Cookies
Cookies are small text files stored in a user’s browser and used for various purposes, for example functionality, analytics and marketing.
Explained – what do we mean by cookies?
Cookies are text files placed on a user’s device when visiting a website. They may be necessary for a site to function correctly, or used for more advanced purposes such as statistics and profiling. A GDPR consultant is often needed to help organisations understand and manage the requirements for cookies. In the EU, use is governed primarily by the ePrivacy Directive, and also by GDPR where cookies involve the processing of personal data. For clarity on cookies meaning in practice, organisations should link purposes to specific cookie categories.
When do Cookies become a live issue?
Cookies become particularly relevant where a website collects information about users. This includes, for example, statistics gathered via analytics tools such as Google Analytics or marketing through third-party cookies such as Google Ads. In such cases, organisations must obtain valid cookie consent and provide clear information to users, typically via a compliant cookie banner and cookie notice.
Cookie audit – points to consider
Organisations that use Cookies should address several core aspects to meet legal requirements and evidence compliance through a periodic cookie audit.
- Identify the cookie categories in use (for example strictly necessary cookies, functional cookies, analytics cookies and marketing cookies).
- Ensure cookie consent is obtained before any non-essential or advertising cookies are placed on the user’s device.
- Provide clear and intelligible information about the purpose of each cookie in the cookie policy or cookie notice.
- Offer the user the ability to withdraw or change cookie consent at any time, for example via a granular cookie banner or preference centre.
- Document consent flows and keep proof of consent for audit and compliance purposes (consent documentation).
- Review contracts with third-party providers that may access data via Cookies, including first party cookies and third party cookies integrations.
Control over these aspects is essential to meet statutory requirements and build user trust, supported by a regular cookie audit.
Cookies
Why are Cookies important?
Cookies affect both user experience and privacy. Managed correctly, they enable relevant features and services while protecting users’ personal data under GDPR and the ePrivacy Directive. Transparent disclosures, appropriate cookie consent and an effective cookie banner help achieve lawful processing.
For organisations, it is about transparency. By explaining how data is used and offering meaningful choices, you can meet consent requirements and align with data protection obligations. This supports a more legally robust handling of personal data and clarifies cookies meaning for non-specialists.
Cookies also play a central role in user trust. If handled lawfully and clearly, users are more likely to feel confident continuing to use the website and its services.
Frequently asked questions on Cookies and cookie consent
Cookies are small text files stored in a browser and regulated in the EU under the ePrivacy Directive.
Consent must be obtained before non-essential Cookies are placed on a user’s device. This applies, for example, to analytics or marketing. Only strictly necessary cookies for the site’s technical operation are exempt. A clear cookie banner is the typical mechanism.
Users must always be able to withdraw consent easily. This can, for example, be offered via a cookie banner or site settings where consent preferences can be adjusted.
Cookies fall under GDPR where they involve processing personal data, such as identifying a user, profiling or behavioural analytics. Organisations must therefore comply with both ePrivacy and GDPR when using Cookies. Key requirements include:
- Rely on consent under Article 6 GDPR where personal data is processed.
- Provide clear information about the purposes of processing.
- Offer users rights, for example the right to withdraw consent.
Websites commonly use several types of Cookies, often grouped as follows:
- Strictly necessary cookies for the site’s technical operation.
- Functional cookies that improve usability.
- Analytics cookies to collect statistics and enhance services.
- Marketing cookies (including advertising cookies) for targeted advertising.
This categorisation helps determine which require cookie consent and how to configure the cookie banner.
First party cookies are set directly by the website the user visits and are often used for essential functionality. Third party cookies are placed by external parties integrated into the site, for example ad networks, social media platforms or analytics providers. These cookies are frequently used for tracking, marketing and building profiles of user behaviour.
Read more about our services
GDPR Lawyer
Engage Morling Consulting’s privacy counsel when personal data issues need to be addressed in a business-focused manner with clear control of risk. We provide support with governance, contracts, transparency and processor arrangements, ensuring the organisation remains consistent towards data subjects and the Data Protection Authority (IMY).
DPIA
We prepare Data Protection Impact Assessments (DPIAs) for processing activities that may pose a high risk and require a documented basis for decision-making. We carry out the assessment, identify risks, and put in place mitigations and documentation so the DPIA is auditable, traceable, and ready for review.
Breach management
Morling Consulting supports incident management when a personal data breach must be handled swiftly and correctly. We lead the assessment, remediation plan and documentation, including materials for notification and communications, so the organisation acts in a coordinated way and reduces consequential harm.
Contact
Contact us
If you prefer phone, please feel free to contact Felix Morling at +46 70 444 42 85
"*" indicates required fields