CPRA cookie banner

The comprehensive California Privacy Rights Act (CPRA) provides specific guidance to help businesses observe open and ethical cookie practices and privacy regulations worldwide.
Approved on November 3, 2020, the CPRA modifies and improves the California Consumer Privacy Act’s (CCPA) provisions, bringing it closer to GDPR.

What is a cookie banner?

A cookie banner is a pop-up that appears when you visit a website for the first time, informing you about using cookies, asking for your consent, or both.

The cookie banner is an integral part of consent management. And consent management is the practice of asking for, recording and acting upon a website’s visitors’ preferences for data collection. In most consent management solutions, cookie banners are used to obtain consent from visitors.

The banners may take the form of a notice banner that disappears on its own or may require some interaction, such as clicking a button to agree to certain cookies. Different jurisdictions have different cookie banner requirements.

CPRA privacy notice vs GDPR cookie banner

The California Privacy Rights Act (CPRA) does not explicitly require a cookie banner. The CPRA requires businesses to provide privacy notices. These notices must be provided to users when they arrive on the website. There are various types of notifications, and you can serve any of them as a banner.

The notice aims to inform users about data processing, sales, or financial incentives in exchange for data. However, it is not necessary to obtain consent before collecting data.

GDPR, in contrast, requires businesses to obtain consent to use cookies. The GDPR cookie banner aims to inform users about cookie processing and collect consent.


You may also like:


  • EU-US data transfers uncertainties: How an EU-based analytics platform can improve your marketing performance

    European digital marketers are facing unprecedented levels of disruption. Increasing regulatory scrutiny and growing doubts about the legality of EU-US data transfers demand an urgent reassessment of your tech stack. In the very near future, relying on US-based analytics and consent platforms will expose your organization to operational, legal, and financial risks that can no…

  • HIPAA, marketing and advertising: How to run compliant campaigns in healthcare

    Healthcare organizations deal with tons of sensitive information concerning people’s health. It needs to be handled with proper care. In the US, safe parameters for using this kind of data in different contexts, including marketing, are set by HIPAA. Unfortunately, many companies are still unaware of the provisions of the law and the potential consequences…