Last year it became a legal requirement for websites to get consent from visitors for the use of some cookies.
Because a visitor cannot give proper consent without knowing what cookies are and how they are used, cookie messages, often with tick-boxes, are being used to highlight to visitors that cookies will be dropped and to gather permissions.
Before last year it was already required that websites give clear information about cookies and privacy.
Your cookie policy should be separate from your privacy policy so that visitors can go back to if they want to learn more.
You should always give information that is clear, easy to understand and targeted to the type of people who use your site.
Find out what information you hold
As a first step in complying with the new law you should do a cookie audit to figure out what cookies you use and what type of cookie they are – session cookies or persistent? dropped by you or by third parties? What kind of information about users do the cookies hold?
How you get their consent to drop cookies, depends very much on what the cookie does and how you use it the information it gathers – there is no “one-size-fits-all” solution.
Intrusive cookies that gather personal information will need clear consent from the visitor – this is often done through a tick-box. With other cookies, for example those that are strictly necessary to provide the site services or analytics cookies, simply providing information about those cookies, clearly and prominently, could be enough to comply with the law.