There are multiple ways in which cookie notices can be configured. Typically, a cookie notice will fall into one of three formats:
- Notice + Opt Out. A “notice + opt out” disclosure informs visitors that the website deploys cookies and provides the visitor with a mechanism for disabling the website’s future deployment of cookies. This may include a single option to “opt-out” of all cookies, or might provide more granular options to opt-out of some types of cookies (e.g., behavioral advertising cookies or analytic cookies).
- Notice + Opt In Consent. A “notice + opt in consent” disclosure informs visitors that the website would like to deploy cookies and asks the visitor to opt-in, or accept, cookies before they are deployed. This may include a single option to “opt in” to all cookies, or it might provide a more granular option to opt-in to some types of cookies (e.g., behavioral advertising cookies). It is worth noting that some companies have been criticized for providing “notice + opt-in” disclosures, but then ignoring whether the website visitor provides opt-in consent. In other words, deploying cookies regardless of whether consent is obtained.
In order to help companies understand and benchmark industry practice, BCLP analyzed a random sample of the homepages of the Fortune 500 to better understand their use of cookie notices and cookie banners.1 As of December 14, 2019, only 28% of companies were deploying some form of cookie notice.2 As the following chart illustrates, among the companies that were deploying notices there was little standardization in terms of whether notice, opt-out, or opt-in disclosures were utilized: