LIKE COOKIES?

DOESN’T EVERYONE?

well no … what you need to know is that a huge number of websites internet relies heavily on 2 revenue streams to function:
  1. Personal data (e.g. patterns of website use, relationships and purchases)
  2. Advertising (e.g. on platforms, including messaging apps)

The two are inextricably linked and self reinforcing and a large proportion does not have the user’s consent. 1 2

these buttons are not integrations

What are cookies?

Small text files stored on your device to remember preferences, track usage or authenticate sessions. Essential for functionality and analytics, but can be used to track use across websites and potentially snooping on your internet activities.

Why declare cookies?

As a website owner it is a transparency requirement under privacy laws the world over. You should list every cookie’s purpose, provider and lifespan. It helps users make informed choices and builds trust in data handling. Giving users opt in rather than opting out is regarded as good practice. Do not rely on users making informed decisions.

Is consent needed?

For non-strictly-necessary cookies—e.g., analytics, advertising or social-media e.g. widget feeds —you must obtain prior, recorded user consent and an opt out. You will keep logs as proof of opt-in status.

Legitimate Interest?

If cookies are strictly necessary for your service—like load-balancing or a shopping cart—and pose no privacy risk, you may process such data without explicit consent, esp. if the cookie is very transient – a session cookie that expires in an hour or two.

However on some websites (not ours) some vendors are not asking for consent, but using your personal data on the basis of their legitimate interest, opted in unless you opt out. You still have the right to object, but it puts too much burden on the user raking through hundreds of vendors who you do not want data shared with.

Lite policy exception

A typical blog with comments off, no adverts, no public login, only strictly-necessary cookies are likely to apply. No consent banner or extensive records are required—just a brief disclosure. If you are gathering stats, have a third party integration (esp. maps, youtube, socials etc) you cannot rely on legitimate interest and will need a fullish policy developed, but no need to go overboard if you are running a small website.

  1. Industry surveys show that well over 80 percent of active sites load at least one third-party ad network or tracker in order to monetize their pages. For example, Ghostery’s 2023 Tracker Report finds that roughly 87 percent of the average site’s page-loads include advertising-related trackers (ad networks, real-time bidding scripts, etc.). ↩︎
  2. In parallel, large-scale audits of the top 100 and top 1 million sites reveal that around 70–75 percent of websites share personal (or behavioral) data with third parties—even after users try to opt out. TechRadar reports that about 75 percent of the most visited sites in the US and Europe transmit personal data to external ad/analytics partners without full consent TechRadar; ConsumerAffairs’ analysis of the top 100 U.S. sites similarly found 75 percent continued sharing data post-opt-out ConsumerAffairs. ↩︎

Cookie Blog