No doubt you’ve visited a new website only to be confronted with a pop-up that says something like: “We use cookies to improve user experience and analyze website traffic. By clicking ‘Accept,’ you agree to our website’s cookie use as described in our Cookie Policy.”

Does your website need cookie pop-ups? Cookies can be helpful, even essential, to your website’s function, but do visitors really need to see a pop-up every time? It depends.

Cookie Law Varies by Location

Whether or not you are bound by law to give users the option of denying cookies depends on (1) where your site is based and (2) where your visitors are from.

For instance, the European Union’s ePrivacy Directive is one of the strictest cookie policies in the world and requires websites to obtain consent before placing any cookies or trackers on a user’s browser. Not only does this law apply to websites based in the EU, but you are required to abide by it if any EU citizen visits your website.

Even if you are fairly certain no EU citizens will visit your website, state laws can still have an impact. For example, California has the California Consumer Privacy Act (CCPA). This law requires any business collecting California residents’ data to allow users to opt-out of this practice and to opt-out of the use of nonessential cookies. It is important to note that your business is only subject to this law if it meets at least one of the following conditions:

More than 50% of its yearly revenue is generated by the sale of Californians’ data
It generates over $25 million in annual gross revenue
It buys, sells, receives, or shares the data of 50,000 or more Californian consumers, devices, or households annually
Additionally, CCPA requires some businesses to offer a “Do Not Sell My Personal Information” request. The best practice is to include a link on your website that includes an opt-out request and a privacy policy detailing what types of user information your business has transferred to third parties in the preceding 12 months. You can learn more about the CCPA and its requirements here.


If you are considering whether or not to include a cookie pop-up on your website, your first action should always be checking local guidelines. The two laws mentioned here are not the only ones concerning cookies and consumer data. Even if you are in an area with no legal guidelines regarding the use of cookies, it is almost impossible to say that you will not be affected by future laws or visits from users under such jurisdictions.

The best practice for your website may very well be making use of cookie pop-ups. This would include providing users the option to either accept or opt-out of specific cookies during their visit. It is a small amount of effort that could save your business from bigger consequences in the future. If you wish to add cookie pop-ups to your website, we are happy to help! Contact us today!

This blog does not constitute a legal opinion. Visaggio & Co. encourages you to consult an attorney regarding any legal subject matter.

Leave A Comment