Cookie consent rate: how to optimise it without breaking GDPR

TL;DR

The cookie consent rate is the percentage of visitors who accept all or some of the cookies offered via your banner. It directly affects the volume of data available for analytics, marketing and attribution. Improving it is achievable by working on banner clarity, design and positioning — but only within the boundaries set by the GDPR. Dark patterns are prohibited.

Every visitor who declines your cookies represents missing data: an unmeasured conversion, an incomplete advertising audience, an invisible user journey. The consent rate is a genuine business concern, and it is legitimate to seek to improve it.

But improvement cannot come at any cost. The ICO, EDPB and noyb have clearly identified and acted against deceptive practices on cookie banners. This guide explains which levers you can legally use, and which are off limits.

What is the consent rate and why does it matter?

The consent rate measures the proportion of visitors who agree (fully or partially) to non-essential cookies during their visit. A higher consent rate means more analytics data, broader advertising audiences and better conversion attribution.

Impact on analytics and marketing

When a visitor declines analytics cookies, their sessions are not counted in Google Analytics 4 (or are counted in a degraded form via Google Consent Mode v2). When they decline advertising cookies, they cannot be retargeted, and their conversions are harder to attribute. Across a site with thousands of daily visitors, this represents a significant volume of missing data.

Realistic consent rate expectations

Consent rates vary widely depending on sector, site type, visitor location and banner configuration. There is no universal benchmark. What matters is making steady improvements within the legal framework, not chasing an artificially inflated number.

Which factors legally influence the consent rate?

Several parameters of your banner have a measurable impact on the consent rate, and all are lawful under the GDPR provided they respect the basic principles: clear information, accessible choice, no manipulation.

Banner design and positioning

A clear, readable banner with a visible accept button and an equally accessible decline button positively influences users who want to consent quickly. Well-designed banners reduce friction for those who want to accept, without coercing those who want to decline.

Message clarity

A clear message about what the visitor is consenting to generates more trust than opaque legal text. Trust is the primary driver of consent. Explain simply what each category of cookies is used for.

Granularity of choices

Offering distinct cookie categories (analytics, advertising, personalisation) allows users to consent partially rather than declining everything. A user willing to accept analytics but not advertising cookies will not reject everything if that option is available. Granularity can improve the overall consent rate.

To test and compare different banner configurations, see our guide on A/B testing and GDPR cookies.

What is prohibited: dark patterns on cookie banners

The ICO, EDPB and noyb have identified and acted against deceptive practices on cookie banners. These practices are unlawful under the GDPR because they prevent free and informed consent.

Prohibited practices

1. Prominent accept button and hidden, greyed-out or reduced decline button
2. Pre-ticked boxes for non-essential cookie categories
3. Decline choice only accessible after multiple clicks (buried 'Manage preferences')
4. Misleading text that does not mention the advertising nature of the cookies
5. Interface that implies declining is impossible or penalising
6. Colours that draw attention only to the accept button
7. Site access blocked until acceptance (non-compliant cookie wall)

The ICO and noyb have taken action against multiple organisations for these practices. Sanctions can be material for those who persist.

Is a cookie wall legal?

A cookie wall blocks site access until the user accepts cookies. The ICO and EDPB have concluded that this practice may be lawful in very limited circumstances: if the user has a genuine alternative (payment, cookie-free version), and if the site can justify that acceptance is necessary for its business model.

In practice, cookie walls without an alternative are treated as coercive mechanisms that invalidate consent itself. Use with extreme caution and only after legal analysis.

Common mistakes that harm both consent rate and compliance

The decline button is absent or very hard to find. This invalidates consent (not freely given) and reduces trust. Users close the banner without interacting, which your CMP may record as a refusal. Display a clear decline button alongside the accept button.

The message uses incomprehensible legal jargon. Users do not understand what they are consenting to and decline as a precaution. Simplify the language without hiding the information.

The banner reappears on every visit despite a stored refusal. This creates an irritating experience that undermines trust. Verify that your CMP correctly persists the refusal across sessions.

Cookie categories are not clearly defined. Offering 'Marketing and partners' without explaining which tools are involved prevents informed consent. List the main tools per category.

The banner is optimised for desktop only, not mobile. On mobile, a poorly adapted banner can obscure options and make declining difficult. Test your banner across devices.

How to test and legally improve your consent rate

A/B testing your banner compliantly

You can test different banner versions (message, colours, position, category granularity) provided all tested versions are GDPR-compliant. An A/B test comparing a compliant version against one using dark patterns is not acceptable.

Metrics to track

1. Full acceptance rate (all categories accepted)
2. Partial acceptance rate (at least one category accepted)
3. Full refusal rate
4. Ignore rate (closed without interaction, if your CMP measures it)
5. Consent rate by category (analytics, advertising, personalisation)

Checklist: improving consent rate within the GDPR

1. Display a decline button as visible as the accept button
2. Use clear, accessible language (no legal jargon)
3. Offer distinct cookie categories with understandable descriptions
4. Do not use pre-ticked boxes for non-essential categories
5. Do not block site access without an alternative (cookie wall)
6. Verify that refusal is persisted across sessions
7. Test the banner on mobile and desktop
8. A/B test only GDPR-compliant versions
9. Measure acceptance rate by category to identify friction points
10. Verify that your CMP stores consent for the regulatory period (max 13 months per ICO guidance)

Conclusion

The consent rate can be legally improved by working on message clarity, decline accessibility and choice granularity. Deceptive practices generate artificially high short-term rates but invite regulatory action and destroy trust.

Start by analysing your current cookies and banner configuration with the FlowConsent cookie scanner, then iterate within the legal framework.