Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Civic Cookie Control is a consent management platform (CMP) that helps websites comply with GDPR, CCPA, and global privacy regulations. It provides customizable cookie consent banners, preference centers, and automated compliance scanning. Civic Cookie Control manages user consent across tracking technologies, generates compliance reports, and integrates with tag management systems. With geo-targeted policies and TCF 2.0 support, Civic Cookie Control ensures worldwide privacy compliance.
Civic Cookie Control, often shortened to Cookie Control, is the consent management solution developed by Civic UK Ltd in London. Launched in 2009 as one of the first commercial cookie banners on the British market, it is now used by thousands of public sector and private organisations, including UK local councils, NHS trusts and universities. The service is operated entirely from the United Kingdom.
Cookie Control loads a small JavaScript widget on each page of your website. It displays a configurable consent banner with granular categories (necessary, functional, statistics, marketing), blocks third party scripts until consent is given, exposes a persistent preferences icon that lets visitors withdraw or modify their choices at any time, and writes a proof of consent record. Configuration is handled through a dedicated dashboard hosted at cookiecontrol.civicuk.com.
Civic Cookie Control stores the visitor''s consent decision in a first party cookie called CookieControl (90 days) and may also use localStorage when configured for cookieless persistence. The optional cloud logging service keeps a record of consent that includes a hashed identifier, timestamp, banner version and selected categories. No tracking pixel, no behavioural data and no advertising identifier is set by Cookie Control itself.
A CMP is considered strictly necessary technology under Recital 30 of the ePrivacy Directive and benefits from the consent exemption of Art. 5(3) ePrivacy and Reg. 6(4) PECR in the United Kingdom. Cookie Control can be configured to comply with the strictest implementations: equally weighted accept and reject buttons, granular categories, easy withdrawal, no pre ticked boxes, evidence of consent. It supports Google Consent Mode v2 and the IAB Transparency and Consent Framework version 2.2.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Civic UK Ltd is established in London and processes all visitor data within the United Kingdom on Microsoft Azure UK regions (London and Cardiff). Consent records remain in the UK and are not transferred to the United States or any other third country. The UK is currently subject to a European Commission adequacy decision under Art. 45 GDPR, so transfers from the EU to a UK based CMP do not require additional safeguards such as Standard Contractual Clauses.
Run a cookie scan on your website to inventory third party tags. Map each tag to a Cookie Control category. Configure the banner with equally weighted accept and reject buttons and a granular preference panel. Enable consent logging. Connect the CMP to Google Consent Mode v2 if you use Google services. Document Civic UK as a processor in your records of processing and your privacy notice. Audit the configuration monthly and after every theme or plugin change.
Websites using Civic Cookie Control must obtain user consent under GDPR regulations.
Third-party domains contacted
civicuk.comcookiecontrol.civicuk.comcc.cdn.civiccomputing.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| CookieControl | first_party | 90 days | Stores the visitor consent preferences (accepted and refused categories) for the Civic Cookie Control banner. |
| ccShowCookieIcon | first_party | Session | Determines whether the persistent preferences icon should be displayed on the current page. |
| CookieControlPrefs | first_party | 90 days | Stores granular per category preferences when the CMP is configured with detailed categories. |
Civic Cookie Control is an essential service, but transparency matters. Manage all your consent with FlowConsent.
Civic Cookie Control writes a single first party cookie called CookieControl with a 90 day duration. It records the categories that the visitor has accepted or refused. When the cookieless option is enabled, the same information is stored in browser localStorage instead. No third party cookie is set by Cookie Control.
No. A Consent Management Platform is considered strictly necessary technology under Recital 30 of the ePrivacy Directive and Regulation 6(4) of PECR in the UK. Cookie Control therefore relies on legitimate interest and does not itself require prior consent, provided it only blocks scripts and stores the consent record.
The legal basis is legitimate interest under Art. 6(1)(f) UK GDPR and EU GDPR. Civic UK Ltd processes the limited data needed to comply with the legal obligation to collect consent under Art. 7 GDPR and Art. 5(3) ePrivacy. Visitors can object via the persistent preferences icon at any time.
No. All visitor data is processed within the United Kingdom on Microsoft Azure UK regions (London and Cardiff). Civic UK Ltd does not transfer personal data of website visitors to the United States or to any other country outside the UK and the EEA.
A standalone DPIA is generally not required because the CMP is a privacy enhancing technology. It must however be documented in your records of processing (Art. 30 GDPR) and in the data processing assessment of the wider website. If you combine Cookie Control with high risk tracking, the DPIA applies to those trackers, not to the CMP itself.
Install the JavaScript snippet on every page before any other tag. Run a cookie scan, classify each tag in a category, configure equally weighted accept and reject buttons, enable consent logging, connect Google Consent Mode v2 if needed, and add the persistent preferences icon. Re audit the configuration monthly.
Alternatives include Complianz (Netherlands), Cookiebot by Usercentrics (Denmark), Klaro (Germany), Didomi (France), Axeptio (France), OneTrust (United States) and the open source Klaro. The choice depends on hosting location, regulatory scope and the CMS in use.
Whenever the cookie scan detects a new cookie, update the cookie table in your privacy notice with the cookie name, purpose, duration and category. Re publish the consent banner version to invalidate previously stored consents that no longer cover the new processing.