JSMT Media

Web Design & Digital Marketing

Are Cookie Consent Forms Required?

DISCLAIMER: This article is intended for informational purposes only and should not be considered as a substitute for professional legal advice. We are not attorneys, and we strongly recommend consulting with a qualified attorney to address your business’s specific circumstances before making any decisions regarding consent. The information presented in this article reflects our understanding of cookie laws at the time of writing and may become outdated.

Table of Contents

  1. Are Cookie Consent Forms Required?
  2. What is a Necessary Cookie?
  3. Do I Need to Comply With the EU Privacy Law and GDPR regulations?
  4. What Do I Need to Do to Comply with GDPR requirements?

1 - Are Cookie Consent Forms Required?

Currently, there is no cookie law in the United States, but some state privacy policy laws, such as the California Online Privacy Protection Act (CalOPPA), consider data collected through cookies to be protected personal information. Cookie usage, aside from strictly necessary cookies, will need to be disclosed in your Privacy Policy.

Read more here.

2 - What is a Necessary Cookie?

Strictly necessary cookies are used to enable essential website functionality, such as providing a secure login or adding items to a shopping cart. If you use a cookie consent popup, a necessary cookie is required to enable consent options as well. These cookies do not store any personally identifiable information.

3 - Do I Need to Comply With the EU Privacy Law and GDPR regulations?

These laws primarily apply to EU businesses that process personal data, but there are other exceptions. A non-EU business must also comply with these laws if they offer products or services (either paid or free) to people in the EU or monitor the behavior of users across websites, including the use of cookies or advertising analytics.

According to the Recital 23 – Offering Goods and Services in the EU, goods or services that are made available to the EU does not constitute an “offer.” The law applies to you if you intentionally target EU residents to offer products or services.

A few examples include:

  • A mobile app that supports payments in EU currency (e.g., Euros, Romanian Leu, etc.)
  • A website with an EU member country code (e.g., .de, .fr, .it, .cz, etc.)
  • A desktop app that serves ads in local EU languages like German, Italian, Finnish, etc.
  • A firm with a dedicated phone number or address exclusively for individuals in the EU
  • A company that offers delivery of products in EU member states

Read more here.

4 - What Do I Need to Do to Comply with GDPR requirements?

If your business falls under these laws and regulations, a cookie consent form and privacy policy outlining the use of cookies will be required. We recommend CookieYes, which complies with CCPA and GDPR regulations.

You can read more about the details and features in our resource. Please let us know if you are interested and we will evaluate which plan best meets your needs.