How manipulative is your cookie banner?

Walk through fifteen questions about a banner you've built or one you've been served. Score it against GDPR, ICO guidance, and the EDPB's recognised patterns of consent manipulation.

Cookie banner ethics scorer

Most cookie banners get designed to make you click Accept whilst giving away as much of your data as possible. That's kinda myopic, because regulators will enforce the spirit of the regulation which is for people to give informed consent. This tool walks you through fifteen questions about a banner you've built or one you've been served, and scores it against GDPR, ICO guidance, and the European Data Protection Board's recognised patterns of consent manipulation.

  • 15 questions in around three minutes
  • This runs entirely in your browser and nothing is uploaded, stored, or sent anywhere. If you really want to help me out, maybe say something nice about AWIP on social media.
  • I am not going to do a thing about ethics in data capture and consent and then steal your data am I? Come on. Power to the users.

    out of 100

    What we found

    What a respectful banner looks like

    The short version, in case you need a reference to point at.

    • Equal prominence for Accept and Reject. Same size, same weight and number of clicks.
    • Nothing pre-ticked. Consent must be opt-in by definition. Anything other than active consent is not consent.
    • Cookie walls suck. Users should be able to read your site without trading their data. Plus you'll just create poisoned and confusing datasets if you force people.
    • Plain language. Specific purposes. Named vendors. "To improve your experience" does not tell the user anything, and they are not stupid. They can understand "We sell this for money" if that's what you are doing with it
    • "Essential" really must mean essential. Analytics, advertising, and personalised offers are not essential.
    • Withdrawal must be as easy as consent. A persistent link in the footer or a settings panel that always works are fine.
    • The choice must stick. If a user says no, the banner stays gone until they change their mind or we lose the ability to identify them as somebody who opted out.
    • Legitimate interest must stay in its lane. It is not a shortcut around consent for marketing or profiling, and it's repeated misuse genuinely rots legit use.

    This tool is informed by UK GDPR, the Privacy and Electronic Communications Regulations (PECR), guidance from the Information Commissioner's Office, and guidelines published by the European Data Protection Board. It is a self-audit aid but it is not legal advice. If you need a formal compliance opinion, talk to a solicitor or your businesses legal team. If you want help redesigning a better consent flow, talk to us.

    Get help fixing this