Cookie Banners: The Good, The Bad, The Ugly

October 30, 2023

The past ~10 years have been the golden age for capturing data to feed better decision making for every corner of your business.

BUT with great data comes great responsibility, and (for marketers) the golden age is coming to an end. Collecting consented cookie data is now fraught with danger… The dark age of data is here.

The “cookie apocalypse” is a key driver behind this new era. In this post, we’ll summarize the fundamentals of cookies and why they pose a threat to legal compliance and consumer trust - then reintroduce cookie banner consent in a new light. 

By the end of this post you’ll be armed with the tools to put site visitors back in the driver's seat of their privacy and customer journey, as well as understanding the next steps to restore full visibility of consented data to your AdTech and MarTech stack. 

Grab a tea and cookie! Let’s go:

What are first and third party cookies? 

The majority of internet users do not understand cookies, and yet, most sites we visit now ask us to declare our position on them. Cookies are critical for capturing full customer journey insights to inform decisions. But what are they?

First party cookies are backed up by the website you visit and stored on your computer. These cookies are unique to the interaction between the user and the website they visit and thus only represent consented information given to the trusted site. 

This data might be login details, used to prevent the user having to enter that cringe hotmail address from their youth each time they revisit the site. More essential than that, first party cookies are responsible for remembering items in your shopping cart. Without them, your cart would empty each time you navigated to a new page on the site. These cookies are fundamental to how the internet works.

By leveraging first party cookie data, websites are able to personalize on-site user experience, such as suggesting products based on user behaviour. Similarly, first party cookies can prevent the annoyance and ad spend wastage of displaying advertisements to shoppers that have already converted with that product. 

So if cookies make for a better customer experience and effective marketing, why are we preparing for a cookieless world and simultaneously begging visitors to accept these delicious snippets of browser code? 

Enter third party cookies…

Third party cookies are created by a domain that is not the website you are on. So long as the script is allowed to load, the third party is able to track a user across sites and collect data on their digital habits and consumer behaviour to create a profile. This tracking functionality is used by advertising platforms to serve you ads that their clients have commissioned to target your profile. 

The absence of explicit consent combined with the ambiguity of third party data applications is a recipe for a batch of privacy and legal concerns. Most browsers now disable third-party cookies by default, with Chrome being the only noticeable hold-out

Cookie banners and Compliance

First it was 2000’s diet culture making us rethink cookies, then along came GDPR and CCPA. The European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) took effect in 2018 and 2020 respectively. Both pieces of legislation aim to give individuals greater control over their personal data, including how it is used, collected and shared between parties. 

After a period of head scratching over how businesses would continue to operate and market within these new legal frameworks, the cookie banner solution was born.

The type of information required for a compliant cookie banner will depend on whether the site visitor resides in the EU or California. Let’s break down some key differences:

Cookie banners consistent with what visitors from these areas have come to expect require customisation to reflect CCPA and GDPR compliance distinctions. Compliant and customer focused sites will opt for a consent management solution capable of geo-targeting for this purpose.

BUT that is not to say data privacy should stop at the borders of the CCPA or GDPR. The evolving landscape of data regulation and consumer sentiment toward digital rights is worldwide.

Here’s a handy guide from Didomi to track how different nations around the globe are progressing with their stance on user privacy.

In other words…

Beyond a landing page cookie banner, it is crucial to ensure that all website pages adhere to the settings chosen by the visitor. Tracking a user on any site page after they opted out of non-essential cookies on their initial landing page would be a major privacy violation. 

If you are not proactively applying consent models to all site visitors, then you are falling behind trust-building competitors.

Now, onto the good stuff…

Cookie banners don’t have to leave a bad taste for UX

Data consent is sexy - and in many cases, the first step toward the personalised user-experience we have come to expect online. The functions of popular personalization platforms such as Dynamic Yield, Optimizely and Content Square can be blocked entirely for visitors that do not accept cookies. 

By the same token, Customer Data Platforms (CDPs) starved of consented data can only do so much for your brand. You’re letting the investments in these platforms go to waste if you’re letting browsers block data and scripts with blanket bans, as opposed to letting users consent to collecting the critical data they require.

Here’s our view: As an industry, we need to reframe the cookie narrative. 

The cookie banner is the gateway to a better user experience in exchange for the trust of your customers. Earning this trust requires forthright transparency over what data is being collected and for what purpose. By disclosing this information in layman’s terms, we facilitate informed consent and engage consumers at a crucial stage of their journey.

Your cookie banner can be a critical touchpoint to demonstrate what your brand stands for. Only tracking what is necessary and telling people what that data is used for is a key component to build trust.

Data consent should be ✨pretty✨ too… or edgy, or both! Your brand sets the limit.

Going the extra mile to incorporate data consent into the customer journey pays dividends, or ROAS. Similarly, consider banner placement in the context of user experience and user interface…

A pop-up may command attention, but if the site visitor is yet to get a taste of what lies beyond the golden cookie coated gates, they may lack incentive to opt in. Additionally, if the cookie consent tool prevents access to page content then it may be in violation of GDPR or CCPA, unless an emphasized opt out option is presented. Trust is built throughout the customer journey, so by providing readily available access to cookie settings visitors have a means to amend their preferences after time spent with your brand.

Who stole the consented cookies from the cookie cache?

Now for some bad news… Whilst cookie banners may be the best compliance solution on the market, they cannot facilitate consented data collection and privacy preferences for all web users.

Native browser tracking preventions such as Safari’s ITP and Firefox’s ETP can block cookies regardless of whether the use of these have been consented to. Popular adblocking software, along with browsers such as Brave and DuckDuckGo and VPNs also pose a risk to cookie management. These tools bypass user preferences and block all cookies and data from being captured.

These critical data failures are known as “signal loss” - creating a new audience of “ghost traffic” (users who visit your site who you will never see or be able to track). These people are often from target markets of high income and technologically savvy demographics - and it can be up to 55% of your audience who is impacted. 

So, where does that leave us?

1. As we shift towards user-consented tracking, your data quality will only be as good as your consent management

2. You need additional protection from browsers wiping out people’s consent settings

3. This is a massive opportunity to make a statement with your brand

We’ve developed RescueMetrics to be a 100% privacy-compliant solution to uphold consent management solutions but protect your AdTech/MarTech stack from consented data loss.

Interested in how this can layer in with your data and privacy approach? Book a demo

Related resources

No lengthy IT projects, maintenance, or workflow configuration required.

See results in a matter of days, after a 3-step set-up.