Digital marketers already know that “consent is the new gold.” But what if a website visitor simply ignores your cookie banner or intentionally clicks the reject button?
Without their explicit consent, are they lost forever for any targeted marketing activities? Or is there still a way to re-engage users who have opted out?
To answer these questions with confidence, first you need to understand what cookie consent is, how best to obtain it, and what tools are at your disposal.
In this article you will learn:
- best practices for obtaining cookie consent
- when it can be profitable to re-engage users who have opted out
- actionable tips on how to re-engage those users
- how a consent management platform (CMP) can help maximize user opt-in rates
What is cookie consent?
Cookie consent is permission that websites must obtain from users before collecting, storing or using any personal information — by way of session or tracking cookies — on their computer, smartphone, or other device.
Cookie consent is required by many data privacy regulations and frameworks, such as the European Union’s General Data Protection Regulation (GDPR) and ePrivacy Directive. The aim is to protect personal data and inform users about how their information is collected, used, and shared.
To obtain cookie consent, websites typically use a cookie opt-in consent banner, which informs visitors about their use of cookies and provides options to accept or reject them.
Alternatively, depending on the jurisdiction, they may make use of an opt-out model that informs visitors about the use of cookies and provides them with an option to exercise cookie consent preferences, including access to a “Do Not Sell Or Share My Personal Information” link.
This is a requirement in jurisdictions like U.S. states where in many cases consent is not required before data collection, but users must be able to opt out of certain uses of their data. This not only helps in complying with legal requirements but also demonstrates transparency and fosters user trust.
Do all cookies require consent?
No, not all cookies require consent. That said, a ruling by the the Court of Justice of the European Union improves our understanding of cookie consent requirements under the GDPR.
It notes that website owners may not assume or coerce consent, and must obtain consent for cookies before or at the commencement of data collection, especially for cookie types that may present privacy issues for the user, per Recital 30 GDPR. These include:
- Third-party cookies: These are installed on web domains by entities other than the site owner, and are often used for tracking and advertising across different websites. Third-party cookies require explicit user consent because they track behavior across various sites and collect a wealth of information that may be used to identify individuals.
- Analytical cookies: These cookies track how users interact with a website, such as which pages they visit most often. They generally require user consent unless configured to collect data anonymously without identifying individual users.
- Marketing cookies: These are used to create user profiles and track behavior across websites to deliver targeted advertising. Marketing cookies require user consent as they collect a variety of data that can be assigned to a known user account, e.g. by Google, and can be easily identifying, so they affect user privacy.
- Social media cookies: These cookies are placed by social media platforms and track users both on and off the platforms. Social media cookies are typically used for advertising and market research, so they require prior consent.
GDPR-compliant cookie consent can only be attained via the opt-in principle. Personal data may only be collected and used for marketing purposes if the user has actively consented to this. Consent also needs to meet other GDPR criteria. Learn more: 7 criteria for a GDPR-compliant consent)
Note: if the user ignores your consent banner and continues to navigate around the website, it does not count as legitimate consent according to the GDPR, as there was no explicit action performed to give consent.
While there are a number of tricks used to get website visitors to opt in, these are forbidden by some laws and strongly frowned upon by data protection authorities. For more details about these, see our article Obtaining user consent: these 5 tricks are not compliant with the GDPR.
Find out your cookie compliance risk in seconds.
Consequences of not obtaining cookie consent
Failing to obtain cookie consent can lead to serious consequences under the GDPR, and not just for big tech companies that draw headlines for huge fines.
Organizations found to be noncompliant can face substantial fines reaching up to 4 percent of annual global turnover or EUR 20 million, whichever is higher, for more severe or repeated violations.
Neglecting to obtain proper consent can also lead to loss of customer trust and reputational damage, as users and consumer rights groups are increasingly aware of data privacy issues.
Once noncompliance is out in the open, regulatory scrutiny is likely to increase, leading to further audits and investigations. Organizations found to be negligent or to have wilfully violated privacy laws are unlikely to get lenience or the benefit of the doubt in the future.
Noncompliance can also hurt the bottom line beyond fines. Consumer trust is crucial for growing and maintaining a loyal customer base. When taken together, these consequences can significantly damage an organization’s reputation and financial health.
How to implement cookie consent: best practices
Implementing cookie consent is crucial to comply with data protection regulations, such as the GDPR. Below are some key dos and don’ts to consider in your cookie consent strategy.
Cookie consent dos
- Provide clear information: Explain what cookies are in use, their purpose, how they track user data, who may access that data, and how long they remain in place.
- Offer granular choices: Enable users to accept or decline all cookie use, or different types of cookies individually.
- Simplify consent withdrawal: Include easily accessible options so that users can change their consent preferences at any time.
- Document consent: Always maintain records of when and how users consent, as proof of compliance in case of an audit or data subject access requests.
Cookie consent don’ts
- Avoid pre-checked boxes: Consent must be given actively, so pre-ticked boxes don’t constitute valid consent. Accept and deny options must also be equally visible and accessible.
- Don’t hide information: Keep details about cookies and their use clear and accessible. Ensure key information isn’t buried in lengthy legal documents. Make links to your privacy policy easy to find.
- Don’t require consent for non-essential cookies: Users must be able to access your website and its functions without having to agree to non-essential cookies.
- Regularly update consent practices: Keep your cookie policy up to date and in line with current legal requirements and technological standards.
Why is the acceptance rate of cookies key for improving revenue?
For digital marketers, it makes a big difference whether the majority of users accept only essential cookies or also marketing cookies. After all, the information gained through optional cookies forms the basis for targeted content delivery.
⇨ Acceptance rate is the key to a treasure trove of relevant marketing data, which in turn has a direct impact on ad revenue.
Is re-engaging users who have opted out from cookies worthwhile?
Before devising a strategy to win back users who have opted out, first consider how many can potentially be won back.
How high is the current acceptance rate? What percentage of users are giving their consent to the use of all cookies, on average? If it’s already relatively high, you can still take targeted optimization measures, but the effort is only really worthwhile if there’s a high proportion of users opting out.
Interesting fact: on average, about two-thirds of users give their consent for the use of marketing cookies, according to an internal Usercentrics evaluation.
However, this value does not apply to every website or every industry, because whether a user agrees to the use of their data depends on various factors.
For example:
- How privacy savvy is the user?
- How trustworthy is the brand perceived to be?
- How much does the website operator/company rely on obtaining consent?
Cookie expiration and consent
Even with user consent, cookies don’t last forever. Different types of cookies expire after different periods of time, depending on a number of factors. So you likely will get the opportunity to ask opted-out users for consent again in the future.
Some laws also stipulate how soon you can ask certain types of users for consent again if they opt out. Other laws outline how often user consent has to be renewed.
Become familiar with the requirements and prohibitions of privacy laws for cookie consent in jurisdictions relevant to your business.
Before you pull too many levers at once to get a user to opt in, one important thing must be taken into consideration: the user must freely choose to do so (Recital 42, GDPR). They cannot be manipulated or forced into opting in, e.g. by blocking their access to the website with a cookie wall.
Cookie consent tips: Win back users who have opted out
Option 1: Use contextual consent
To convince a user to consent, ensure the added value is clearly evident. Individual, embedded content is a good option here.
For example, if a user who has opted out wants to interact with a certain type of content on the website, a cookie consent dialog is displayed and the user is asked for consent again for that specific context.
For example, this option is available for:
- embedded social media posts from Facebook
- embedded profile page from Instagram
- embedded YouTube videos
The user recognizes exactly what they get access to by providing their consent, and why consent is needed for that function to work. Cookie consent now fits perfectly into their user journey and increases the likelihood of increased consent rates.
Our assessment
✔ Easy to implement
✔ Fully customizable for branding, messaging and context
✔ High user acceptance
Option 2: Use programmatic display
While the benefits of contextual consent are immediately obvious, with programmatic display you have to go deeper into data analysis. Using the data obtained from users who have opted in, you need to find out which subpages and landing pages have a high trust factor, and then play out the cookie consent on these pages again.
Keep an eye on the development of programmatic display. To make it as unobtrusive as possible for the user, initially limit the display to a small proportion of users, and only increase the frequency when the data shows corresponding signs.
Our assessment
✔ Unobtrusive option to increase the likelihood of consent
⚠ Requires elaborate data evaluation or analysis
⚠ Strategy must be tracked and readjusted if necessary
Option 3: Replaying the cookie banner during sale events
Major sales promotions, such as Black Friday or Cyber Monday, not only attract more users to retailers’ websites, but also increase consent willingness.
For example, Usercentrics Black Friday research shows that opt in is significantly higher on these days than usual as consumers are highly motivated to pursue very specific and ideally personalized online experiences.
People want to get to the bargains as quickly as possible and therefore tend to set aside privacy concerns. Additionally, providing consent may gain them access to even better deals, like discounts at checkout.
It’s up to each retailer to decide to what extent they want to take advantage of this shift in the usual “pain threshold.” However, the replay of the cookie banner should be used judiciously in order to avoid risking users feeling so harassed by it that they leave the page.
Our assessment
✔ A lot of potential to significantly increase the acceptance rate
⚠ Develop deep contextual understanding of users’ “pain threshold” for banner presentation
Option 4: Incentivization via voucher
Anyone who has visited a web store has likely seen the obligatory “coupon code in exchange for receiving the newsletter” deal. However, this marketing tactic can also be used to solicit a cookie consent opt in from users who initially declined.
So make your users an offer. “Do you really want to decline? How about a 5% discount code for your next purchase?”
Caution: pay attention to moderation and middle ground here. If you entice users with goodies that are too extravagant, you could quickly come under suspicion of unduly manipulating them to consent.
An offer that looks too good to refuse may be indistinguishable from a bribe. We recommended strictly adhering to the “voluntary” element of consent (Recital 42, GDPR) in order to act in a GDPR-compliant manner.
Our assessment
✔ High user acceptance
⚠ Potentially low retention
⚠ Potential to draw regulatory scrutiny if incentives are too generous
⚠ The user’s choice to consent is not based on building trust
Consent management platforms (CMP) and cookie consent
Using a consent management platform like Usercentrics CMP can enhance your ability to manage cookie consent efficiently, aiding in compliance with the GDPR and streamlining the implementation of Google Consent Mode.
Usercentrics CMP offers a flexible and customizable platform that can adapt to the specific legal requirements of your website or app. It facilitates easy tracking of user consent and integrates seamlessly with existing website tools. Key benefits include:
- Granular consent options: Users can select which types of cookies they consent to and adjust their preferences easily, enabling consent that is freely given, specific, informed and unambiguous, as the GDPR and most other privacy laws require.
- Comprehensive documentation: The CMP automatically documents all user consent, providing an audit trail that can be used to prove compliance in case of any regulatory inquiries or provided with a data subject access request.
- Integration with Google Consent Mode: Usercentrics is a Google-certified CMP and supports Google Consent Mode, which you can use to adjust how Google applications interact with your site based on the consent given by users.
Do you want to collect user data for marketing purposes in a legally compliant manner while increasing customer trust in your brand? Talk to our experts and let us show you the Usercentrics CMP in action. We look forward to answering your questions!
Apply your cookie consent solution
While tracking cookies are a powerful tool for any business with a website, they need to be used responsibly and in accordance with relevant data privacy legislation. In other words, with appropriate user consent.
Having read this article, you should now be equipped to roll out an effective and privacy-compliant cookie consent strategy and solution. We also explored consent rate optimization, with several approaches to obtaining consent from users who initially declined.
Depending on how low your acceptance rate is, winning back these users offers great potential. Just be mindful that implementing these measures requires varying degrees of effort, and, depending on the scenario, can be intrusive or noncompliant.
While most people are unlikely to be bothered by contextual consent, for example, other approaches require much more sensitivity and fine-tuning. Ultimately, great user experience should be a strong driver of your consent and marketing strategies.
The extra effort can be very worthwhile. The additional data collected in compliance with data protection regulations over a longer period of time makes a significant contribution to the total usable data volume, which in turn has a direct impact on ad revenue. You also clearly demonstrate your respect for privacy to customers and prospects.
Our recommendation: keep an eye on your consent rates and regularly check how you can increase them through targeted initiatives. Because sometimes even small levers, such as targeted incentives, can have a big effect.
