Cookies are just the beginning. Most sites today also use tracking pixels, eTags, and local storage to gather data about visitors. These tools power analytics, ads, and personalization — but they also raise big compliance questions.
Modern privacy laws make one thing clear: you need informed user consent before activating non-essential tracking.
The Lingo
Before we dive into how to address the changing tech and requirements, let’s first go over some common terminology you’ll come across when dealing with tracking and consent.
Tracking Tech 101
- Cookies → Store data in the browser (first-party = your site; third-party = outside services).
- Pixels → Tiny images or scripts that “ping” servers for analytics or ads.
- eTags → Normally for caching, but sometimes abused for tracking.
- Local Storage → Browser-based data with similar risks to cookies.
Whether using just some of these tools, or several, it’s important to disclose their use and get consent from users. Keep in mind, this is not a comprehensive list and many integrations rely on these features in the background, so you may not even realize they’re in use. (More on how to figure that out below).
Translating Acronyms
- CCPA (California Consumer Privacy Act) → Disclosure and opt-out rights specific to California.
- CPRA (California Privacy Rights Act) → An amendment that expanded the CCPA and established new rights for Californians.
- GDPR (General Data Protection Regulation) → Protections for personal data of EU/UK residents, with explicit opt-in required for non-essential cookies.
- CIPA (Children’s Internet Protection Act) → Restrictions for school/educational sites.
- COPPA (Children’s Online Privacy Protection Act) → Regulations specific to websites and online services directed to children under the age of 13.
Even if your business isn’t based in these regions, your web traffic can be global and may include residents in these areas. Additionally, each state and region may have its own regulations (or newly enacted ones), which may also apply. That means you’re expected to comply.
What Compliance Looks Like
It may feel overwhelming, especially with requirements and technology changing regularly. But remember that we are all navigating new rules together, and focusing on a few essential pieces can help to streamline the process and allow for updates as requirements change.
- Audit your trackers → List every cookie/pixel and classify as “essential” or “non-essential.”
- Use a consent banner → Block analytics/ads until consent is given.
- Offer clear options → Accept all, reject non-essentials, or customize preferences.
- Stay transparent → Maintain a cookie policy that lists all trackers and their purpose.
- Audit regularly → Marketing tags creep in over time, especially if you have multiple vendors or team members managing content.
Why It Matters for Your Business
- Trust → Visitors feel safer when they know what’s happening.
- Risk → Non-compliance can trigger warning letters, fines, or ad account issues.
- Future-Proofing → Privacy laws are expanding, not shrinking.
Action Steps
Feel ready to dive in? Here are some helpful first steps to get you started:
- Run a cookie scan to identify what’s in-use on the site.
- Set up a banner that blocks scripts until opt-in.
- Update your privacy policy to reflect real trackers.
- Add a “cookie settings” link in your footer for preference changes.
- Or, use a tool like Complianz to automate many of these necessary steps (even the free version has great features).
Done right, compliance isn’t just about avoiding fines. It’s about building trust — and keeping your website future-ready.
Did you miss Part I of the Compliance fun?
Check out ADA Website Compliance: WCAG 2.2 A & AA Essentials Every Site Needs
Want help navigating the world of cookie consent & opt-ins?
Let’s talk! Get in touch with the Jollity Studios team today, and we’ll take a look to see how we can help!
