Skip to content

When it applies

The privacy law (GDPR) applies whenever your cookies collect personal data. Assume it does if you use tracking cookies or similar tracking techniques — and for some functional and basic-stats cookies too.

The rules cover cookies and any other method that saves information on, or reads from, the visitor’s device. That includes:

  • Non-essential data saved on the device, e.g. through local storage
  • Tracking pixels
  • Web beacons
  • Fingerprinting
Cookie type Legal reason Do you need a “yes”?
Tracking cookies & other high-impact cookies Consent (the visitor’s clear “yes”) Yes — always, before you place them
Functional / basic stats (e.g. security, shopping cart) Legitimate interest (optional) No — but write down why it’s fair, and let people object

See Valid consent and Legitimate interest for what each legal reason requires.