Cookie Consent Guide: GDPR & CCPA Compliance

If your website uses cookies (including Google Analytics, AdSense, or Facebook Pixel), you likely need a cookie consent banner. But not just any banner — it must meet the legal requirements of GDPR (EU), CCPA (California), and increasingly, other jurisdictions.

Do You Need a Cookie Banner?

Yes, if: You have visitors from the EU/EEA (GDPR) or California (CCPA) and use non-essential cookies
No, if: You only use strictly necessary cookies (session, shopping cart, security)

What Your Banner Must Include

Clear consent request — Not buried in a privacy policy link
Granular categories — Necessary, Analytics, Marketing, Personalization
Reject button — Must be as easy to reject as to accept (GDPR requirement since 2020)
Link to cookie policy — Detailed list of all cookies and their purposes
Easy withdrawal — Users must be able to revoke consent later

Google Consent Mode v2

If you use Google Analytics or AdSense, Google now requires Consent Mode v2 implementation. It adjusts tag behavior based on consent status:

granted — Full data collection
denied — No cookies, modeled conversions (GA4 still works with reduced data)

GDPR vs CCPA: Key Differences

Aspect	GDPR (EU)	CCPA (California)
Default	Opt-in (must consent)	Opt-out (can refuse sale)
Scope	All EU residents	California residents
Penalties	Up to 4% global revenue	$2,500-$7,500 per violation

Generate a Compliant Banner

Use our Cookie Consent Banner Generator to create a GDPR/CCPA compliant banner with Google Consent Mode v2 support — copy & paste in 30 seconds.

The Bottom Line

If you have EU or California visitors and use analytics/ads, you need a cookie banner
The "Reject" button must be as prominent as "Accept"
Google Consent Mode v2 is now required for Analytics and AdSense
Keep your cookie policy updated as you add/remove cookies

Disclaimer: This guide is for informational purposes only and does not constitute legal advice. Consult a legal professional for compliance requirements.