If you manage a website or webshop and use advertising platforms such as Google Ads and Meta Ads, you need to take the following steps:
- A cookie notice is practically unavoidable.
- Make sure you implement Google Consent Mode V2 through your cookie banner in combination with Google Tag Manager.
- Enable server-side tagging.
In short, even though platforms like Google and Meta are responsible for obtaining user consent, you as the website owner must ensure that they actually receive this consent. Without it, these platforms cannot use data, which may affect your campaigns. Whether they will truly stop processing data without consent is still uncertain, but it is in your best interest to secure reliable audiences and accurate measurement. By following the steps above, you optimise your data collection despite increasing restrictions.
The General Data Protection Regulation (GDPR) came into effect on 25 May 2016. A common question is: “Do I need to display a cookie notice on my website?” The answer depends on your specific situation.
In summary: if your website uses cookies that collect, store or access personal data, you are required to ask for consent. This is typically done through a cookie notice.
In this article, you’ll gain the insights you need to determine whether your website requires a cookie notice and how to implement it effectively.
Cookies and the GDPR
Although cookies are not technically part of the GDPR, they are regulated under the ePrivacy Directive. A new law focused on privacy and electronic communications is on the way, but until then, GDPR rules apply. This means you must actively request consent for any cookies that process personal data. A cookie notice is therefore unavoidable.
What is considered personal data?
Personal data is any information that can be traced directly or indirectly to an individual. Examples include a name, email address, bank account number or IP address.
Many types of data on B2B websites do not fall under this category, but as soon as information can be linked back to an individual, such as a personal email address, it is considered personal data. Certain data collected by Google Analytics, including online identifiers and device IDs, may also be classified as personal data.
What exactly are cookies?
Cookies are small text files placed on your device by websites. They store information that is useful during your visit and can be recognised the next time you return.
Cookies can serve different purposes and are generally divided into four categories:
Marketing cookies: these are often used for remarketing purposes, such as showing ads based on your previous visits.
Necessary cookies: these ensure the website functions properly, for example by remembering your shopping cart.
Preference cookies: these remember settings such as your language preference or region.
Statistical cookies: these collect data on visitor numbers and popular pages
When are cookies allowed without consent?
Not all cookies process personal data, which means some cookies may be placed without consent. This mainly applies to necessary cookies that are essential for the core functionality of the website.
When it comes to statistical cookies, however, things become less clear.
Universal Analytics
When using Universal Analytics (the older version of Google Analytics), your IP address is collected, which is considered personal data. However, you can choose to anonymise IP addresses, allowing these cookies to be placed without consent. You must still ensure that all other settings comply with privacy regulations.
Google Analytics 4
Google Analytics 4 does not collect IP addresses and processes data from EU users on EU-based servers before forwarding it. However, Google Analytics 4 still uses online and device IDs, which means consent is still required, especially because some data may be transferred to the United States. Under European regulations, the United States is considered an unsafe destination for data transfers.
When do you need a cookie notice?
In most cases, yes. Especially if you use Google Analytics or collect personal data through tools such as live chat, Google Ads, Facebook pixels or remarketing platforms, you will need a cookie notice.
Not sure where to start? Tools such as Cookiebot can help you understand which cookies your site is using. If you want more certainty, consider having your website reviewed by an expert.
Example of a proper cookie notice
A proper cookie notice should meet the following criteria:
Implementing a cookie notice
If you still need a GDPR compliant cookie notice, we recommend Cookiebot. Although it is a paid solution, it works very well with Google Consent Mode and offers extensive options. More affordable alternatives such as Cookiescript and Cookiecode come with more limitations.
Conclusion: although a proper cookie notice is important, you also need additional measures to make your website fully GDPR compliant, such as a clear privacy policy.
Feel free to contact us if you need help implementing your cookie notice.
Our advice
We recommend using Cookiebot by Usercentrics. This tool offers a simple and reliable way to make your website fully GDPR compliant. With Cookiebot, you have full control over all cookies and ensure that your visitors can give consent in a transparent way without losing any functionality.
