In 2025, privacy isn’t just a legal requirement — it’s a brand imperative.

“The State of Digital Trust in 2025”, a new global study commissioned by Usercentrics, reveals a major turning point: consumers are changing the way they consider data collection and sharing in the digital world. They’re more privacy-aware, more trust-conscious, and more willing to act when brands fall short.

Consumers’ concerns and demands for more control are growing

In today’s complex digital landscape, people aren’t rejecting data-sharing. They’re questioning, hesitating, and looking for proof that brands will use their data responsibly. This isn’t about saying no to personalization or innovation. It’s about demanding control, clarity, and accountability.

For marketers, this shift is a powerful opportunity. Privacy-led strategies aren’t just about legal compliance; they’re a competitive advantage. Privacy-Led Marketing is a strategy that helps brands meet rising expectations, stand out in crowded markets, and build lasting loyalty at a time when trust is the ultimate differentiator.

How marketers can lead with transparency and consent

The report lays out a clear roadmap for marketers who are ready to lead with transparency. Here are four of the key insights.

1. Consumers feel like the product — and they’re pushing back

People are increasingly aware of how their data fuels the digital economy, and many are growing comfortable with that data being used — under certain conditions.

• 62% feel they’ve become the product
• 59% are uneasy about their data training AI
• Nearly half trust AI less than humans with personal data

This signals a new baseline: trust must be earned, not assumed. Transparency and respectful data practices aren’t optional — they’re expected.

2. Consent has evolved from a legal checkbox to first brand impression

Consumers are thinking before they click. The cookie banner has become a moment of truth when it comes to trust.

• 42% read cookie banners “always” or “often”
• 46% accept cookies less often than they did three years ago
• 36% have adjusted their privacy settings

Consent interactions are now a frontline brand experience. A clear, respectful approach builds trust. A vague or manipulative one damages it from the very first click.

3. Trust is conditional and not evenly distributed

People are becoming more selective about which brands they trust, and the bar is high.

• 44% want transparency about how data is used
• 43% expect strong security guarantees
• 41% want real control over what’s shared

Highly regulated sectors like finance and the public sector enjoy higher levels of trust. Meanwhile, industries like tech, retail, and automotive are lagging. In today’s trust economy, clarity and evidence are the new currency.

4. The privacy knowledge gap is real — but brands can lead

Consumers care about privacy, but many don’t fully understand how their data is collected or used.

• 77% don’t fully understand how their data is handled
• 40% believe they have rights, but don’t know what they are
• Only 47% trust regulators to hold Big Tech accountable

This creates a huge opportunity. Brands that simplify, educate, and empower can become trusted allies, and turn confusion into confidence, hesitation into loyalty.

Discover how leading marketers are turning transparency into a competitive edge, and why privacy is the new foundation of brand trust.

As AI hype accelerates and Big Tech’s influence expands, consumers are demanding more than just convenience, they’re demanding accountability. In 2025, trust has evolved from a compliance checkbox into a central consumer concern that brands need to take into account. 

For marketers, privacy can no longer be an afterthought. It must be embedded into marketing strategy. The brands leading today are those creating meaningful experiences with their customers by embedding privacy into the core of the customer journey.

This shift marks a pivotal moment for marketers. Consumers aren’t rejecting data-sharing, they’re taking an active role in deciding who gets access to their data and why. 

Those who adopt a privacy-first mindset won’t just meet rising expectations, they’ll earn a lasting competitive advantage by establishing close and trusting relationships with consumers. Those who don’t will lose relevance — and revenue — as consumers choose brands that respect their data.

For brands, Privacy-Led Marketing is about more than ticking legal checkboxes or meeting regulatory standards. It’s a growth imperative, an opportunity to stand out, build deeper loyalty, and grow in a market where trust is the ultimate differentiator.

“This isn’t a backlash, it’s a reset. And the brands that succeed will be the ones that don’t wait for regulators, but instead lead with Privacy-Led Marketing. Getting ahead in offering transparency, control, and informed consent is going to be crucial.”

Adelina Peltea

— CMO at Usercentrics

Chapter 1: The algorithm effect – How AI turned data into a trust issue

Artificial intelligence is reshaping the relationship between people and their data, and not always for the better. As these systems become more advanced, their opacity deepens concerns about how and why users’ data is used.

AI systems are now baked into everyday life: powering recommendations, predicting preferences, automating decisions, and, with that, sometimes even influencing how we perceive reality. 

But as the presence of AI grows, so too does public discomfort with how these systems are trained and deployed — especially when personal data is involved. 

These aren’t just statistics, they’re signals. AI is triggering a shift in the public’s understanding of privacy, and with it, a demand for new kinds of trust. 

The discomfort around personal data being to train AI models is real; and it creates a trust gap that brands must prioritize closing. If ignored, they risk reputational damage and losing user loyalty.

What used to be an abstract concern — “my data is out there” — has become deeply personal. Consumers are starting to ask sharper, more informed questions:

• What is my data being used for?
• Who is profiting from it?
• What role does it play in training machines that affect me?

Consumers no longer want vague promises of “data protection.” They want proof that brands know what data they collect, how it’s being used, and most importantly — why. 

When people feel their data is being fed into opaque algorithms that serve corporate goals rather than human needs, trust erodes. This shift raises the bar for brands to not only ask for data, but justify its use in ways that feel fair and transparent.

We’ve reached a turning point

In 2025, trust isn’t built with fine print. It’s built with transparent systems, explainable models, and ethical data practices. People want to see how decisions are made, what they’re based on, and how they can opt out if they choose. They’re looking for brands that don’t just ask for consent, but actually mean it.

This is the foundation of Privacy-Led Marketing, a strategy built not just on privacy compliance, but on clarity. Brands that are willing to engage in the AI and data conversation (rather than avoid it) are positioned to stand apart.

Chapter 2: Consent clicks – Privacy choices = marketing moments

Consumers are moving from awareness to action, becoming more intentional in how they manage their data. They’re reading cookie banners, rejecting vague terms, and actively adjusting their settings. 

What was once a passive click is now a conscious choice, and that shift is reshaping how people engage with brands from the very first interaction. 

Consumers are more privacy aware and are acting on it. 42 percent read cookie banners “always” or “often”, signalling growing consumer intent to participate in their own data governance, a shift that redefines consent as an ongoing dialogue, not a one-time ask.

Nearly half of consumers (46 percent) click “accept all” for use of cookies less often than they did three years ago, according to the survey. This is more pronounced in mainland Europe, with Italy, the Netherlands, and Germany leading the way in this trend. 

This behavior signals declining blind trust. Brands relying on dark patterns or vague messaging may find engagement falling — not due to apathy, but active resistance.

A further 36 percent of consumers globally have actively adjusted their privacy settings on websites or apps, and the same number have stopped using a website or deleted an app due to privacy concerns. 

The data also reveals that those who are more privacy-informed are even more likely to modify cookies and take control over their data.  

Importantly, most consumers (65 percent) are still happy for brands to collect their data, but they are taking real steps to control their data, rather than blindly accepting all. People aren’t rejecting data collection altogether; they’re rejecting vague terms, overly complex choices, and unclear value.

In short, privacy has taken a bigger role in the consumer decision journey. That first consent banner isn’t a compliance formality, it’s a brand moment. Done right, it is an opportunity to demonstrate restraint while building respect and trust. Done poorly, it creates mistrust from the first click and also depletes your consented data in the process. 

Marketers have a powerful opportunity to lead the privacy conversation, guiding user-first experiences that convert consent into connection, and privacy into performance.

By rethinking consent UX and messaging — from dark patterns to clear value propositions — brands can turn a once-maligned legal step into a moment that builds trust, credibility, and even conversion. 

This shift also reframes privacy from a blocker to a growth lever. It’s not just about minimizing opt outs. It’s about maximizing opt-ins and a chance to prove that you respect your customers and users and their preferences.  

Chapter 3: Not all brands are trusted equally

Data privacy and security are playing an increasingly crucial role in building trust. Consumers are clear about what they expect from brands in exchange for their data. Meeting these expectations is no longer a bonus. It’s a baseline for earning attention, engagement, and repeat interaction.

What would improve your trust in how a brand uses your data?  

1. Transparency about data use (44%) 
2. Strong security guarantees (43%) 
3. Ability to limit or control data sharing (41%)  
   
   

Trust isn’t freely given any more — it’s conditional. Brand promises aren’t taken at face value. Consumers want evidence: proof that their data is being handled responsibly and securely, and that they’re being given real choices and control.  

Consumers also don’t trust all brands equally, and the differences in where they place trust might be surprising. 

External factors play a critical role in establishing that trust. Industries that are more heavily regulated, like finance and the public sector, tend to enjoy higher levels of trust when it comes to data collection and usage. 

By contrast, technology and social media companies have been increasingly scrutinized by regulators, media, and the public, so it’s unsurprising that these industries have lower levels of trust among consumers. 

That said, highly customer-centric sectors like retail might be surprised to find they rank so low, while among Gen Z, 39 percent rank social media platforms as trustworthy.  

Similarly, trust is no longer strongly tied to geography. Consumers are nearly as cautious about sharing data with businesses from the USA (73 percent) as they are with those from China (77 percent).

Other European countries, traditionally viewed as more trusting, rank only an average 10 percentage points lower in terms of consumer caution, highlighting that trust is relative, not guaranteed. 

Know your audience  

The good news? Regardless of what sector or geography your brand is in, consumers are clear about what they want and how brands should engage with them before collecting and using personal data. 

Brands that communicate clearly and openly from the outset about how they handle data won’t just achieve compliance with regulations, they’ll build credibility and deepen customer relationships and engagement. And in a competitive landscape, trust becomes your most powerful differentiator. 

Chapter 4: From privacy pressure to brand power

Consumers are clearly signaling that privacy management matters to them, but many still don’t fully understand how it works. This creates a powerful opportunity for forward-thinking brands: those who lead with education and transparency will build trust and gain a meaningful advantage.

Consumers want to feel in control of their data, but many still don’t fully understand how it’s collected or used. 

There’s momentum: consumers are clicking “accept all” less often, adjusting their settings, and signaling that they care more and more about who has their data and what is being done with it. But a knowledge gap remains. 

That confusion creates a wedge between your brand and your audience. When clarity is missing, so is confidence, and with it, the willingness to share data.

This is where brands can step in — not as enforcers, but as enablers. While trust in governments and regulators is uncertain, brands that offer transparency and guidance can become the trusted voice consumers turn to, because in the digital world trust is the foundation of lasting relationships. 

Privacy literate behavior is growing, but there’s still a need for education. In today’s complex digital landscape, clarity and reassurance are rare, but valuable. 

Move beyond compliance to customer advocacy

The smartest brands won’t wait for regulation to catch up. Waiting means losing ground to competitors who move faster and earn trust sooner. Instead, they’ll act as privacy champions: 

• Collection: Setting up a consent management platform CMP correctly and supporting contextual consent 
• Activation: Using consented data responsibly to deliver trustworthy experiences 
• Measurement: Making use of Server-Side Tagging (SST) to control data flows responsibly 

And most importantly, communicating these practices clearly and positively.  

This isn’t just about giving people choices. It’s about making those choices meaningful and easy to understand. When brands take the lead, they not only build trust. They create differentiation, loyalty, and long-term growth. 

Chapter 5: Action plan — a marketer’s guide to privacy-led growth

The digital economy runs on data, but the rules of engagement are being rewritten. A EUR 600 billion ecosystem built on passive tracking and third-party data is being reshaped by global regulation, heightened consumer awareness, and the erosion of traditional identifiers.

Today, consumers don’t share data by default when they have a choice. As the research in this report shows, they’re opting out, speaking up, and making intentional privacy choices. 

Meanwhile, marketers — still the biggest users of personal data — are facing a new reality: privacy isn’t just a legal obligation; it’s a brand differentiator, and a strategic necessity.

From obligation to opportunity: The privacy-led shift

Privacy-Led Marketing is how modern brands turn these pressures into performance. It’s a mindset shift from compliance checklists to competitive strategy. It doesn’t slow growth: it unlocks it.

This approach goes beyond permission and policy. It’s about embedding trust at every touchpoint to fuel better data, richer relationships, and sustained growth. Privacy becomes a driver of marketing precision, not a barrier to it.

At its core, Privacy-Led Marketing is about activating the full value of data — consented and responsibly modeled — across the lifecycle, from collection and activation to measurement and optimization.

These aren’t just more respectful experiences — they’re more effective ones. When done right, they reduce friction, increase confidence, and convert attention into loyalty.

What Privacy-Led Marketing unlocks

Brands that embed privacy into their customer experience gain far more than compliance:

• Trust as a growth lever: Transparency builds emotional equity, not just legal cover
• First-party strength: Direct customer relationships reduce third-party dependency
• Performance control: Privacy-respecting data strategies increase agility and long-term marketing resilience

Privacy-Led Marketing turns rising expectations into brand elevation. It’s a way to demonstrate your values — not just declare them — and convert trust into tangible business results.

How to start: The Privacy-Led Marketing checklist

These principles build on the research and insights in this report. Apply them across your marketing journey.

1. Lead with clarity in a world of AI and algorithms

Why it matters: AI and Big Tech have made consumers more aware — and more wary — of how their data is used. Marketers must lead with clarity and respect.

• Communicate clearly. Don’t just collect data, explain how it’s used. Transparency builds trust.
• Put value on the table. Make sure users understand what they get in return for sharing their data.
• Earn more than just consent. Earn attention and understanding. Use privacy as a way to show your brand’s ethics, not just your legal compliance. Because collecting data isn’t only about permission, it’s about understanding your customers, their needs, and what matters to them.

2. Design privacy as a brand touchpoint

Why it matters: Design your consent banner like it’s a landing page. See it as your first handshake with customers. 

• Give consent the UX treatment. Design banners like landing pages: clear, helpful, and branded.
• Turn clicks into conversations. Make privacy interactive and engaging, not passive or hidden.
• Respect the pause. When users stop to consider consent, reward their attention with clarity and control.

3. Use transparency to differentiate your brand

Why it matters: Consumers trust what they can see, not just where you’re from or what industry you’re in.

• Deliver on expectations. Lead with transparency, show your security practices, and make control real.
• Don’t rely on reputation. Even traditionally trusted sectors are being re-evaluated. Trust must be earned at every touchpoint.
• Let transparency drive differentiation. Use your data practices as a brand advantage, not a backend process.

4. Make privacy understandable — and valuable

Why it matters: Consumers want to act on privacy, but many don’t know how. Marketers can bridge the gap.

• Educate without overwhelming. Use plain language, helpful visuals, and clean UX to guide users.
• Make privacy accessible. Well-designed banners and preference centers are brand tools, not legal obligations.
• Champion understanding. Be the brand that helps people feel confident in their choices, not confused by them.

About Usercentrics
Usercentrics is a global market leader in solutions for data privacy and activation of consented data. Our technology solutions enable customers to manage user consent for websites, apps and CTV. Helping clients achieve privacy compliance, Usercentrics is active in 195 countries on more than 2.3 million websites and apps. We have over 5,400 partners and handle more than 7 billion monthly user consents. Learn more on usercentrics.com.

Discover key insights into the latest marketing trends and their impact on businesses. During this engaging session, Yuri Lopes Pereira, Phil Pallen, and Navah Hopkins, explore the evolving marketing landscape and provides actionable strategies to future-proof your approach.

What You’ll Learn:

• Privacy-Led Marketing and its role in building trust.
• How creators are reshaping brand engagement and messaging.
• The impact of digital creativity, niche communities, and personalized content.

Who Should Watch?

• Marketing Professionals – Stay ahead of evolving trends and strategies.
• Business Leaders – Gain insights into key marketing shifts and opportunities.
• Content Creators – Understand how your role is transforming the industry.

Join Usercentrics for an exclusive webinar exploring the top marketing trends that will define 2025. Our expert panel will discuss the most critical shifts that performance marketers need to prepare for, including Privacy-Led Marketing, the creator economy, AI, surreal creativity, niche community engagement, and hyper-personalized content.

What You’ll Learn:

• How Privacy-Led Marketing is reshaping brand strategies.
• The growing influence of creators on brand messaging and engagement.
• Key trends in digital creativity, niche communities, and hyper-personalization.

Date: February 20th, 2025
Time: 2:00 PM CET
Location: Zoom

Unable to attend? Register anyway to receive the webinar recording.

You have budget allocation, you have messaging and graphics, and you’re ready to pull the trigger on a great targeted marketing campaign. But wait, are you forgetting something critical? Are you getting the right consent from your audience? 

Major ad platforms like Google Ads require obtaining and signaling user consent for you to maintain full access to all their features, including personalization and targeted advertising. Don’t risk wasting thousands of dollars of your ad budget and scrapping that remarketing campaign by failing to get consent.

Usercentrics Audience Unlocker is the answer. It enables digital marketers to obtain valid user consent that can be seamlessly signaled to the ad platforms you rely on. So you can continue to leverage Google Customer Match and enhanced conversions, and will soon also include LinkedIn custom audiences, Meta custom audiences, and other re-engagement tools.

Read on to learn how you can seamlessly obtain and sync consented first-party data to fully leverage retargeting while staying compliant with privacy regulations and building trust and engagement with your audience.

We need your consent to load the YouTube Video service!

We use a third party service to embed video content that may collect data about your activity. Please review the details and accept the service to watch this video.

More InformationAccept

powered by Usercentrics Consent Management Platform

What is Audience Unlocker and why do you need it?

Audience Unlocker is a lightweight, focused solution that simplifies consent management for digital marketing. It delivers secure data capture and directly integrates with Google Ads so you can seamlessly obtain consent from users and sync valuable first-party data with your marketing tools. 

Zero-party and first-party data are valuable because they come directly from customers and website visitors. Zero-party data is provided voluntarily, e.g. through surveys, feedback forms, or review, or account settings and preferences. First-party data is collected by your company via website analytics of user activities, customers’ purchase records, email and social analytics, and other sources. As this data directly reflects user actions, it helps enable better predictive analysis and segmentation, among other functions. Explicit user consent is increasingly required to process first party data, but it’s easy to provide clear information about the use and value for customers.

The Digital Markets Act (DMA) also brought strict consent requirements to big tech platforms. To achieve and maintain compliance, those gatekeeper companies, including Google, have put in place their own requirements for their customers, affecting millions of companies and their advertising programs. Proof of consent is required for digital marketers to maintain full access to critical advertising functions, including personalization and remarketing. Each consent choice must also be traceable, retrievable, and revocable.

How can Audience Unlocker benefit your marketing activities?

Remarketing improves recall for your brand, conversion rates, ROI, cost effectiveness of campaigns, and more. It also requires personal data, which requires user consent. But you want the best quality data you can get. It requires less slicing and dicing, saving time and resources. It also enables better targeting and higher engagement and conversions.

Additionally, data privacy regulations typically mandate data minimization. You can only collect data you need for specific, stated purposes, and retain it only as long as you need to fulfill them. If your marketing purposes change, you need to obtain new consent as well. So getting the highest data quality means you need less data overall, enabling minimization compliance.

This means you want zero- and first-party data directly from your customers. It’s up to date, accurate, and comes with their consent. Use of third-party cookies is increasingly being deprecated, and third-party data continues to become less effective. 

To provide the great user experience requirement to optimize consent rates, marketers need robust and user-friendly consent and preference management. Customers become more comfortable providing more data once they trust that you respect their privacy, and when they know they’re in control of it over time. That’s what Usercentrics Preference Manager and Audience Unlocker are built to deliver.

Meet ad platforms’ requirements, as well as those of laws like the GDPR and CCPA. Provide a fully customizable and user-friendly way for your customers to manage their consent and preference choices, which are then seamlessly signaled to ad platforms so you can maintain and grow your personalized marketing activities.

Audience Unlocker is especially valuable for small and mid-size companies with limited legal and technical resources, removing the need to implement specialized, resource-intensive consent solutions for privacy compliance. 

Online marketplaces can improve customer return rates with personalized and well targeted ad experiences. Ecommerce and retail organizations can better target returning costumes with personalized ads. Finance, insurance, and healthcare companies can maintain engagement or re-engage users while meeting privacy compliance requirements. The travel and hospitality industries can re-engage past visitors and future travelers with tailored offers. 

How will you use Audience Unlocker to level up your targeted advertising?

Audience Unlocker and Google Customer Match

Google Customer Match enables businesses to leverage their first-party customer data to target ads more precisely across Google’s platforms, including Google Search, YouTube, and Gmail. 

Companies can create custom audiences that match their existing customers by uploading customer information, helping to personalize ad experiences and drive higher engagement.

Google Customer Match is particularly valuable for remarketing campaigns, as it enables businesses to reconnect with users who have previously interacted with their brand. But companies must ensure that the data they use is compliantly collected and processed according to regulatory requirements and Google’s policies.

In many regions, this requires explicit and informed customer consent to access personal data. This is where Preference Manager and Audience Unlocker are valuable. They simplify consent management and privacy compliance, while helping you maximize the effectiveness of your Google Customer Match campaigns on Search, Shopping, Display, YouTube, and Gmail.

Audience Unlocker addresses marketing challenges

Audience Unlocker extends the value of Usercentrics Preference Manager and specifically benefits your use of Google Customer Match by centralizing consent management and consent signaling as required by those platforms. We will also be extending coverage to Meta, e.g. with Facebook Audience Ad Targeting and custom audiences, and LinkedIn Matched Audiences.

Audience Unlocker is easy to set up, integrates directly into your existing forms, and syncs seamlessly with Google Customer Match. You activate customers’ high quality and consented data and boost the efficiency of your retargeting campaigns across platforms.

Audience Unlocker features

Take a look at some of the handy features that help protect your marketing activities and boost efficiency.

• Integration with your existing web forms: No need to build separate interfaces, you can easily plug Audience Unlocker into existing registration and contact forms.
• Automated data synchronization: Get real-time updates to ensure that consented data is accurately signaled to Google’s ad platform, preventing the risk of compliance gaps.
• Compliance dashboard and audit logs: Maintain visibility into all user consent actions over time so you meet regulatory and business requirements for transparency and traceability.
• User-friendly dashboard for your users: Your users can access a dedicated and easy to use dashboard within the Preference Center to view and update their privacy and preference choices.

How can you get Audience Unlocker?

Join our waitlist — click on Get Free Early Access and you’re in! Become an early adopter and try it for free.

Being a successful enterprise company today means understanding and adhering to global privacy regulations and business requirements to protect user data and respect privacy.

One critical digital component of privacy compliance is the cookie popup, which has become a familiar notification on websites and apps. These popups serve a dual purpose: they inform website and app users about data collection and request their permission to collect and use personal data.

As global privacy laws like the GDPR and CPRA tighten their grip and online consumers become more savvy, cookie popups have become indispensable tools for maintaining transparency, protecting revenue, and building trust with users.

We explore the importance of cookie popups, details of implementation, and best practices for great user experience, high consent rates, and achieving and maintaining privacy compliance.

What is a cookie popup?

A cookie pop-up, also known as a cookie banner or consent banner, is a notification that appears on a digital property to inform visitors and users about the use of components and other tracking cookies and to ask for their permission to use them to collect personal data.

A cookie popup appears on websites, apps, and other digital platforms where data is collected, and outlines the types of third-party cookies and other tracking technologies used on the site and what they’re used for. It also informs users about the data collected via cookies, parties that may access the data, and other factors, depending on relevant privacy regulation requirements.

Under European rules like the General Data Protection Regulation (GDPR) and ePrivacy Directive (also sometimes known as the “cookie law”), websites and apps must comply with more than just notification requirements. When collecting users’ personal data, digital property owners have certain obligations regarding users’ data privacy. For instance, securely storing data collected, including consent choices, or not disclosing or selling the data to third parties without prior consent from users in many cases.

The importance of a cookie popup

Cookie popups are important for website owners, app publishers, and others with platforms that collect personal data. They’re also important to consumers whose data is being requested as well. They let users know what technologies can collect their data, for what purposes, and enable (ideally) granular consent options, which usually also need to be changeable or revocable over time to be privacy-compliant.

The main reason to implement a cookie popup is to comply with global privacy laws, such as the GDPR and the California Privacy Rights Act (CPRA). By using these popups, websites can demonstrate their compliance and commitment to user privacy, thereby building trust with visitors. This trust enhances user engagement, leading to higher-quality data, which in turn benefits marketing operations and boosts revenue.

Additionally, cookie popups give users control over their data. By enabling people to choose which cookies they feel comfortable accepting, website owners are improving the website browsing experience.

For businesses, cookie popups enable the collection of useful data for improving website performance and marketing strategies in a legally compliant way. This can also contribute to improving ecommerce and product development.

Cookie popups and data privacy laws

Cookie popups play a crucial role in compliance with data privacy laws across the globe. Many regulations, such as the GDPR, require websites to gather explicit consent from users before collecting, using, or sharing their data through cookies. Other laws, like those in the US, usually only require users to be able to opt-out.

To comply with global data privacy laws, website owners and app publishers must follow a few key requirements of cookie popup use.

• Transparency: Cookie popups must clearly disclose the types of cookies and other tracking technologies in use and explain the purposes of data collection and third-party access to the data, among other considerations.
• User control: Popups should provide users with granular control over their cookie preferences, enabling them to accept or reject different categories of cookies (e.g., functional, analytical, marketing), referred to as granular consent.
• Informed consent: The information provided in the popup must be clear and easily understandable and avoid legal or technical jargon to ensure users can make informed decisions. Ideally, the popup will also have geotargeting functionality to enable display in users’ preferred languages around the world.
• Active consent: Websites and apps must obtain affirmative action from users indicating their agreement before placing non-essential cookies. Consent cannot be assumed, manipulated, or pre-set.
• Accessibility: Cookie popups should be designed to be user-friendly and accessible across different devices, including mobile, and for users with different abilities and browsing setups.
• Policy links: The popup should include links to more detailed cookie or privacy policies for users who want additional information on data processing, their rights, and how to exercise them.
• Regular updates: Cookie policies and popups should be regularly updated to reflect changes in tracking technologies present on a website, data processing practices, or new or updated regulations. New user consent may also need to be obtained if data processing practices change.

While cookie popups are not explicitly mandated by all privacy laws, they have become a common practice for demonstrating compliance and respecting user privacy. For instance, while the CPRA doesn’t specifically require cookie popups, many websites use them to comply with the law’s broader privacy protection requirements.

International laws requiring cookie consent popups

Various countries have different regulations related to cookie consent popups.

• General Data Protection Regulation (GDPR): This EU regulation, effective since May 2018, is one of the most comprehensive laws requiring explicit consent for non-essential cookies. It has been influential on subsequent data privacy laws around the world.
• ePrivacy Directive: This EU directive specifically targets the use of cookies and similar technologies used in electronic communications, requiring prior informed consent from users. It will eventually be codified into a regulation.
• California Consumer Privacy Act (CCPA): While not explicitly mandating cookie popups, the CCPA requires businesses to provide clear information about data collection practices and offer opt-out options. From January 1st, 2023, the CPRA modifies and expands the CCPA. Popups can also assist with privacy compliance for companies that have to comply with multiple US state-level laws.
• Lei Geral de Proteção de Dados (LGPD): General Data Protection Law in English, Brazil’s data protection regulation includes provisions that necessitate transparent cookie practices.
• Personal Information Protection and Electronic Documents Act (PIPEDA): Canada’s privacy law affects how businesses handle personal information, including through cookies. Uses a hybrid approach to consent requirements (i.e. opt-in and opt-out).
• South Africa’s Protection of Personal Information Act (POPIA): This law predates the GDPR and has implications for cookie usage and consent requirements. One of the few international privacy laws that can result in prison sentences for violations.

It’s important to note that while these laws influence cookie consent practices globally, the specific requirements for cookie popups can vary by jurisdiction. Many websites implement cookie consent mechanisms to comply with these various regulations, especially if they have a global audience.

Typically, data privacy laws protect residents of the jurisdiction where they are active, e.g. the GDPR protects residents of the EU. Many laws are also extraterritorial, which means it doesn’t matter where companies are located if they process the data of residents of the region where the law is active. So a US-based company has to comply with the GDPR if it processes data of EU residents.

The list above covers the more well-known privacy regulations, but it is not exhaustive. To date, the majority of the world’s population is covered by one or more privacy regulations. It’s important for website owners and app publishers to be up to date on the jurisdictions and laws relevant to their business, and the compliance requirements. Companies should consult qualified legal counsel and/or a privacy expert.

Cookie consent popup best practices checklist

When implementing a cookie consent popup on your website, it’s crucial to ensure compliance with privacy regulations and provide a good user experience. Use the following checklist to create an effective and compliant cookie consent mechanism:

By following this checklist, you can create a compliant cookie consent popup that respects user privacy and provides a good user experience.

How do you add a cookie popup to a website?

There are multiple ways to install a cookie popup on your website.

The first is to use a consent management platform (CMP), such as Usercentrics CMP or Cookiebot CMP, that enables you to create a customizable and compliant cookie banner in minutes.

These CMPs will scan your website so you know which cookies and tracking technologies are collecting data, and create a cookie declaration that you can use alongside a privacy policy. The CMPs also record and securely store consent records, with a log of the cookie consent you receive from website visitors over time.

If you have a WordPress website, WordPress offers a range of cookie popup plugins, like the Cookiebot™ WordPress Plugin, that enable website owners to add a privacy-compliant cookie popup without compromising user experience. We’ve compiled a resource that enables you to compare the 10 Best WordPress cookie consent plugins.

Another option is to manually code a cookie banner for your website. Add a short explanation of the purpose of cookies, a clear statement on which action will signify consent and a link to your cookie policy. However, under EU law, if your website uses any non-exempt cookies or scripts, these scripts must be prevented from running until a website visitor explicitly grants consent.

A “DIY” approach to a cookie popup is not recommended for small businesses, due to the amount of work to build and maintain it, the expense of accessing qualified legal consultation to enable compliance, and the regulatory risks of mistakes or missing crucial components.

Consequences for a non-compliant cookie popup

Cookie popups are no longer just a formality, they are a necessity. If your cookie consent popup does not comply with relevant regulations, you could face hefty fines, operational disruptions, loss of customer trust and brand reputation, and a long-term hit to revenue.

For example:

• Under Art. 84 GDPR, fines can be up to €20 million EUR or 4 percent of a company’s global annual revenue, whichever is higher.
• In the US, the California Privacy Protection Agency (CPPA) can impose fines of up to USD 7,500 per violation.
• Under Switzerland’s FADP, fines can be levied against private individuals, not just companies.
• In the UK, the Information Commissioner’s Office (ICO) can impose fines of up to GDP 17.5 million or 4 percent of a company’s global annual revenue, whichever is higher.
• In South Africa and a few other countries, violations can result in prison sentences of up to 10 years for certain violations.

Fines can be imposed for various reasons, such as not obtaining proper consent, not providing clear information about data collection and use, or not giving users a genuine choice to accept or reject cookies. Fines are generally more severe for repeat offenses or willful violations.

How a Consent Management Platform (CMP) can help

A consent management platform (CMP) provides tools to help you achieve and maintain compliance with data privacy laws such as the GDPR, the ePrivacy Directive, and CPRA.

For example, Usercentrics CMP and Cookiebot CMP automatically scan your website to find, categorize, and list all cookies and trackers in use, including third-party ones. It helps you create personalized consent banners with relevant jurisdictional information to inform visitors and request their permission to use cookies.

Usercentrics and Cookiebot CMPs are also Google-certified, integrating seamlessly with Google Consent Mode and Google Tag Manager, enabling compliance with Google’s privacy requirements and maintenance of your marketing activities, including personalization and retargeting, in the EU, UK, and Switzerland.

Usercentrics does not provide legal advice, and information is provided for educational purposes only. We always recommend engaging qualified legal counsel or privacy specialists regarding data privacy and protection issues and operations.

Google has introduced two new parameters to Consent Mode, required for personalized advertising from March 2024. If you’re using Google Ads, Google Analytics, and/or the Google Marketing Platform for serving personalized ads in the EU/EEA and UK, you now need to update your consent management to meet Google’s new requirements.

Consent Mode is a tool that signals users’ consent choices to Google tags or SDK so that they can adjust their behavior to align with data privacy requirements. It also enables modeling to recover lost conversions.

Watch our webinar to learn the four steps you need to take now, and how you can protect your ad revenue for 2024 and beyond.

Our expert speakers will guide you through:

• Updating your consent management to meet Google’s new requirements
• Protecting your ad revenue in 2024 and beyond
• Leveraging modeling methods to optimize conversions and drive growth

Watch this expert discussion and ensure your campaigns remain effective in the face of industry changes. Take proactive steps to safeguard your ad revenue and stay compliant with Google’s latest regulations.