Logo Logo


The General Data Protection Regulation (GDPR) and the ePrivacy Directive (ePR) affect how you as a website owner may use cookies and online tracking of visitors from the EU.


Try our free compliance test to check if your website’s use of cookies and online tracking is GDPR/ePR compliant.

Cookies are small text files that are dropped on a user’s browser by a website when they visit the site.

Many cookies, marketing cookies especially, notoriously track data about users, such as their IP addresses and their browsing activity.

With the GDPR (General Data Protection Regulation), tracking cookies may only be set once the user has given their consent to it.

Find out if your website sets cookies, and what you should do about it, in this article.

Definition: What are tracking cookies?

Tracking cookies are cookies, i.e. textfiles dropped on browsers, that are able to record data about the user of that specific browser, such as his or her actions on a site, browsing activity, purchases and preferences, IP address and geographical location, and the like.

Usually, this information is used for targeted marketing, to direct and display advertisements as precisely as possible to relevant segments of the internet users, that is, potential customers.

For information on web user tracking without cookies, check out our article website tracking.

Why are there tracking cookies on my computer and what do they do?

Almost all websites drop cookies of first and third party provenance on users’ browsers. Some are necessary for the website to function properly, some serve statistics purposes, most track users for marketing purposes.

Basically, the cookie serves as a “memory”, enabling the website to recognize users from visit to visit.

When an internet user loads a website, the website checks if it has set cookies on this specific browser before. If this is the case, the browser can read the cookie, which can hold information on the user’s language preferences, location, currency, password entries, previous browsing activity, interests, etc.

Are tracking cookies bad?

Tracking cookies are neither good or bad.

They are simply small text files, that in and of themselves don’t do anything.

They are silently dropped on the user’s computer, but they can’t do any damage there and they hardly take up any space.

It’s what you do with cookies, that determine their moral or ethical qualities, not the technology itself.

On the one hand, cookies are a central element for creating seamless, intuitive and user-friendly internet experiences.

On the other, cookies are a key feature for tracking users and getting a deep insight into who they are and what they do.

The latter potential has been deemed privacy intrusive by the EU General Data Protection Regulation.

Especially because users have had no true possibility to opt-out of this monitoring and no insight into what has been going on in the background, while they are browsing the internet.

Who is watching them, and why?

What is cross site tracking?

As the name indicates, cross site tracking is when users are tracked on their journey across different websites.

This is possible because of third party cookies.

Whereas first party cookies are set by the website itself, and are therefore isolated to the specific website, third party cookies are set by external parties that have a presence on a website.

As a rule of thumb, it is the third party cookies that are the tracking cookies.

For example, Facebook, LinkedIn and Twitter ‘share’ and ‘like’ buttons are present on the vast majority of websites, thus enabling these organizations to track users around the web, even those users, that don’t have accounts on their social media platforms!

Google Analytics is by far the most used analytics tool for websites, and is used on almost 70% of the top 1 million websites in the world, enabling Google to have an incomparable level of insight into the users of the internet.

What does the GDPR mean for the use of tracking cookies?

The General Data Protection Regulation, an EU legislation that was enforced on 25 May 2018, means that you may not track users without their consent or other legitimate reasons.

This means that all owners of websites that set tracking cookies and have visitors from the EU countries, must have a proper solution in place for managing consents on their websites.

The consent must be obtained prior to the setting of the cookies, must be recorded and safely stored as documentation that the consent has been given, and must be revocable.

Furthermore, the consent must be given on the basis of clear and specific information on the cookies in use on the site and of their purpose.

For a full walk-through of the requirements for the use of tracking cookies on websites check out our article GDPR and cookies.

List of tracking cookies

A study from Princeton University on user tracking on the internet found that tracking cookies in large measure stems from few and ubiquitous trackers.

Google, Facebook, and Twitter are the only third-party entities present on more than 10% of the top 1 million sites of the internet.

Web hosts such as WordPress, tools such as Google Analytics, and embedded content such as YouTube videos all set cookies from your website.

In doubt about the cookies in use on your website?

Most website owners don’t even themselves have a complete overview of the cookies that are set from their site.

To get a list of the cookies in use on your site, you can try and take an audit of your website.

Our free service scans up to five pages of your website, and sends you a full report of the cookies and online tracking on these pages.

For a complete overview of all the cookies on your website, sign up to a premium subscription for Cookiebot.

How to remove, stop and block tracking cookies

Cookies are easy to remove.

As they are set on the browser, you will need to delete the cookies on each of the browsers you use, e.g. Chrome, Firefox, Internet Explorer, etc.

Or, you can use a tool such as CCleaner, that clears cookies, tracking and logs from your hard drive and all of your applications in one go.

Bear in mind, however, that the individual websites will set cookies on your browser all over again upon your next visit to the site.

Clearing your cookies, cache and browsing history does unfortunately not guarantee you a fresh start:

In many cases, the cookie is a small and simple text file, that refers to a larger log on the website’s server.

If the website is able to recognize you, for example by means of a supercookie or canvas fingerprinting, the new cookie will then often be assigned to the same log and continue the tracking where the old one stopped.

Should I delete tracking cookies?

As mentioned already, cookies take up very little space on your computer.

They are not malware or programs that can actually do anything on your computer.

You can get by just fine without ever deleting the cookies on your computer.

However, if you are concerned about protecting your privacy at all, you should clean out the cookies occasionally.

In the digital realm, the monitoring of users can be as intrusive as it is imperceptible.

Types of infringements that one would never accept in the physical world, have long been commonplace on the internet.

Think of it.

You wouldn’t let complete strangers go through your private letters and drawers without even asking for your permission or even presenting themselves and their motives first.

And you would certainly find it very disturbing, if they started shadowing you down the street and noticing and recording what you looked at or bought on your way.

However, that is, in practice, what has been going on, when users have been moving around on the internet.

User data is extremely valuable, and can be used for many things from owning markets to mobilizing masses.

You should be aware, however, of the fact that when you do clear your browsing history, cookies and cache, it will upset the fluent and smooth user experience of browsing:

Scan tracking cookies

Find out what cookies a website is setting by performing a free scan: Scan website

Our audit scans up to five pages of a website, and sends a free report on all of the cookies and other tracking technologies in use on these pages.

Can I permanently disable tracking cookies?

There exists different software that you can add on to your prefered browser for disabling tracking cookies.

These are good solutions if they detect all cookies and tracking.

However, adblockers tend to cripple the user experience by "brutally" blocking cookies. 

Two of the most known are Ghostery and AdBlock.

Read this useful comparison of the two made by the webhosting company Webxen.

Also, most browsers allow you to set your preferences as to what cookies you want to accept in the settings section.


Howtogeek.com: How does a website remember your preferences for it and choices regarding cookies

Bernardmarr.com: How Is Big Data Used In Practice? 10 Use Cases Everyone Must Read

Webxen.com: Ghostery vs AdBlock


Legitimate grounds for tracking in the GDPR

Princeton study on web transparency

Techtarget.com: Defintion of supercookie

Report by Ghostery: Tracking the trackers

Make your website’s use of cookies and online tracking GDPR/ePR compliant today

Try for free