Do cookie-free analytics need cookie banners?
Note: this article has been rewritten on 2025-01-20 after the release of the EDPB 2023 Guidelines. The original slightly more rambling version, which reaches the same conclusion by analyzing the law instead of the guidelines, is available here.
In recent years there’s been a bit of a push for “privacy-aware analytics”, a group of web analytics solutions that claim to do analytics without any of the morally dubious tracking the industry has otherwise been known for. In addition to putting a lot of effort into not tracking individual users, their primary claim to fame is that they say they don’t need cookie banners.
But… how true is that? While I can be convinced about the privacy aspect of it, the legal aspect seems a bit less well-argued. EU laws are complex and far-reaching, and it wasn’t entirely clear to me that you could skirt them like this.
As just some dude with no legal background but with way too much time on my hands, I figured I’d be as good as any to dive into EU laws on “cookie banners”, and see if you can actually do analytics without them.
.png)
