written by:

In the interest of full disclosure, this article was not written by a lawyer, nor should this article be viewed as legal advice – rather as a series of examples of what various companies are doing to ensure they have informed consent as it relates to onsite tracking activities.

— Updated May 7, 2018 —

Since the publication of this article, Google has updated cookiechoices.org with examples of consent language and available third-party consent solutions. They have also updated the Help Center to provide more clarity on implementing their updated EU User Consent Policy.


Since the beginning of 2018 (and even earlier in some cases!) your inbox and social feeds have likely been inundated with articles about the General Data Protection Regulation (GDPR), with some digital marketers proclaiming it to be the end of days, while others appear to be excited and optimistic about the future. While GDPR is a European regulation, it is designed to protect EU citizens no matter where in the world the website is based. Additionally, from a US-centric perspective, we should not be waiting for regulation to move towards user consent for data capture. Rather, we should proactively approach the future and embrace user consent for on-site tracking activities. If you’re not familiar with GDPR and all that it entails, this Forbes article provides a great overview!

While the majority of US sites are still lacking any kind of user consent or even basic cookie notification, there are several websites from various countries that have already made the move that can be seen in the examples provided below.

The Times

The Times keep it simple and direct with their Cookie Consent notification. They link out to their cookie privacy policy, but beyond that, they are to the point asking the user to simply “Accept & Close.”

Google Analytics

The people over at Google are pulling out all the stops when it comes to showing their attitude towards regulatory compliance and implemented a Cookie Consent window several months ago. When you click through to “See Details,” users see a video explaining cookies in a way the general public can understand, and they provide further resources on what they are doing to protect your data. Nice work on this invaluable digital marketing resource, Google!

TSB Bank

As a bank in the UK, TSB were early adopters of the cookie consent on their site, although it is a little hard to read – especially on a mobile device. Their “More Information” link leads to their Cookie Policy, which can also be found in the footer of their website in case individuals quickly click through and want to go back & review the policy.

Cookie Consent

Cookie Consent by Insite is a UK-based organization that, you guessed it, provides cookie consent tracking guidelines for digital marketers (including customizable code for your own consent box) and audiences. as well as other on-site usability notifications. When a user looks to “Learn More,” they are sent to https://cookiesandyou.com/ which, while similar to the content provided by Google, avoids using legalese and presents the information in terms everyone can understand. In fact, they even claim they made the website so their Mums could understand what cookies are. How sweet.


Cookiebot is a Danish organization that was specifically created for GDPR compliance. They have the biggest User Consent box we’ve ever seen. While this is informative, it could also be overwhelming for the common user when various types of cookies are displayed that the user may have never heard of, like that 29-day Rubicon Project cookie we noticed! Here’s an expanded view of the consent box:

Before making any kind of policy around GDPR compliance, be sure to speak with your legal counsel and avoid taking legal advice from blogs online. While there are many organizations out there with good intentions, there is also a lot of misinformation floating around and it’s important to protect your organization moving forward as the penalties for violating the law have the potential to be significant!

To learn more about what you can do to get compliant and navigate your way through the GDPR, check out our other blogs on the topic, from pixel-tracking solutions to a checklist for email marketing GDPR compliance.


5 thoughts on “GDPR, Cookie Consent, & You: Examples of User Consent
  1. Interesting. Thanks for sharing this updated information and providing clear examples. For international marketing campaigns who should be responsible for the costs of legal counsel in regards to GDPR, the agency or the client?

    1. Great question, James. Given that GDPR doesn’t just impact your paid media campaigns, we look towards our clients to take a proactive approach to engaging their legal counsel, and IT departments to perform their own data risk assessments. Understanding the impact of GDPR is one of the costs of doing business with the EU, and should be shouldered by clients given how broad the scope is here. With that said, we absolutely recommend working with an agency that has taken proactive steps towards data protection and education of their teams internally.

      When you’re truly partnered with an agency, they should have your overall business outcomes in mind and work with you. It’s important to remember, however, that you may not have shared interests in terms of degrees of protection. This makes working with your own legal counsel a priority as they will exclusively have your interests in mind.

  2. ScoutMyTrip says:

    Nice compilation. While most would like to use something as complicated and fancy like cookiebot, it is prohibitive because of the cost attached. I like the fact that you’ve also included Cookie Consent which provides the service as Open Source!

    Thank you for saving the day. 🙂

  3. Bart says:

    All these websites have it wrong. Not all cookies are evil and cookies are not the only way to track a user. So asking to accept all cookies, implies your can reject all cookies which lumps all cookies together. This should not be the case because cookies can be used for reasons that do not identify a user, for example to collect a language setting. Or to store your opt-out or opt-ins, etc. Instead one should ask for consent to be tracked, remarked etc. It’s not necessarily to use jargon like “cookies” which only covers a part of online tracking (there is also pixels and referral links). Summarized: Refrain from using cookies in your copy, instead ask consent for tracking etc.

  4. EzRoadTrips says:

    Amazing article. Thanks a ton for sharing information on Cookiebot and TSB bank. Really you saved my precious time.
    We wanted to implement this advice while we must speak with legal counsel when we are making any kind of policy around GDPR compliance.

Leave a Reply

Your email address will not be published.

Internet News

A Smattering Of SEO News – Mobile. First.

A Smattering Of SEO – A Light Week

How Our Challenger Clients Break The Mold
Thinking about writing for the Wpromote Blog?
Check out our Guest Blogging Guidelines!
Become An Insider! Never Miss Our Industry-Leading Content

Thanks for signing up to be a Wpromote Insider.
You’ll be the first to get the scoop on our latest services, promotions and industry news.