When it applies
The privacy law (GDPR) applies whenever your cookies collect personal data. Assume it does if you use tracking cookies or similar tracking techniques — and for some functional and basic-stats cookies too.
The same rules cover similar techniques
Section titled “The same rules cover similar techniques”The rules cover cookies and any other method that saves information on, or reads from, the visitor’s device. That includes:
- Non-essential data saved on the device, e.g. through local storage
- Tracking pixels
- Web beacons
- Fingerprinting
The legal reason you need, by cookie type
Section titled “The legal reason you need, by cookie type”| Cookie type | Legal reason | Do you need a “yes”? |
|---|---|---|
| Tracking cookies & other high-impact cookies | Consent (the visitor’s clear “yes”) | Yes — always, before you place them |
| Functional / basic stats (e.g. security, shopping cart) | Legitimate interest (optional) | No — but write down why it’s fair, and let people object |
See Valid consent and Legitimate interest for what each legal reason requires.