Skip to content

Cookie Consent Banners

online privacy and cookie consent banners

Chris Tradgett

The Effect on Affiliate Tracking

This follows on from an earlier article on Consent Management Platforms (CMPs) for the affiliate industry and some of the options available. It also covered the legal standpoints for affiliate partnerships and stressed the importance of understanding the effect of CMPs or cookie consent banners on affiliate tracking. 

The affiliate industry is currently at a juncture where most programs have implemented first-party tracking as we have covered in earlier articles. From analysis of Moonpull audits, it is clear that in spite of this, over 80% of advertisers also have third-party cookies still in place. So even where a user rejects cookies, the third-party legacy tracking may well still operate.       

Variations in Cookie Consent Banners 

With over 20 consent management platform suppliers, many of whom offer several products, plus cookie bars being used, it is not surprising that there is a huge variety of consent banners, buttons or screens being presented to the internet user. We covered some of this in the article on consent management platforms.

There’s also wide variation in how the user is being led by these devices. Correct PECR compliance settings should mean that the CMP device offers options to the user without variation in colour or prominence of the Accept or Decline options relating to non-essential elements being put on the user’s device. This is quite a rare approach in practice however, as advertisers almost always rely on cookies and scripts to deliver desirable website functionality (beyond the essential), along with analytics and of course affiliate and other tracking.

The consent notices we have encountered in Moonpull go from the basic cookie bar “ by using this site you consent to our use of cookies” right through to screen takeovers that are totally compliant. Any one company’s approach is likely to be influenced by the relative sway of Legal or Marketing in the C-suite decision making. 

As we shared in the earlier article, the UK regulatory authority (ICO) had to roll back from their original fully compliant CMP as 95% of users were rejecting all non-essential cookies; so advertisers who need onsite technologies to work properly – and affiliate partnerships to be rewarded correctly will need to achieve far better acceptance rates. 

From an affiliate publisher perspective, the most attractive advertisers will be the ones where the consent notice is appropriate to the advertiser’s audience to maximise user acceptance of cookies to be set and thereby aid conversion. Advertisers’ affiliate managers and their colleagues in ecommerce teams will  therefore need to balance the needs of partners with their legal requirements in their approach to compliance  to allow for a successful program. 

Examples of Consent Banners

Moonpull is presenting these examples from the perspective of how they illustrate a range of approaches. Different advertisers may have different legislative requirements based on their use of differing technologies. So, these are illustrations of approaches and not recommendations or judgements on compliance.

There are many advertisers at the totally non-intrusive end of the spectrum:


1 – this example on the website: cookie banner

The simple X to close the notice is as much as the user is asked to do, unless they really love reading ‘cookie policy’ pages. The affiliate tracking is also set as active from the initial landing on the website, ideal from a publisher’s perspective.


2 – Marks and Spencer offers clearer options (as of October 2023):

M&S cookie consent banner

‘Accept all cookies’ is presented as  perhaps the more attractive option. One month earlier M&S showed this version:

cookie consent M&S

Interestingly, the cookie was only set when you clicked Close (and now its on “Accept all cookies”), without the option of not accepting them, apart from the “Read our full Cookie Policy here…” link. 


3 – is one of the quirkiest we’ve encountered:

James Martin cookie consent banner

Silver lists no cookies, with a different colour button; gold and platinum 6 cookies each. 


4 – British Airways

This is similar to many of the more common implementations of consent messages, though here it doesn’t show their brand – although those in the know will recognise their fonts and colour palette – and the user has to agree or customise:

British Airways cookie consent banner

Previous versions required a lot more from the user to grant access, which may have led to the change potentially due to too little consent being achieved for satisfying their commercial objectives, as in the example of the UKs ICO website mentioned before.


5 – At the extreme compliance end of the scale this example from VisitLondon, though still this steers the visitor to accept:

Visit London CMP

Marketing may have had to pull rank over legal to avoid the lack of visitors – as this with a much less compliantred button to Allow all cookies replaced the banner during September:

London new CMP

6 – The most compliant are set out as described at the beginning of the article.

This example from the Webgears group:

Webgears CMP

The Consentmanager CMP does not allow preview to the site unless the CMP has been engaged. Interestingly, if the user clicks elsewhere on the page, a second tier banner appears (try that yourself). This presents two options for Reject all or Accept all, equally presented.


7 – TUI is a rare example of a consumer website with no button being shown as preferred:


Perils of non-compliance

The reason we are seeing such significant difference in the cookie banners that websites greet visitors with is that compliance is legally important across an increasing number of markets. PECR regulations are just that and not a ‘best practice’ recommendation. And this can end up with some significant fines for non-compliance.

CookieYes highlighted 8 in a recent article:

cookieyes PECR violations
  • TikTok was fined $5.4 million in January 2023 by CNIL France
  • Microsoft Ireland was fined $65 million by CNIL France
  • Sephora was the first fine, of $1.2 million or violating California’s CCPA
  • Google was famously hit with $162 million fine in December 2021, again by CNIL France
  • Facebook was also fined at that time $65 million by CNIL
  • Amazon was an early fine in December 2020, $38 million by CNIL
  • CNIL also fined Carrefour $3.23 million for violations including cookie consent
  • Twitter was fined $32,000 by Spainish agency AEDP               source: CookieYes

This has given advertisers’ legal teams a much stronger voice at board level to urge for stronger website compliance. This led to extremely compliant banners being introduced particularly by larger retailers, often resulting in websites being almost unusable if all cookies are rejected. Many as we see in the examples above, have rolled back the compliance to make them much more user friendly for consumers.

What can we learn from this?

This review of consumer and retail websites shows that there is a variation, which continues to develop and change. Overwhelmingly, we see that more consumer focused sites don’t show much granularity beyond Accept / Manage / Reject. Also there is almost always a nudge to Accept all either by colour, button size or page positioning. More corporate websites tend to be more strictly compliant to PECR regulation.

This applies across most European markets with a requirement for one of the buttons to be engaged with. We are increasingly seeing adoption across other markets. Australia, Canada and Thailand all strengthened privacy legislation over the past year, along with many US States.

The picture will vary across the USA as privacy legislations are enacted. The US now has eleven states with privacy legislation, a doubling since last year, which all vary in requirements, making a tricky landscape to adapt to for advertisers. Many of the CMP providers offer increasingly intelligent solutions to cover much of the variation.

It is also fair to say that from this brief examination of CMPs, that it does appear that many websites are adjusting their positions on how to present cookie consent banners along the spectrum from full legal compliance to the marketing friendly and simpler devices. All will of course be keeping an eye on legal cases and fines already being levied for non-compliance.

From and affiliate publisher’s point of view, it is important to regularly check the most important partner merchants and advertisers to understand what your visitors are met with on the affiliate referral. Moonpull audits enable a publisher to schedule regular audits of the top 20 or more advertisers to monitor changes in both tracking and CMPs, something that is increasingly important to ensure affiliate revenues are protected.

If you would like to see more of how Moonpull can benefit your business, we’d love to hear from you.
Please drop us a line on the Contact page

Subscribe to the newsletter to stay up to date