Iubenda logo
Start generating


Table of Contents

Which data can be safely stored in cookies without having to request consent?

For full context, let’s quickly recap exactly what cookies are and which legislations they fall under.

Cookies are small data files that are generally stored on a user’s computer/browser — so to clarify in regards to the original question, cookies do not ‘store data’, they are the actual pieces of data. They’re quite useful for various things ranging from technically enhancing users’ website experience to the personalization of ads.

The use of Cookies and the related legal requirements fall under the ePrivacy Directive or the Cookie Law (aka the reason all those website cookie banners exist).

The Cookie Law has pretty specific requirements when it comes to managing consent to cookies (read more about those here), however, there are some exemptions — which brings us to the following question.

Which data can be safely stored without having to request consent?

📌 Strictly speaking, you don’t need consent for:

  • Technical cookies that are solely necessary for the provision of the service. (eg. preference cookies, session cookies, load balancing, etc.)
  • Statistical cookies managed directly by you (not third-parties), provided that the data is not used for profiling.

📌 One more exception that can apply is statistical (anonymized) third-party cookies such as Google Analytics, however, this exception is subject to specific local regulation and may not always apply.

👉 It’s therefore strongly advised that you take the safe route and always ask for consent for these (statistical, third-party) cookies.

Curious to learn more about collecting cookie consent?

If you need to set up a cookie banner (or have already done so!), make sure to check out this short guide:

👉 Don’t make these 5 mistakes when collecting cookie consent!

Alternatively you can take the less practical approach of reading the relevant local laws for each region you’d like to target and selectively apply your settings based on this information, however, this approach is less secure and can leave you open to litigation should you misunderstand/misapply settings.

📌 Lastly, one point worth mentioning here is that using this data for any kind of user profiling takes it out of the “exempt” category and brings this processing squarely into the realm of the GDPR, which has specific requirements and considerations in regards to user profiling. For more details on this point, see our first “Question of the week” here.

How iubenda can help

If you are using cookies that do not fall cleanly into the exempt category, you’re required to block scripts (that can install cookies) from running prior to obtaining consent.

The Privacy Controls and Cookie Solution makes it easy to comply with the Cookie Law by:

  • Blocking scripts prior to consent (with asynchronous activation of scripts after the consent is obtained, for a smooth user experience).
  • Providing a customizable and easy to implement cookie banner that links to a comprehensive cookie policy and optional IAB consent management section.
  • Store proofs of users’ preferences.
  • Allowing you to prove consent to cookies.

You can see how it works here:


For more information on our Privacy Controls and Cookie Solution, click here.

You can read more about our GDPR solutions or read all our compliance solutions here or click below to start generating.

See also