In the second part of our series, we review Cookie Consent Management – best practices, recommendations, dos and dont’s. In the first part of our blog we have review the definition and business potentials of Cookie Consent Management.

Chapter Two: What can companies do?

Required Steps

Must DO number 1: Review – Do I need a Cookie Consent Management Solution?

Not every website administrator has to worry about Cookie Consent Management automatically. It is irrelevant, especially for small businesses that embed their web presence on platforms; the issue has either usually already been taken care of by the platform or doesn’t use web analytics, personalization, advertising, or social media integration.

Must DO number 2: Cookie Consent Management solution requirements.

The requirements of a Cookie Consent Management solution seem evident at first glance. However, at a second look, they can cause enormous efforts. Particularly the integration of various tools (Cookie Consent Management Platform, Tag Management Tool, integrated scripts, and pixels) can result in dependencies that can be explained as a simple “if…then…” rule. Nevertheless, during the implementation of added complex tracking setups, the following questions arise:

  • the availability of experts / JavaScript know-how in the company
  • the use of standard integrations and their applicability to your situation
  • the intended user experience when utilizing the tool, and
  • the planned maintenance and release processes for ongoing operation.

Must DO number 3: The process-model for the implementation of a Cookie Consent Management Tool

A “simple changeover” will no longer be possible for mid-sized companies. Several business-critical processes depend on the website’s information; the more sales directly influenced by the website, the more complex a proper migration is. Coordinated independent planning is necessary for media campaigns, reporting, onsite personalization, but most importantly, data privacy approval processes.

An important decision point is whether to undertake a “hard cut” or an “ongoing transition” for the changeover. This decision will affect the following steps in the context of more- or less planning intensity. In any case, the bottom line is that all technologies must be checked, tested, approved, documented, and properly integrated or linked to the cookie consent solution. Additionally, considering the further maintenance of the setup, one should also contemplate at the beginning the update and deletion processes to avoid the solution becoming unmaintainable afterward. The argument “This is how it has grown over time” will not suffice if there is ever an external complaint.

An important decision point is whether to undertake a “hard cut” or an “ongoing transition” for the changeover. This decision will affect the following steps in the context of more- or less planning intensity.

Regarding the American legal landscape, we are currently working with our customers on setting up opt-out solutions for website users. Due to the expected tightening of regulations, we are designing these solutions so that an Optin can be subsequently implemented with the lowest effort possible.

Design scope

Can DO Number 1: User Experience

According to our project experience, the design of mechanisms and information architecture for a cookie consent management solution greatly impacts the consent rates. With short research, you will recognize the differences in the design of German and international websites.

In most cases, the user has a clear interest in your content, they do not want to interrupt their journey, and therefore, they are unlikely to thoroughly read the “about the use of cookies” disclaimer. Your users are looking for a quick way to “get rid” of them. By no means are we encouraging deceiving the users but offering the information in a way it can be found quickly and remains under the legal framework. This should be the lever you can use in the design stage.

Can DO number 2: Categories

A second primary lever is the user of the categories mentioned in part one of this blog series. Many users – especially those who read the detailed information regarding cookies – are interested in transparency and are not necessarily adverse towards cookies. It is precisely under this case that Cookie Consent Management is helpful; for example, options can be set up to offer opt-out or opt-in:

  • for all technologies/services at once
  • for technologies/services by category (e.g. analytics, personalization, advertising)
  • for each technology/service individually

Currently, the “per category” consent option is the most common approach.

Cookie Consent Management Sample: Categorization of cookie consent

This categorization allows an individual assessment of the technologies used and avoids a general rejection in the first place. Additionally, it also provides clarity compared to consent at the technology level.

Current Challenges

The legal framework for Cookie Consent Management has been placed for some years. Nevertheless, not all website operators seem to be inline with the legal “status quo” so far. For Websites used across the borders a lack of clarity is common. In the case of the USA, Cookie Consent is still under establishment compared to Europe. Nevertheless, a national framework in the USA is putting companies under pressure.


In our daily working experience and discussions with other agencies, we repeatedly encounter setups that appear to be sufficient on the surface. However, while looking closely at the underlying data flows and contracts, you will quickly move from “gray areas” to warning risks. Conducting an audit of the status quo will help us avoid unnecessary risks and leverage the opportunities available for businesses. Finally, cookie consent management is a company’s C-level issue and must be engaged with the appropriate relevance.

Photo: Gabby K.| Pexels