Cookies are an essential part of the modern web. Without them we’d be unable to provide the interactive sites and web applications that modern users of the web have come to expect. The web was designed to be stateless — no information about a session was carried between page loads. Cookies are the thread that modern sites use to tie together sessions — they’re how we know who our users are and they’re how we combine a group of page loads into a coherent journey. They’re also how we track users across our sites and the wider web.
If you own a site hosted in the UK, you’re theoretically obligated to issue a cookie permission request to every new user of your site. In practice, the consequences of not doing so are minimal. The techniques used to get permission vary, some sites have an opt-in banner that requires a click from users, others simply display a banner that says by using the site the user implicitly consents to cookies being placed on their computer.
Before I discuss methods of making your Magento site compliant, lets be clear about what falls under the regulation and what does not. Cookies that are essential to a site’s functioning are not included — an example would be the cookies that your site uses so that the checkout process works. It’s more than likely that your site is using cookies to which the law applies though. Almost everyone uses tracking cookies, social media cookies, or analytics cookies, and they’re the ones that require permission.
Implementing the cookie permission requests on Magento sites is fairly straightforward: there are a number of plugins that will do it for you with a minimum of fuss. One of the most popular is Creare EU Cookie Law Banner, which will add a discrete banner to your Magento store. Cookie Law Compliance does much the same thing.