Disclaimer: This generator produces draft wording and markup for discussion with qualified legal counsel. It is not legal advice. GDPR and national implementations vary; you are responsible for lawful basis, records of consent, and technical implementation.
Cookie banner options
Show cookie categories in banner?
Text tone (plain-language variations)
Preview appearance
Mobile-width preview
Add website name and privacy policy URL for a complete checklist and realistic preview links.
Freely given: Templates avoid pre-checked boxes; do not tie unrelated services to consent.
Specific / granular: Wording targets the selected data uses.
Informed: Add your privacy policy URL so users can read full information.
Unambiguous / affirmative action: Opt-in model selected for banner.
Easy withdrawal: Withdrawal method stated.
Equal prominence (accept / reject): Reject and accept use equal-weight layout in starter CSS.
No unnecessary bundling: Separate marketing / analytics / sharing consents where required; avoid one checkbox for unrelated purposes.
Snippets use unchecked checkboxes only — no pre-ticked marketing boxes. Wire buttons to your CMP or tag manager; this tool does not record consent.
Live preview
Active text (Formal)
This generator produces draft wording and markup for discussion with qualified legal counsel. It is not legal advice. GDPR and national implementations vary; you are responsible for lawful basis, records of consent, and technical implementation.
our service uses cookies and similar technologies. We request your consent before storing or accessing non-essential cookies on your device for: analytics / performance cookies. Purpose: the purposes described when you use our website and services. Third parties may include: service providers who assist us under contract, as listed in our privacy policy. You may withdraw consent at any time: Email us at the address in our privacy policy, use the preference center in your account, or contact support to withdraw consent at any time. Full details: Privacy Policy (#privacy-policy) and Cookie Policy (#cookie-policy).
About this tool
The General Data Protection Regulation (GDPR) sets a high bar for when organizations may rely on consent as a lawful basis for processing personal data. Articles 6 and 7, read together with Recital 32, describe consent that is freely given, specific, informed, and unambiguous—typically manifested by a clear affirmative action. Pre-ticked boxes, bundled consents for unrelated purposes, or coercive “take it or leave the service” patterns can invalidate consent and expose controllers to regulatory scrutiny, complaints, and reputational harm. Cookie and similar technologies add another layer in the EU/EEA and UK: ePrivacy-derived rules often require consent (or another narrow exemption) before non-essential cookies or similar storage on devices. Marketing emails, contact forms, analytics, and data sharing with partners each deserve distinct, understandable disclosures—not a single opaque paragraph users cannot parse. SynthQuery’s GDPR Consent Text Generator helps product, marketing, and legal teams draft banner copy, checkbox labels, email opt-in language, processing consents, and third-party sharing statements with three tonal variants (formal, friendly, concise), plus HTML structured for labels and inputs without pre-checked marketing boxes, and a CSS starter that gives equal visual weight to accept and reject actions where you select compatible button presets. A live iframe preview and optional mobile-width frame help you sanity-check readability before implementation. Nothing leaves your browser: you tune colors, export snippets, and still must connect scripts to your consent management platform, record evidence of consent, and have counsel confirm lawful basis and jurisdictional fit.
What this tool does
Five consent archetypes cover the most common UX patterns teams argue about in backlog grooming: a dialog-style cookie banner with accessible roles and equal-weight action rows; form-adjacent checkboxes whose labels spell out data categories and withdrawal; double opt-in friendly marketing lines; processing consents that enumerate purposes; and sharing consents that name partner classes you describe in the third-party field. Each HTML example omits the checked attribute on optional marketing or analytics boxes—an explicit product decision aligned with WP29/EDPB guidance against pre-ticked boxes for non-essential processing. The CSS starter defines flex rules so primary and secondary buttons share minimum width in banner layouts, supporting “equal prominence” discussions with designers who might otherwise style “Accept” as the only saturated button.
The compliance checklist is educational, not a guarantee: it flags when you have not supplied a privacy URL, when cookie categories are hidden while claiming granular consent, when banner models drift from opt-in, or when button presets lack a reject path. Technical teams still must integrate with Google Tag Manager Consent Mode, Cookiebot, OneTrust, CookieYes, Osano, or custom code; legal teams must map each processing activity to a lawful basis and retention schedule. Multiple text variations reduce copy-paste monotony and give localization teams starting points. Because the engine runs locally, you can iterate during vendor diligence calls without pasting confidential vendor names into a remote SaaS unless you choose to.
Technical details
Article 6 GDPR lists lawful bases; Article 7 adds conditions for consent, including the ability to withdraw as easily as giving it and the burden on controllers to demonstrate consent was obtained. Recital 32 stresses that silence, pre-ticked boxes, or inactivity should not constitute consent. ePrivacy implementations govern storage/access on terminal equipment and interact with PECR in the UK. This tool encodes those ideas as checklist items and template rhetoric, not as automated legal conclusions. HTML uses semantic fieldsets for cookie categories, explicit button types, and data-action attributes you can bind to your CMP. CSS relies on custom properties for theming and flexbox for button distribution; color-mix() enhances secondary surfaces on supporting browsers. The preview iframe sandboxes markup without scripts so designers see layout, not behavior.
Use cases
E-commerce shops launching in Germany or France need banner copy that matches their CMP while staying honest about pixels fired at checkout. SaaS signup flows collect work emails and sometimes phone numbers—separate consents for product email versus marketing nurture tracks reduce bundling risk. Publishers running programmatic ads document analytics and advertising cookies, link out to TCF vendors where applicable, and pair banner text with their privacy team’s vendor list. Healthcare-adjacent or HR tech startups may layer this generator’s processing consent wording into workflows counsel approves for special category data—never substituting clinical compliance frameworks, but accelerating first drafts. B2B lead forms that sync to Salesforce include third-party sharing language when partners process leads. Mobile web teams preview compact corner banners before handing specs to native app squads who mirror the same disclosures in-app.
How SynthQuery compares
Enterprise consent platforms like Cookiebot, OneTrust, CookieYes, and Osano bundle hosted banners, geolocation, vendor scanning, and proof logs—valuable when you need automated blocking and enterprise procurement. SynthQuery’s utility is complementary: free, unauthenticated, and fully client-side, it emphasizes editable HTML/CSS you own, five distinct consent contexts beyond cookies alone, and tonal variants many CMP wizards do not generate in one pass. You still bring your own storage for consent strings, policy hosting, and DPIAs. Where CMPs charge monthly fees for advanced styling or additional domains, this generator offers a zero-cost drafting layer—then you paste results into whichever system enforces your final configuration.
Aspect
SynthQuery
Typical alternatives
Drafting environment
Browser-only; no account; inputs never uploaded to SynthQuery servers.
Hosted CMPs usually process configuration in their cloud for deployment.
Scope of copy
Cookie banners plus forms, email, processing, and sharing consents in one tool.
Many products optimize for cookie/UI management first; other consents are separate docs.
Engineering ownership
You receive raw HTML/CSS to wire into your stack or CMP template.
Managed scripts injected via tag manager with less direct markup control on free tiers.
Compliance proof
Checklist + wording only; no audit logs or geofencing.
Paid tiers often store consent receipts and versioning.
Cost
Free alongside SynthQuery’s other utilities.
Subscription or traffic-based pricing for full feature sets.
How to use this tool effectively
Open the tool and pick a consent type tab: Cookie consent banner for site-wide prompts; Form consent checkboxes for contact, demo, or signup flows; Email marketing consent for newsletter or promotional lists; Data processing consent when you need explicit agreement for a defined activity; Third-party sharing consent when disclosures to partners hinge on consent rather than contract or legal obligation. Enter your company or website name and your live privacy policy URL—the generator weaves these into every variant. For cookie banners, add a cookie policy URL when you publish one, describe purposes and typical third parties in the free-text fields, and explain how users withdraw consent (preference center link, email address, or account settings). Configure banner position (top, bottom, modal, corner), consent model (strict opt-in versus notice-style wording—understand that notice-only is not “GDPR consent” for Article 6(1)(a)), button layout (accept/reject/customize combinations), and whether optional category checkboxes appear in the markup—all unchecked by default so users must actively opt in per category when you wire the logic correctly.
Choose a tone for the plain-text panel: formal for regulated or B2B contexts, friendly for consumer brands, concise for tight UI shells. Adjust preview colors to approximate your brand; toggle mobile-width preview to see how the banner or checkbox block feels on a narrow viewport. Copy the active text, HTML snippet, or CSS starter individually, or copy/download the full bundle that concatenates every tone plus markup, stylesheet, and a self-assessment checklist. Implement HTML in your CMS or app template, attach event listeners or CMP callbacks to buttons, and store consent records in whatever audit system your organization adopts. Revisit whenever tags, vendors, or purposes change.
Valid consent under Article 4(11) and Article 7 must be freely given, specific, informed, and unambiguous, shown by a statement or clear affirmative action. It must be as easy to withdraw as to give, and controllers must demonstrate consent was obtained. That means plain language, real choices, and separation from unrelated contract terms when consent is the basis. This generator drafts language aligned with those principles, but only your legal advisors can confirm consent is appropriate for each processing activity.
For GDPR consent under Article 6(1)(a), pre-checked boxes for non-essential processing are generally unacceptable—Recital 32 explicitly warns against inferring consent from silence or pre-ticked boxes. Marketing newsletters, optional analytics, and similar uses typically require an unchecked box or another affirmative UI. Essential cookies strictly necessary to provide a service explicitly requested by the user may fall under different legal analyses (often not “consent” at all). Our HTML snippets deliberately omit checked attributes on optional categories so engineers are not handed non-compliant defaults.
Often yes. Cookies and email marketing involve different purposes, channels, and sometimes different lawful bases. Bundling unrelated purposes into one checkbox risks violating the specificity requirement and confusing users. Many organizations use a CMP for cookies and a distinct checkbox or double opt-in flow for newsletters. This tool provides separate templates so you can keep purposes unbundled in the user interface and in your records of consent.
Article 7(3) states data subjects may withdraw consent at any time, and it must be as easy to withdraw as to give consent. Withdrawal does not affect lawfulness of processing based on consent before withdrawal. Practically, you need clear instructions—links in emails, account toggles, or contact channels—and downstream systems that honor the signal quickly. The generator includes a dedicated withdrawal text field so your policy links and banner copy stay consistent.
Strictly necessary cookies that enable a service the user requests (for example security, load balancing, or keeping items in a cart) are often exempt from consent requirements under ePrivacy implementations, provided they are truly essential and proportionate. Analytics or advertising cookies are a different story—consent or another lawful basis is typically required. Labeling everything “essential” to avoid banners is a common enforcement target. Align terminology between this tool, your cookie policy, and your CMP categories.
Article 7(1) places the burden of demonstrating consent on the controller. Documentation often includes who consented, when, what they were told (versioned notice), how they consented (UI capture), and whether consent was withdrawn. Consent management platforms store consent strings; smaller teams may log timestamps in CRM or marketing automation. This generator does not store records—you must implement logging, retention, and access controls consistent with your privacy program.
Supervisory authorities may investigate complaints, issue fines, or order corrective measures. Individuals may also pursue remedies depending on jurisdiction. Beyond penalties, you risk invalidating your lawful basis for processing, which can cascade into advertising platform suspensions or contract breaches. Treat generated text as a draft to be tested against real data flows and approved by counsel.
GDPR does not set a universal expiry date for consent, but it must remain accurate over time. If purposes, vendors, or risks change materially, you may need to refresh consent. Some organizations set periodic reconfirmation for marketing lists. Document retention periods for consent evidence alongside your privacy policy commitments.
Bundling unrelated processing into a single “I agree” without granularity can violate the specificity requirement. Granular controls—separate toggles for analytics, ads, and email—reduce risk and improve user trust. Where processing is genuinely inseparable and described transparently, a single consent may be defensible, but that assessment is legal, not technical. Use separate tabs in this generator to keep contexts distinct while drafting.
Dark patterns deceive or pressure users into “consenting.” Examples include hidden reject options, pre-selected non-essential cookies, confusing color contrast, misleading button labels, or forcing acceptance to access content that does not truly require it. Regulators increasingly cite these practices. Our CSS starter emphasizes equal flex sizing for opposing actions when you pick compatible presets, and the checklist calls out missing reject paths—but design review remains your responsibility.