[cbeach]

Yes. For example, if you want to track unique users (for the most rudimentary analytics), you'll need to put a uuid in a cookie on their browser, and you'll need to damage your UX with a stupid cookie consent popup, thanks to EU Directives.

This is not nefarious data collection, and it shouldn't need user consent - but it does, because EU lawmakers were overzealous and careless when designing their regulation.

[awiesenhofer]

No, you dont! Only if you use third party services to do that or collect data thats not essential to your business. Its just coloquially called a "Cookie Banner", but the laws DONT require you to put up one as soon as you set one cookie!

[cbeach]

It does if the cookie contains any uuid that might be linkable to a user's identity (which is obviously necessary if you want to perform rudimentary self-hosted analytics on unique user visits)

[EGreg]

Only if it is a “tracking cookie”, and lasts for more than one day. But how do they define these terms ??

[addicted]

The website can also choose not to track me on an individual basis.

[cbeach]

I'm talking about rudimentary analytics with no harmful consequences for you as an individual

[const_cast]

You don’t require any for cookies that facilitate necessary site functionality, like login or, in this case, a uuid.

There’s widespread misunderstanding of the law.

[cbeach]

In the UK (and broadly under the UK GDPR and PECR – the Privacy and Electronic Communications Regulations), yes, you generally do need to get consent before setting non-essential cookies, even if it's just for rudimentary analytics like a unique visitor count.

Here's the key distinction:

Strictly necessary cookies: No consent needed. These are required for the site to function properly (e.g., shopping cart cookies, login sessions).

Analytics cookies (including the case with a unique ID for tracking visitors): Not strictly necessary, so consent is required.

Even if the data is anonymous or pseudonymous (like a randomly generated unique ID), if the purpose is analytics and it involves storing or accessing data on the user’s device (like setting a cookie), you must ask for consent.