Designing a Cookie Consent Banner That Actually Follows the Law

In the age of digital privacy, transparency isn’t optional—it’s legally required. Under Thailand’s Personal Data Protection Act (PDPA), websites must inform users when their data is collected, how it is used, and obtain explicit consent—especially when using cookies that track behavior, preferences, or device information.

One of the most visible tools for managing this process is the cookie consent banner. But not all banners are created equal. Many websites still use pre-checked boxes, vague language, or overly aggressive consent strategies that violate PDPA requirements and erode user trust.

In this article, we’ll walk through how to design a cookie consent banner that is legally compliant, user-friendly, and transparent, while sharing a real-world case where a Thai e-commerce platform improved performance and trust through a simple redesign.

What the PDPA Requires for Cookie Consent

The PDPA distinguishes between essential cookies (those required for the website to function) and optional cookies (those used for analytics, advertising, or personalization). According to the law, you must:

1. Obtain informed, explicit consent before using non-essential cookies
   
   

2. Provide a clear explanation of what each cookie does
   
   

3. Allow users to manage or withdraw consent easily
   
   

4. Avoid implied consent or pre-ticked boxes
   
   

This aligns closely with EU GDPR standards, meaning many internationally built banners may require localization or customization for Thai compliance.

What Makes a PDPA-Compliant Cookie Banner?

1. No Pre-Selected Options

Users must actively opt in to optional cookies. Automatically selecting checkboxes or assuming consent when someone continues browsing is not compliant.

2. Clear Categorization

Cookies should be grouped into categories such as:

• Strictly Necessary
  
  

• Analytics
  
  

• Marketing
  
  

• Preferences
  
  

Only strictly necessary cookies can be enabled by default.

3. Easy-to-Understand Language

Avoid technical jargon or legal phrases. Use simple terms to describe what each cookie does and why it’s used.

Example:

• “We use cookies to remember your preferences and improve your shopping experience.”
  
  

4. Separate Consent Actions

Users should be able to:

• Accept all
  
  

• Reject all
  
  

• Customize their choices by category
  
  

This should be done without forcing a decision before continuing to use the site.

5. Link to Privacy Policy

Every banner should include a direct link to the full cookie or privacy policy, detailing how cookies are stored, accessed, and deleted.

6. Consent Logging

Websites should log when and how consent was obtained. This helps in the event of an audit or complaint.

Real Case: An E-Commerce Banner Rebuild That Paid Off

A Thai online retail business received increasing feedback from users who were uncomfortable with the way their data was being tracked. Their original cookie banner:

• Was hidden at the bottom of the page
  
  

• Automatically enabled all tracking cookies
  
  

• Offered no customization
  
  

• Didn’t explain what cookies were used
  
  

Customers voiced concerns, and bounce rates on first-time visits began to rise.

The Redesign

• Banner placed centrally and clearly visible on first load
  
  

• Added opt-in checkboxes with no defaults selected
  
  

• Included clear descriptions for each cookie category
  
  

• Integrated a “Cookie Settings” modal for customization
  
  

• Logged user preferences via a secure consent management platform
  
  

The Results

• Opt-out rates dropped by 34%
  
  

• Bounce rates on first-time sessions decreased
  
  

• Overall trust and brand sentiment improved (measured through post-purchase feedback)
  
  

• The website became fully compliant with the PDPA
  
  

Rather than seeing consent as a barrier, the business viewed it as a UX and branding opportunity—transforming compliance into customer experience value.

Tips for Designing Your Own Banner

• Use contrasting colors for buttons to ensure clarity (avoid tricking users into clicking “Accept”)
  
  

• Ensure the banner is mobile-friendly and doesn’t cover essential content
  
  

• Offer “Change Preferences” access at all times via the footer
  
  

• Test banner behavior across browsers and screen sizes
  
  

Tools That Can Help

There are many platforms and plugins that support PDPA/GDPR-compliant cookie consent, including:

• Cookiebot
  
  

• OneTrust
  
  

• Osano
  
  

• Complianz (for WordPress)
  
  

• Custom solutions using JavaScript and backend consent tracking
  
  

Choose a solution that fits your tech stack, legal risk profile, and customization needs.

Conclusion: 

A cookie banner is more than a technical requirement—it’s your website’s first point of contact with new users. Done right, it builds trust, enhances user control, and keeps you compliant with evolving privacy laws like the PDPA.

If you haven’t reviewed your cookie consent strategy recently, now is the time. With AI tools and plug-and-play compliance platforms, there’s no excuse to rely on outdated practices.