Documentation

Which data can be safely stored in cookies without having to request consent?

For full context, let’s quickly recap exactly what cookies are and which legislations they fall under. Cookies are small data files that are generally stored on a user’s computer/browser — so to clarify in regards to the original question, cookies do not ‘store data’, they are the actual pieces of data. They’re quite useful for various things ranging from technically enhancing users’ website experience to the personalization of ads.

The use of Cookies and the related legal requirements fall under the ePrivacy Directive or Cookie Law (aka the reason all those website cookie banners exist).

Cookie Law has pretty specific requirements when it comes to managing consent to cookies (read more about those here), however, there are some exemptions — which brings us to the question, “Which data can be safely stored without having to request consent”.

Strictly speaking, you don’t need consent for:

  • Technical cookies that are solely necessary for the provision of the service. (eg. preference cookies, session cookies, load balancing, etc.)
  • Statistical cookies managed directly by you (not third-parties), provided that the data is not used for profiling.

One more exception that can apply is Statistical (anonymized) third-party cookies such as Google Analytics, however, this exception is subject to specific local regulation and may not always apply.

It’s therefore strongly advised that you take the safe route and always ask for consent for these (statistical, third-party) cookies.

Alternatively you can take the less practical approach of reading the relevant local laws for each region you’d like to target and selectively apply your settings based on this information, however, this approach is less secure and can leave you open to litigation should you misunderstand/misapply settings.

Lastly, one point worth mentioning here is that using this data for any kind of user profiling take it out of the “exempt” category and brings this processing squarely into the realm of the GDPR, which has specific requirements and considerations in regards to user profiling. For more details on this point, see our first “Question of the week” here.

How iubenda can help

If you are using cookies that do not fall cleanly into the exempt category, you’re required to block scripts (that can install cookies) from running prior to obtaining consent. The Cookie Solution makes it easy to comply with the Cookie Law by:

  • Blocking scripts prior to consent (with asynchronous activation of scripts after the consent is obtained, for a smooth user experience)
  • Providing a customizable and easy to implement cookie banner that links to a comprehensive cookie policy and optional IAB consent management section.
  • Remembering consents
  • Allowing you to prove consent to cookies

You can see how it works here:

 

For more information on our Cookie Solution click here.


You can read more about our GDPR solutions or read all our compliance solutions here or click below to start generating.

See also

Still have questions?

Visit our support forum Email us