: Are cookie warnings still required under the EU cookie law? Is it still required to provide a cookie warning offering users the ability to opt in/out of cookie tracking? I cannot find any

@Radia820

I'm not a lawyer, but I think in practice you dont need it if you use only google analitycs.

If you have AdWords, Facebook twitter, sharethis... Or any other third party service that might. track users between different pages, you will need to use the warning.

Opt out basically means leaving the site, so in the warning you should specify that ybe user agress with cookies when using the site.

As I said before this is my experience as developer not lawyer.

Vote Up Vote Down

@Phylliss660

Unless you do some sort of tracking, most cookies are exempt from that law. From the "EU Internet Handbook":


Cookies clearly exempt from consent according to the EU advisory body on data protection include:


user‑input cookies (session-id) such as first‑party cookies to keep track of the user's input when filling online forms, shopping carts, etc., for the duration of a session or persistent cookies limited to a few hours in some cases
authentication cookies, to identify the user once he has logged in, for the duration of a session
user‑centric security cookies, used to detect authentication abuses, for a limited persistent duration
multimedia content player cookies, used to store technical data to play back video or audio content, for the duration of a session
load‑balancing cookies, for the duration of session
user‑interface customisation cookies such as language or font preferences, for the duration of a session (or slightly longer)
third‑party social plug‑in content‑sharing cookies, for logged‑in members of a social network.



This means you only have to show such an alert for tracking or third-party cookies.

Vote Up Vote Down

@Deb1703797

As european (Dutch) and webbuilder:

Yes, this is still required (if you have tracking/3rd party cookies). But now the cookie storm is over, and the dust has settled, most sites only show a small banner "we use cookies" and stick to that. Unless you're in the big league, there's not much to worry about, with just that noticifation you're allready doing better than most sites. I have yet to encounter an actual court case about this.

Dutch law requireds opt-in, but that rarely happens. European law says opt-out should be possible, but most websites just tell the user they use cookies and keep it to that.
This applies to EVERY website targetting europeans, no matter where you host or where the company originates.
• This website has plenty of info about EU legislation on cookies

Might be nice to know, you no longer need to place the noticifation if you only use Google Analytics (you had to because GA uses a cookie to check for returning visitors) and cookies specific for the website. Because of this, most small common websites don't need a niticifation to the user.

The reason GA ís allowed, is because they don't track you from site to site, only if you come back. This is considered acceptable because it is basic information which is useful for a webmaster and not privacy invasive for visitors. These cookies are available for the visited domain only and therefor seen as first party.

FYI, it's called cookie law, but this doesn't only apply to cookies. Session.storage and similar functionalities fall under the same rules. Everything that tracks users for the purpose of tracking users.

Vote Up Vote Down

@Heady270

If you are in Europe then you need to ask users before using cookies. The law is the European Cookie Directive.

Outside of Europe, there is no need for any cookie warning or opt in.

Many third party services you use such as Google AdSense require that you have a privacy policy that includes a section about how you use Cookies and how third party cookies are used on your site.

Vote Up Vote Down