Cookie Banners That Don't Treat Users Like Idiots

A no-nonsense guide to consent, privacy, and doing it right

Published: January 2025 • 10 min read

Why Cookie Banners Are a Problem

Most users encounter cookie banners daily, but very few actually read them — and for good reason. Many banners are designed to confuse. “Accept All” is front and centre, while the option to decline is often hidden behind vague links, multiple screens, or intentionally unclear wording.

This isn’t just bad design — it actively erodes trust. It’s also at odds with the intent of privacy laws like GDPR and PECR, which require clear, affirmative consent for non-essential cookies. A design that discourages users from saying "no" may technically pass muster, but it fails the spirit of the law — and users know it.

What You'll Learn

  • What real GDPR-compliant consent looks like
  • How to give users proper control over their data
  • When and how to use localStorage instead of cookies
  • Why “legitimate interest” isn’t a free pass
  • How to build a functional, lightweight banner without third-party libraries

What "Compliant" Actually Means

GDPR requires that consent be:

  • Freely given
  • Specific
  • Informed
  • Unambiguous

If your design is built to nudge users toward agreement — by making “Accept” easier or faster than “Reject” — that’s not valid consent. Worse, it may damage your credibility. Users are becoming more aware of these tactics and are increasingly choosing services that respect their preferences without fuss.

Designing for Actual Consent

We believe consent shouldn’t be a hurdle. It should be a choice — presented clearly, with minimal friction.

  • ✅ A visible and equal “Reject All” button
  • ✅ Granular toggles for categories like analytics and marketing
  • ✅ No trackers loaded until permission is explicitly given
  • ✅ Clear language that doesn’t require legal training
  • ✅ A local-first approach — no tracking data sent offsite

If you have to trick a user into clicking “Accept”, your problem isn’t legal compliance — it’s user respect.

How We Built Ours

We designed our solution to be simple, transparent, and respectful. It uses plain JavaScript with no dependencies, and stores preferences in localStorage. We don’t load any non-essential scripts until the user agrees.

// A simple way to store cookie preferences localStorage.setItem('cookie_preferences', JSON.stringify({ necessary: true, analytics: false, marketing: false }));

Preferences persist across sessions, and are read by a lightweight consent manager that controls what gets loaded. No cloud calls. No third-party libraries. No analytics until invited.

Cookies are only set when strictly necessary (e.g. to suppress the banner once a choice is made). This is consistent with GDPR’s provision for essential functionality.

On “Legitimate Interest”

Some services lean on the “legitimate interest” clause to bypass consent altogether. While this is permitted under GDPR in certain contexts, it must still be justified — and it does not override the user’s right to object.

In short: if you’re using cookies for tracking, marketing, or analytics, it’s safest — and most transparent — to ask first.

Final Thoughts

Cookie consent doesn’t need to be a compliance checkbox or a marketing trick. When handled correctly, it’s an opportunity to show users you respect their choice and their privacy.

Design with that in mind, and you don’t just meet regulations — you build trust.