I was asked a question today about whether or not WordPress websites need cookies so I did some digging to find out whether or not cookie notices are required on every website, and this is what I found out:
What is a cookie?
Cookies are little data files which store information in peoples’ web browsers. Some websites contain hundreds of them.
There are two different types of cookie: session and persistent.
These are only used for the duration of the browser session. They’re needed for website functionality (such as user authentication and ones used to enable playback of multimedia) but they don’t track user activity. They disappear when the browser window is closed.
All WordPress websites use these but you don’t need a cookie notification if you only use session cookies.
Persistent cookies are the ones that track user behaviour, even after the user has closed the browser window. The most common type of software that uses persistent cookies is analytics tracking and advertising tracking.
Persistent cookies are the ones that require a notification in order to comply with EU law.
So although it’s possible to build a WordPress site using only session cookies, in practice it very rarely happens.
And what happens if you don’t comply? Well if you get found out, you’ll get fined, though in practice this rarely happens. But don’t quote me on that – you’ve been warned so the risk is your own!