Date
Title that spreads over two lines
Paragraph 2 sized introduction
July 2025
Is your cookie banner compliant?
As privacy concerns grow and regulations tighten, businesses and website owners are rethinking how they handle cookies and the way they ask visitors for consent.
This post breaks down what cookies actually do, what the rules around them, and how your cookie banner can help keep your site on the right side of the UK’s privacy laws. We’ll also look at what the ICO expects, plus some real examples of how some well-known brands are putting these rules into practice.
Just bear in mind that all the information in this post is correct at the time of writing, in July 2025. So, if you’re reading this at a later date, it’s worth checking the latest ICO updates to make sure you’re still compliant.
What are cookies and why do they matter?
Cookies are small files downloaded to your browser when you visit a website. They store information about you and your browsing activity.
From a business’s point of view, they’re essential for making a website work, understanding how people use a site, and for making improvements to it. Tools like Google Analytics depend on cookies to show a business where their visitors came from, what pages they look at and so on.
For marketing teams, cookies are also the vital for targeted advertising. By tracking browsing habits, they let marketers show ads that match a user’s interests - making their messaging more relevant for users and more effective for advertisers.
Who regulates cookies?
In the UK, it’s the ICO (Information Commissioner’s Office) that makes sure websites follow cookie rules. The laws themselves come mainly from the PECR (Privacy and Electronic Communications Regulations), along with the UK’s version of GDPR.
Using cookies to collect data is becoming more challenging. Privacy laws are stricter, major browsers like Safari and Firefox block certain cookies by default, and both ad and cookie blockers are becoming more common. As a result, many companies are looking for other ways to understand and reach customers, such as gathering more first-party data. But for most, cookies are still a key tool - so it’s more important than ever to handle consent properly.
What the ICO expects
The ICO is clear that users must give informed, active consent for any cookies that aren’t strictly necessary. Necessary cookies, like those that keep a site running - for example, cookies that remember your preferences, what’s in your shopping basket, or keep you logged in - don’t need consent. But cookies used for things like analytics, advertising or personalisation do.
Consent being actively given means no pre-ticked boxes, no banners that say “by continuing you agree” and no designs that make it hard to say no. The options to accept or reject should be equally easy to find and use, so people can make a quick and informed choice.
Your cookie banner should also link clearly to a policy that explains what cookies do, who gets the data, and how long they last.
What this looks like
Let’s look at how some well-known UK brands handle cookie consent, and the different approaches they use to try and stay compliant.
Keeping it simple
BT follow the ICO guidance to the letter, with clear accept and reject buttons, equally visible, leaving no doubt about the user’s options. There’s also a clear link to their cookie policy, explaining exactly what cookies they use and how, along with controls to manage cookie settings - so users can adjust their preferences at any time. Their approach is simple and firmly aligned with ICO guidance, keeping them fully compliant.
Staying compliant
The simplest way to stay compliant - and show users you value their privacy - is to be upfront.
Give people a genuine, clear choice between accepting and rejecting cookies, avoid hidden options or design tricks, and explain exactly what’s happening with their data. The approaches used by BT and Nando’s are great examples - they’re transparent, easy to understand, and aligned with their brand voice.
Respecting privacy isn’t just about following the rules or steering clear of fines. It shows that you care about your users and take data protection seriously - something that can build loyalty and strengthen your reputation.
Being on-brand
Some websites use their cookie banners to showcase their brand voice. This works especially well for brands with a fun or playful side, adding personality and humour while still staying fully compliant. Nando’s is a great example. Their messaging makes the consent request feel less formal and more approachable, helping users feel at ease while still giving clear choices and information about their use of cookies. They even highlight the positives cookies bring to the user, like making their experience on the website even better:
Giving a gentle nudge
Some sites give users a subtle push towards the accept button by making it stand out with a high-contrast colour. Sainsbury’s does this. It’s a fairly common approach for businesses that rely on cookies for operational or marketing reasons, and it’s generally seen as fine—as long as there’s also a visible, easy-to-access reject option. If you take this approach, just be careful the design doesn’t go too far, or it could risk falling short of the ICO’s standards.
What not to do
What definitely isn’t acceptable anymore is only giving users the option to accept cookies, without a clear and obvious way to reject them. This forces users to navigate elsewhere just to find how to refuse. Surprisingly, despite the ICO’s clear requirements, many websites still don’t comply - including some from major brands. The international advertising agency McCann, for example, uses an outdated, non-compliant approach that fails to offer a clear, informed choice, falling short of what the ICO now expects:
More from the digtal blog
Thanks for reading this post. If you’re interested, why not take look at some of the other things I’ve written? I cover a mix of digital topics - from AI, SEO and content strategy, to user experience, data and analytics.
Whether you’re after practical tips or just a bit of inspiration, there’s plenty more to dive into.