Skip to content

Nettsider · · 3 min read

Cookie banners and consent explained for small businesses

Why does your website need a cookie banner, and what actually counts as valid consent? A simple guide to cookies with no legal fog and no dark patterns.

By Mediseo

Almost every website greets you with a box about cookies. Most people click "accept" without a second thought about what's actually happening. Here's what a cookie banner is for, and how to build one that's honest rather than just a formality.

What a cookie is

A cookie is a small text file a website stores in a visitor's browser. It lets the site remember things between page views and visits: that you're logged in, what's in your basket, or which language you chose.

Cookies aren't dangerous in themselves. The problem starts when they're used to follow people across different websites without their knowledge. That's why the rules distinguish between different types.

The two types that matter

For an ordinary business website, the practical split is simple:

  • Necessary cookies are needed for the site to work — login, basket, security. These don't require consent.
  • Non-essential cookies are used for analytics, marketing or tracking. These require active consent before they're set.

The main rule is short: anything not strictly needed to deliver what the visitor asked for is something they should be able to turn off.

What valid consent actually requires

Consent that counts has to meet a few simple tests. It must be:

  • Active. The visitor has to make a choice themselves. Pre-ticked boxes or "by using this site you agree" don't qualify.
  • Informed. People should understand what they're agreeing to. Short, clear wording beats a link to ten pages of terms.
  • Freely given. Saying no should be as easy as saying yes. A big green "Accept" button next to a grey, hidden "Reject" isn't a real choice.
  • Withdrawable. Someone who changes their mind should be able to update their choice later without a struggle.

That last point is often forgotten. A small link in the footer — "Change cookie settings", say — solves it neatly.

Dark patterns to avoid

A "dark pattern" is a design that nudges people towards a choice they wouldn't really have made. With cookie banners, the common ones are:

  • A prominent "Accept all" button and a near-invisible "Reject".
  • "Reject" buried behind several clicks and menus.
  • Banners that block the whole page until you say yes.

Beyond eroding trust, this also makes the consent invalid — because it's no longer freely given. An honest banner is actually the easiest one to defend.

How to set up a clean banner

You don't need to build this yourself. Most people use a ready-made consent tool that handles the work:

  1. Map out which cookies your site sets. Analytics tools, embedded videos and chat widgets often set cookies you didn't know about.
  2. Split them into necessary and non-essential. Only the non-essential ones should wait for consent.
  3. Set the banner so tracking is off by default, and only switches on once the visitor says yes.
  4. Give "Accept" and "Reject" equal weight — same size, same visibility.
  5. Add a way to change the choice afterwards.

What we tend to remind businesses is that a cookie banner isn't an obstacle to get past, but a small test of whether you're being honest with visitors. Pass it, and the whole website feels more trustworthy.

Frequently asked questions

Does a simple website with no shop need a cookie banner?

It depends on what the site sets. If you have analytics, embedded videos or marketing pixels, non-essential cookies are being set — and then you need consent. A plain text page with no tracking at all often manages without.

Is it fine to use Google Analytics?

Yes, but analytics cookies count as non-essential. So you should ask for consent before they're set, and mention the use in your privacy policy. Some people choose more privacy-friendly alternatives to make this simpler.

What happens if someone says no to cookies?

The site should work perfectly normally without the non-essential cookies. You lose a little analytics data about them, but that's the whole point of a real choice — and the visitor shouldn't be penalised for it.

This is general guidance, not legal advice. If you're unsure about a specific situation, a short chat with someone who knows privacy law well is time well spent.

What we can do for you and your business.

Tell us briefly what you need help with — a new website, more visibility on Google, or just a once-over. We get back within a working day, usually with something concrete.

Book a free 20-min callBuild a site with us