Do you need to list cookies which are used on your site?

ByKrzysztof Planeta
gdpr cookies illustration

In short, NO.

You do not have to list cookies, neither in your consent banner nor your privacy policy. What’s more, it is often technically impossible to do so.

Here is a very nice article from TermsFeed on this very subject.

So, why do people think it’s necessary? And why do so many CMPs (Consent Management Platforms) recommend their users to do it?

Let’s find out.

What do consent management platforms use cookies for?

Firstly, you need to know that blocking cookies, while technically possible, can cause various problems on a website and can even break it completely.

That is why most Consent Management Platforms do not block cookies. Instead, they block tracking scripts, which create these cookies. This is a safer and a better approach.

So, what do they use cookies for?

They use it to determine, what tracking tools you have on a website.

You see, cookies are like fingerprints. They are unique to the tools that set them.

CMPs cannot do this differently, because most of them work in the cloud and have no direct access to your website.

But there is a problem…

But… most cookies are unknown

Even though CMPs rely on cookies to determine what tools you have on your website, they also have a big problem – they only know a small percentage of them.

This is because:

  1. any developer can create cookies,
  2. there are millions of them,
  3. it is very difficult to guess their purpose.

And that is why…. CMPs ask their own users to name, categorize, and describe all the unknown cookies on their site.

This way:

  • they can find out more tracking tools
  • their accuracy grows

So, why are cookies listed in privacy policies?

It’s not about cookies. It’s about their descriptions.

The description of a cookie says:

  • what this cookie does (and also what the tracking tool does)
  • what category it belongs to – necessary, for statistics or marketing

And, this is the type of information that you need to put in your privacy policy.

So let me rephrase that.

  1. Names of cookies are unimportant.
  2. What specific cookies do is also unimportant.
  3. What is important, is what a tracking tool does – what it tracks and after what consents.

As a result, many privacy policies provide their clients with simple functions that can list cookies in privacy policies (which further strengthens the popular belief that they are necessary).

Unfortunately, the story doesn’t end here

Popular cookie scanners can find only tools that:

  1. use cookies
  2. are well known

However, this leads to two problems:

  1. They may not find new or lesser known tracking tools on your site
  2. They won’t find tracking tools that do not use cookies but still track visitor’s private information.

Both of them can lead to breaking privacy laws.

What is the solution?

Install your tracking tools via a manager with a built-in consent banner – like WP Full Picture.

WP Full Picture lets you install tracking tools AND control them with a built-in consent banner. Every tracking tool or script that is installed with WP FP is automatically controlled by the consent banner. Check it out.

Krzysztof is a WordPress plugin developer, the author of WP Full Picture analytics plugin and a big web-analytics enthusiast. At the moment he lives with his wife and 2 cats in Spain where they enjoy the sun.

Subscribe
Notify of
guest
0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments