Yes, to drop cookies on a user’s device, websites must obtain consent to comply with the latest privacy laws. Such requirement is set out by the EU General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and ePrivacy Directive, commonly known as cookie law.
Cookies are used to track personal data and it is not possible to do so without consent. Such data involves geographical location, IP address, browsing activity, and other sensitive information. Before dropping cookies, almost every popular website will ask for user consent by displaying a cookie banner on the user’s first visit.
Cookie Consent banner from CookieScript
A Cookie Banner should carry all the necessary information about what cookies are being used on the website and should also have the opt-out button if the user decides not to share its personal data. However, opting out could be impossible if the website has strictly necessary cookies – they are essential for users to browse the website and access its features. For example, if you’re visiting an online shop, without strict cookies you wouldn’t be able to put items in your shopping cart. Therefore, you may not need Cookie Consent on certain occasions when the website is using strictly necessary cookies.