Since 2018 and the advent of the European General Data Protection Regulation (GDPR), consent has been established as the most common legal basis for online data collection. We should know, as we provide a leading Consent Management Platform (CMP) and help thousands of organizations worldwide comply with data privacy regulations.

 

But as more and more regulations are introduced, each with its own intricacies and specificities, it can be hard to determine what a compliant consent banner looks like. If your organization collects consent in various countries, the waters get even muddier: What consent banner should you implement? What buttons should it feature? How many layers of information?

 

In this article, we go over the various types of consent banners, where they apply, and take a quick look at what you should avoid doing when creating yours (dark patterns), before introducing how you can build it with Didomi.

 

Note: To learn more about consent banner position, the difference between pop-in and sticky banners, the performance of subscription cookie walls, and access proprietary data we collected from the thousands of websites Didomi is implemented on, check out our 2023 data privacy consent benchmark:

 

Didomi - Consent benchmark whitepaper

 

Summary

 

 


 

The 4 main types of consent banners (with examples)

 

a mockup of four consent banners of each type

 

There are a lot of possibilities when it comes to creating a consent banner (sometimes also called a consent notice) for your website.

 

Generally speaking, we can single out 4 types of approaches to data collection and, thus, 4 types of consent banners you can go for:

 

  • Opt-in 

  • Opt-out 

  • Mixed 

  • Informational 

 

Let’s take a closer look at each, consider which regulations they are generally advised for, and bring up some examples.

 

Disclaimer: This article is for informational purposes only and should not be taken as legal advice.

 

We are advocating for data privacy best practices, but remember that each country, state, and authority has its own interpretation of any given law. You should always consult with your legal department and DPO before committing to any particular consent banner.

 

Opt-in consent banners 

Opt-in consent banners require users to provide their explicit consent to data collection and processing.

 

They are found under strict data protection regimes such as the European Union’s General Data Protection Regulation (GDPR), and have a few key characteristics:

 

  • Consent is required immediately upon entering the website 

  • The first layer of the banner generally provides a choice to either accept or reject consent and another to configure choices by going to a second layer

  • In that second layer, purposes for data collection are neither set to “disagree” nor “agree” by default (unless for some legitimate interest purposes)

 

By virtue of being one of the most thorough formats available, it is sometimes adopted by organizations around the world as their default banner for every customer, regardless of their location. 

 

Example of an opt-in consent banner 

 

A mockup of an opt-in consent banner, with the title "opt-in consent banner" and the subtitle "one of the most thorough formats available

 

Opt-out consent banners 

Opt-out consent banners are used in data protection regimes where data collection happens by default.

 

They can be found under data privacy laws similar to California’s CCPA (now amended by the CPRA) and other U.S. regulations. Some key components of opt-out banners include:

 

  • An optional button where users can ask the company not to share/their data 

  • All purposes for data collection in the second layer are agreed upon by default

 

While this type of banner can be found in less stringent consumer data protection laws, they offer some amount of control to consumers.

 

Example of an opt-out consent banner

 

A mockup of an opt-out consent banner, with the title "opt-out consent banners" and the subtitle "Offering some amount of controls to consumers"

 

Mixed consent banner

Mixed consent banners are in between the opt-in and opt-out banners.

 

Much like opt-out banners, they favor data collection for organizations, but they also add a new layer of privacy settings for consumers. The key characteristics of a mixed consent banner are:

 

  • Purposes are all agreed upon by default 

  • A new button gives consumers control over “sensitive” personal data (definition varies depending on the regulation)

  • Upon clicking the “sensitive personal information” button, users have access to a second layer to control the usage of that data

 

You’ll find this type of banner in several U.S. states that have passed consumer data privacy laws, starting with the California Privacy Regulation Act (CPRA). It provides an added element of control for consumers and introduces the notion of sensitive personal information.

 

Example of a mixed consent banner

 

A mockup of a mixed consent banner, with the title "mixed consent banner" and the subtitle "A middle ground between the opt-in and the opt-out formats."

 

Informational consent banner

Finally, informational consent banners are very general, cookie-cutter (pun intended) banners that provide little information and don’t allow customers to have control over their data.

 

They are merely a displayed message, and are used, for the most part, in places where the data privacy landscape is still in a state of limbo.

 

You’ll recognize an informational consent banner by these basic identifiers:

 

  • Small message informing of cookie collection

  • Few or no options to accept, deny, or configure your choices

 

We advise against implementing an information consent banner unless your data protection regime requires you to do so.

 

Example of an informational consent banner

 

A mockup of an informational consent banner, with the title "informational consent banner" and the subtitle "Providing surface-level information to users."

 

What are dark patterns?

 

When talking about consent banner best practices, it's important to highlight best practices but also what you should avoid doing. Dark patterns are a type of deceiving design element that is looking to manipulate users into making certain decisions online.

 

In the infancy of the GDPR, unknowing (or sometimes unscrupulous) organizations were notoriously using design tricks in their consent banners to influence users into providing consent for data collection, something that we strongly recommend against.

 

A mockup of 4 consent banners illustrating four types of dark patterns: manipulative buttons, hidden choices, confusing banner text, and influencing design.

 

Here are 4 things to avoid when creating your consent banner:

 

  1. Manipulative buttons: Using specific wording in the choices to guilt-trip users into making a decision over another (e.g., “I’m happy to accept”)

  2. Hidden choices: Influencing users by making one or several of the choices harder to see (e.g., different font or color to blend one of the choices in the banner)

  3. Confusing banner text: Offering a description that doesn’t accurately describe what the consent collection entails (e.g., “Data collection is boring, don’t worry, we won’t really use your data”)

  4. Influencing design: Misleading users with the design of the banner itself (e.g., visual elements that clearly push the user to go towards one of the options)

 

Interested to learn more about dark patterns? Read our article on the topic:

 

Learn more about dark patterns

 

Multi-regulation: the easiest way to build a compliant consent banner

 

Our flagship product, the Didomi Consent Management Platform (CMP), is the highest-performing CMP on the market. With opt-in rates up to 99% and a 95% client retention rate, we are deployed in over two hundred thousand websites, and are collecting consent in over a hundred billion (!) pages on the internet. 

 

See for yourself by browsing our customer reviews on software review aggregator G2, where we were rated the #1 consent management platform provider in its 2023 Summer Report.

 

Thanks to our experience in the field, we know that different countries and regions have different privacy requirements, and that figuring out which banner to display to which set of users can be a daunting task for organizations operating on a massive scale.

 

A mockup of a consent banner, with logos of the IAB Europe, and several regulations: Law 25, CPRA, CTDPA, UCPA, CCPA, CPA, and GDPR

 

Our multi-regulations consent flow helps you manage consent for all privacy regulations across multiple channels,  devices, frameworks, and touchpoints from a single platform. Our solutions help you: 

 

  • Display the right banner based on user location with geo-targeting 

  • Automatically detect industry standards like Global Privacy Controls (GDP)

  • Streamlines and manage end-user privacy requests (DSAR) with our Privacy Request module

  • Measure the impact of your banner and run A/B tests using our Advanced analytics

  • Interact with privacy experts who can help you implement and optimize your data privacy practices

 

To learn more about multi-regulations and how Didomi can help with your compliance and data privacy challenges, visit our dedicated CMP page:

 

Learn more