How to Add Cookie Consent to Your Website + Implications

by | Dec 18, 2023

How to add cookie consent to your website + implications (1)
10 min read

We live(d) in a cookie world. Now, we need to get ready for things to change. The first step? Understanding the implications of cookie consent, then we’ll show you how to add cookie consent to your website.

Before we begin, if you’re interested in learning more about cookie consent, cookie deprecation and data privacy, download our free whitepaper on Cookies & Data Privacy for Marketers.

Cookies and Data Privacy Whitepaper for Marketers Download

Tracking is getting harder

Higher user expectations for ad privacy are driving both additional privacy regulations and technology changes that restrict user-level tracking.

What marketers have to contend with:

  1. The loss of third-party cookies (coming 2024 to Chrome)
  2. Shorter conversion windows
  3. Loss of app to web tracking
  4. Increased privacy regulations
  5. The rise of ad-blockers

All these changes ultimately reduce the amount of data we can collect and therefore limit our visibility on users.

Regulations across the world

If you operate internationally, you have to respect multiple regulations.

GDPR regulations across the world - cookie consent regulations

Without doing a deep dive into GDPR, you might be surprised to learn that cookies are only mentioned once across the GDPR’s 88 pages.

What does it say?

Natural persons may be associated with online identifiers provided by their devices, applications, tools and protocols, such as internet protocol addresses,
cookie identifiers or other identifiers such as radio frequency identification tags.

This may leave traces which, in particular when combined with unique identifiers and other information received by the servers, may be used to create profiles of the natural persons and identify them.

Data governance requires dedication

Having a cookie solution in place does not make you compliant. It is not a one-and-done thing. Regulations keep changing. You must keep up to date with them!

Cookies fall under the Privacy and Electronic Communications Regulations

Under PECR we must:

  • Receive users’ consent before you use any cookies except strictly necessary cookies
  • Provide accurate and specific information about the data each cookie tracks and its purpose in plain language before consent is received
  • Document and store consent received from users
  • Allow users to access your service even if they refuse to allow the use of certain cookies
  • Make it as easy for users to withdraw their consent as it was for them to give their consent in the first place

Cookies fall under the Privacy and Electronic Communications Regulations

 

Types of cookies

Based on their duration, provenance, and purpose, you need to adapt how you use cookies.

  • Duration: Session, Persistent
  • Provenance: First-Party, Third-Party
  • Purpose: Strictly necessary, Preferences, Statistics, Marketing

You can do this easier by using one of the consent management platforms below. In the following examples we’ll use OneTrust to implement cookie consent.

List of consent management platforms - cookie consent

Cookie consent implications: closing the gap

Some of Google Marketing Platform solutions to minimise impacts include:

  • Enhanced Conversions
  • Conversion Modelling
  • Privacy Sandbox
  • Consent Mode

Let’s narrow in on Conversion Modeling and Consent Mode. By setting up a OneTrust property, for example, we’ll be able to unlock these two features.

First, we want to unlock Consent Mode to get better insights. This is recommended by Google for the most accurate modelling.

How to add cookie consent to your website

Adding a cookie consent banner to your website means a loss of data/visibility, but we can still track users who allow it. Based on the consent response of the user we’ll either be able to track their activity across your website or not.

The impact

You can evaluate the impact of adding cookie consent to your website and how many people opt-in or opt-out on purpose in Google Analytics 4 and Google Ads.

Google Analytics

  • Use the OneTrust report, for example, to evaluate the amount of data lost
  • In GA4, change reporting identity at a property level to see the difference between Modeled Data and Observed Data
  • 2023 release: Conversion modeling of GA4 will integrate with Google Ads

Google Ads

  • Use the OneTrust report to evaluate the amount of data lost
  • Modelled conversions are reported with the same granularity as observed conversions
  • 2024 release: When conversion modeling goes live, you’ll be able to view your conversion modeling uplift on “domain x country level” in the Diagnostics tab

Deploying consent mode: best practices

Consent mode enables you to measure conversions while respecting user consent.

  1. User navigates to your site and indicates consent status (for ads and/or analytics storage).
  2. Consent mode will tell Google tags whether they have permission to use cookies for ads and analytics.
  3. When the user does not consent, the relevant Google tags will adjust their behaviour to help observe conversions without using associated cookies. When the user consents, Google will observe data as normal.
  4. With modelling, Google surfaces the most accurate data in your account to enable better reporting and optimisation

Deploying consent mode: best practices

 

Consent types

Google and third-party tags adjust their storage behaviour based on a consent state of either granted or denied.

  • Ad_storage: Enables storage, such as cookies, related to advertising
  • Analytics_storage: Enables storage, such as cookies, related to analytics (for example, visit duration)
  • Functionality_storage: Enables storage that supports the functionality of the website or app such as language settings
  • Personalization_storage: Enables storage related to personalisation such as video recommendations
  • Security_storage: Enables storage related to security such as authentication functionality, fraud prevention, and other user protection

The first two types, Ad_storage and Analytics_storage, are the most important for marketers.

Tag behaviour based on user consent

Conversion Modelling

Conversion modelling can help fill in blanks in media measurement at times when it’s not possible to observe the path between ad interactions and conversions.

Modelled conversions will appear in the “Conversions” column and be reflected in all downstream reports that use this data.

Minimum required:

  • Consent mode implemented
  • Daily ad click threshold of 700 ad clicks over a 7 day period, per country and domain grouping

Read more about consent mode modelling.

GA4 Behaviour Modeling

Behavioural modelling compensates for the absence of cookies through the use of models for users and sessions data, which are trained on observable data to give a more complete picture.

Behavioural modelling starts from the date a given property becomes eligible.

Minimum required:

  • Consent mode implemented
  • The property collects at least 1,000 events per day with analytics_storage=’denied’ for at least 7 days
  • The property has at least 1,000 daily users sending events with analytics_storage=’granted’ for at least 7 of the previous 28 days

Learn more about GA4 Behavioural Modeling for Consent Mode.

How to add cookie consent to your website with OneTrust

OneTrust is a provider of privacy management software platforms. Let’s learn how to add cookie consent to your website with OneTrust Cookie Consent.

OneTrust cookie consent helps companies stay compliant with privacy and security laws like ePrivacy (cookie Law), GDPR, CCPA and others by providing a centralised platform to track data and automate privacy processes.

  • Implement digital tracking governance
  • Detect all cookies, tags, trackers, pixels, beacons, and more across your website
  • Customise out-of-the-box consent banners according to your brand and regional needs
  • Easily deploy banners across domains with pre-built MarTech integrations
  • Demonstrate compliance with global privacy laws
  • Installed via Google Tag Manager
  • Configured by site/language = multiple licences per region

How to add cookie consent to your website with OneTrust

7 steps for creating a GDPR cookie-compliant banner with OneTrust

  1. Scan the site
  2. Create cookie compliance templates
  3. Categorise the cookies
  4. Create and assign geolocation rule groups
  5. Define vendors
  6. Implement the cookie consent script
  7. Block scripts and cookie creation based on user’s consent

Need help implementing cookie consent across your website? Speak to an expert.

And don’t forget to download your free whitepaper on implementing cookie consent, cookie deprecation and data privacy.

ccokies and data privacy whitepaper download

Benoit Weber
Categories

Recommended for you

Get Our Newsletter

Sign up for our newsletter and receive monthly updates on what we’ve been up to, digital marketing news and more.

Your personal information will not be shared, and we don’t like mail spam or pushy salesmen either!