For full context, let’s quickly recap exactly what cookies are and which legislations they fall under.
Cookies are small data files that are generally stored on a user’s computer/browser — so to clarify in regards to the original question, cookies do not ‘store data’, they are the actual pieces of data. They’re quite useful for various things ranging from technically enhancing users’ website experience to the personalization of ads.
The use of Cookies and the related legal requirements fall under the ePrivacy Directive or the Cookie Law (aka the reason all those website cookie banners exist).
The Cookie Law has pretty specific requirements when it comes to managing consent to cookies (read more about those here), however, there are some exemptions — which brings us to the following question.
📌 Strictly speaking, you don’t need consent for:
📌 One more exception that can apply is statistical (anonymized) third-party cookies such as Google Analytics, however, this exception is subject to specific local regulation and may not always apply.
👉 It’s therefore strongly advised that you take the safe route and always ask for consent for these (statistical, third-party) cookies.
If you need to set up a cookie banner (or have already done so!), make sure to check out this short guide:
👉 Don’t make these 5 mistakes when collecting cookie consent!
Alternatively you can take the less practical approach of reading the relevant local laws for each region you’d like to target and selectively apply your settings based on this information, however, this approach is less secure and can leave you open to litigation should you misunderstand/misapply settings.
📌 Lastly, one point worth mentioning here is that using this data for any kind of user profiling takes it out of the “exempt” category and brings this processing squarely into the realm of the GDPR, which has specific requirements and considerations in regards to user profiling. For more details on this point, see our first “Question of the week” here.
If you are using cookies that do not fall cleanly into the exempt category, you’re required to block scripts (that can install cookies) from running prior to obtaining consent.
The Privacy Controls and Cookie Solution makes it easy to comply with the Cookie Law by:
You can see how it works here:
For more information on our Privacy Controls and Cookie Solution, click here.
You can read more about our GDPR solutions or read all our compliance solutions here or click below to start generating.