Cookie Consent Guide for Sites and Apps
We created this page to help digital publishers like you find resources and tools that may help you meet consent requirements.
What this guide covers
European data protection regulators have published guidance for online publishers about obtaining consent before using cookies or other storage technologies to collect information about the people who visit their sites or use their apps. Outside of the EU, other laws and rules may require you to provide notice and obtain consent to collect and use data from your site or app.
The EU guidance outlines four main requirements for consent:
- Specific and based on appropriate information
- Given before using cookies or other storage technology to collect information
- Freely given
Examples of publishers who might need consent:
- A Facebook advertiser who installs the Facebook or Atlas pixel on its website in order to measure ad conversions or retarget advertisements on Facebook
Note: Some uses of cookies are exempt from consent requirements. Read European regulator’s guidance on exemptions here.
Asking for Consent
There are many different ways for publishers to obtain consent. Common approaches:
- Displaying a prominent message when a page loads for the first time (this is usually called a “cookie banner”) and informing users what action to take to consent
- Obtain consent from users during a registration flow (where users have to create an account and accept terms before using the website or app)
There are many vendors and industry tools that can help you build cookie functionality. You can find some of these through an internet search for cookie consent tools (and similar topics). Also check out the European Commission’s Cookie Consent Kit.
These types of tools all work in different ways. The best choice for your website or app depends on many things, including the particulars of your offering, the reason you’re using cookies or similar storage technologies, and the laws that apply to you.
Once you select a solution that's right for you, we recommend seeking help from an experienced developer and legal counsel. It's important to make sure the controls you provide work correctly.
What Information To Provide
Websites and apps should display a clear and concise statement up-front, with a link to their privacy or cookie notices for more detail. IAB Europe, a trade organization for digital business and advertising, provides this sample text that might be appropriate for you, depending on your practices:
In your notice, you’ll need to figure out whether to include more information such as:
- Additional information about the specific third-party technologies you use (if any), including Facebook
- The purposes for which you and/or third-parties collect information (for example, advertising purposes)
- Any opt-out controls you or those third-parties provide
Decide what action a user must take to consent. These are a few popular ways that websites and apps do this:
- Navigating beyond a banner or notice
- Dismissing a banner or notice
- Clicking on an “I agree” button
You’ll need to communicate to users that by taking this sort of action, they are consenting. The EU regulator’s cookie guidance contains useful advice on how to do this.
There are many ways to provide choice to users. Here are some options:
- Provide your own opt-out that disables advertising-related uses of data collected from cookies
- If you use third-party plugins or pixels, link to the third parties' privacy policies or consent mechanisms
- Point users to browser or device controls that may block cookies or limit ad tracking
IAB Europe Guidance:
EU Regulatory Resources:
Country-Specific Regulatory Guidance:
Facebook Privacy Links:
Note: Facebook can’t guarantee that these resources are up-to-date or completely accurate.