   

Some cookies tackle severe security issues, preventing spam, fraud, and abuse. Cookies like ‘pm_sess,’ YSC,’ and ‘AEC’ cookies ensure that 3rd party sites can’t request within the browsing session other than the user.  

Because these malicious sites act on behalf of the user and might take away personal data without the user’s consent, while cookies like ‘pm_sess’ last for 30 minutes, ‘AEC’ can last up to six months.  

‘YSC’ cookies last until a user’s browsing session.  

Analytics 

Without analytical cookies, many businesses would fail to give users an optimum customer experience, ultimately affecting their bottom line.  

Analytical Cookies help web dev-ops and marketers to understand how you, the user, interact with the given services and give them enormous insights, which allows them to improve the content and, thus, your overall user experience.   

For example, Google uses their main Analytical Cookie’_ga’, enabling them to understand where the user is from and how they are distinguishable from the other user.  

Also, it collects and stores information on personally identified individual visitors and their site usage statistics, helping them to understand user behavior in a better way.  

The ‘_ga’ Cookies are unique to every personal property, so they can’t be used to track users across unrelated websites.   

Advertising 

A significant share of Google’s revenue comes from advertisements. Some advertisement cookies help marketers, and advertisers retarget you with relevant ads.   

The Cookies maintain your preferences, like the number of times the ads you want to see, what kinds of ads you don’t consent to, and measuring the effectiveness of the ads.   

Google uses ‘NID’ cookies to show Google Ads in the Google services for the signed-out users, while Google ads use ‘IDE’ and ‘ANID’ cookies for non-google sites.   

There is also an option to use personalized ads, which will cater to the ads according to your preference.   

If you have enabled the personalization ads, then the ‘ANID’ Cookie will store the settings and other preferences for 13 months in the European Economic Area (EEA), Switzerland, and the United Kingdom (UK), and 24 months elsewhere.  

But if it’s disabled, the ‘ANID’ Cookie stores are set until 2030.   

Advertisers use several other cookies to know the CTRs of a particular ad which helps them with A/B testing and see the effectiveness of the specific ads on specific locations for certain people.  

These cookies are incredibly beneficial for advertisers as they tell them the measurement and productivity of the ad campaign.   

Some of these cookies are ‘_gads,’ which helps to show Google ads, and ‘_gac_’ is used by advertisers to measure the user activity and the performance of the ad campaigns.  

The ‘_gads’ cookies last for 13 months, and the ‘_gac_’ cookies last for 90 days.   

Some more essential cookies help the advertiser know how many times a user clicked on their ads and how many converted them into sales.  

These cookies are called ‘_gcl_’ cookies. They last for 90 days. Keep in mind that cookies used for measuring conversion are not used for personalization ads.   

Personalization 

Every marketer’s dream is to convert their potential customers into loyal brand advocates of the brand.  

And in today’s time, there is only one-way businesses can make this happen: producing more personalized content.   

Cookies help marketers and content creators tremendously.  

They identify and measure what users do on a website and know their interests by analyzing what content they engage with the most and what search terms they are typing in Google or YouTube search algorithms.   

Cookies like ‘VISITOR_INFO1_LIVE’, which YouTube uses, help to formulate a personalized homepage based on your past searches and engagement with the videos.  

‘UULE,’ another personalized cookie, sends Google the exact location through your browser to its servers so that it can show you search results that are helpful and relevant to your site.   

If cookies are so good, then why ask for consent? 

Cookies are not harmful in and of themselves. But they can store sensitive information crucial to the user’s privacy.    

In the past, tech companies or individual contractors have shared or sold cookies with malicious intent.  

If your system is compromised, hackers can access these cookies through your browser.  

These cookies are then used for unnecessary ad retargeting and other unlawful purposes.    

Now, what to do?  

Moving to 2023 will be challenging, mainly for businesses. Doing business without respecting your consumer’s privacy will damage your brand value.    

Businesses must know how to leverage cookie consent for profit by regulating it.   

GDPR: The mediator 

GDPR, or General Data Protection Regulation, emerged in June 2018.   

Under GDPR, “All EU member states must treat cookies and other technical identifiers as personal data.”   

GDPR states that businesses must educate the individual or the user on how to use data on an opt-in basis.   

Every business must opt-in to Cookie Consent Banners to comply with GDPR guidelines.  

Failing to do so will attract heavy penalties of as much as 4% of one’s global annual turnover, or $21 Million, whichever is greater.  

It applies to companies that are either located in the EU or target consumers living in the EU, even if they are from any part of the world.   

A small case study  

A French Government agency has levied a collective penalty of $240 Million on Facebook and Google, alleging that these companies have made it very easy for the user to accept cookies (even ones that, if compromised, can leak sensitive personal data) and have made the process of deleting cookies complex.    

These options are buried inside the privacy settings, which most users don’t bother about.  

These tech giants have been given some time to figure out and streamline the process of accepting and quickly rejecting cookies.   

What do people think about cookie consent?   

The younger generation, especially the Gen Zs and Millennials, have been the driving force behind the implementation of Data privacy laws worldwide.   

The statistics below analyze the level of consent among the US population regarding the usage of cookies as of June 2021.   

The solution: Cookie consent management with PrivacyPillar 

PrivacyPillar CMP seamlessly integrates with your website with minimal manual intervention.  

PrivacyPillar builds consumer trust by complying with effective Data Privacy laws such as GDPR, CCPA, VCDPA, etc.   

PrivacyPillar is a fast and easy-to-use platform with a high degree of brand personalization that allows you to play around however you want it to; with your website’s design and layout.   

The consent preference management platform by PrivacyPillar enables companies to collect, centralize, govern, and sync consent and first-party data giving businesses an edge over their competitors.   

Special tools like geotargeting ensure that a user is provided with a cookie consent solution relevant to the user’s location and data privacy laws.    

For example, the cookie consent banner for a business coming under the purview of GDPR will differ from the one coming under the ambit of CCPA.   

Cookie consent banner requirement under GDPR: 

  1. Include a Button to Accept Cookies. 
  1. Provide Detailed Information About Cookie Use. 
  1. Alert the User if the Website Shares Data with Third Parties. 

Cookie consent banner requirement under CCPA: 

  1. Information About Cookie Use. 
  1. A Button to Accept Cookies. 
  1. Do Not Sell Button. 


Launched out of the CCPA/CPRA and VCDPA, PrivacyPillar CMP is an expert in data privacy compliance, and VCDPA cookie consent compliance in particular, with a mission to make the digital data economy trustworthy and a safer place for end-users and websites alike.   

Cookie consent: What businesses must know. 

Cookie consent is simple – a user lands on your website and is presented with a cookie consent banner that asks permission to either accept or reject or change their preference for the usage of cookies.   

Among essential Cookies, which are mandatory, analytic and marketing cookies run on the back-end powering Google Analytics, HubSpot, or Shopify – or any other service you use to get insights into and run a marketing campaign for your online business.   

While it may look easy on the front end, it could be more complex on the back end.  

This creates difficulty for website/app/business owners to collect and sort data, which marketers and advertisers can use.  

But don’t worry. PrivacyPillar CMP is here to help you.   

Consent: The way to do business in 2023 

Well, most cookies used on any typical website today are third-party cookies. And the remaining cookies are “trojan horses.”  

These “trojan horses” hide deep into the user’s web browsers which hackers then use for malicious intent, and personal data gets stolen.  

Once installed on the browser, these trojan horses harvest personal data every time the user visits your website.  

This will make your site incompatible with the Data Privacy laws like the EU’s GDPR and attract heavy fines.    

A consent management platform like PrivacyPillar will make your website/app cookie compliant, meaning that that cookie will not load until the user consents.    

A cookie consent banner will pop up as the user visits the website. The content of this banner may differ depending on which data privacy law your business falls under.  

This banner will ask the user to accept, reject, change the data, or change the preference.  

They can also see what cookie you load onto their browser under the “change the settings” section.     

Comply with the EU’s GDPR cookie consent requirements 

The EU’s GDPR demands that the website/business owner take the end user’s consent before the cookie can legally be used to collect and process personal data.  

This applies to companies that operate in the EU or target EU citizens, even from any part of the world.   

EU’s GDPR is the first law that has given the end user the right to accept, reject, change the data, or change the preference from the website/business owners that collect personal data via cookies onto their web browser for analytics and advertisements.  

If needed, they can access, edit, or even remove their data from the website through DSAR.   

GDPR cookie consent requirements 

Requirements that must be followed for your website to be fully GDPR compliant – and which PrivacyPillar CMP fully automates upon implementation:   

1. Prior and explicit consent must be obtained from the users before activating cookies (apart from essential cookies).   

2. Granular consent must enable users to activate some cookie categories and not others.   

3. Consents must be given freely, i.e., not nudged or coerced.   

4. Users must be able to withdraw consent as quickly as they gave it.   

5. Consents must be securely stored as legal documentation.   

6. Consent shall be renewed at least once every year. However, other national data protection guidelines recommend more frequent renewal, e.g., six months.   

Cookie consent with Google Consent Mode 

A GDPR-compliant website with optimized data analytics and ad revenue system is the best combination with Google Consent Mode and PrivacyPillar CMP.   

To know how Google Consent Mode and PrivacyPillar CMP will help you build a better website, provide a better customer experience and ensure you are a GDPR-compliant business, read our support guide to Google consent mode.  

Conclusion 

In the long run, 3rd party cookies will be banned, making it harder and harder for business/website owners to look for factual data from the first-party cookie, i.e., end users.  

For this, businesses must comply with the data privacy laws relevant to their business and take cookie consent from the end user.   

Cookie Consent will become mandatory in the coming years, which is the best way for businesses to build customer trust.  

Companies that are transparent about their operations and take their consumers seriously will go a long way.  

To go a long way, you need a platform to help you build that trust. And PrivacyPillar is here to help.