Website cookies: A practical guide to the law and how to use them

Updated January 2026

What do website cookies really do?

(Why they’re not always the enemy)

Cookie banners, they’re so commonplace these days you probably don’t even take in what they’re saying anymore. Instead it’s a matter of how quickly you can get past them to the content you’re searching for. And if you’re managing a website, you’ve almost certainly wondered: do we really need to make a fuss about this?

The truth, for many of us, is the banners, and cookies themselves, are a necessary evil. We accept the banners obscuring content and then being followed by adverts around the web as part of a general ‘quid pro quo’ type arrangement.

At Rubber Duckiee, we think it’s time to dig deeper and go beyond that. Because when used well, cookies are not just a compliance, tick box exercise. They’re a really useful tool that can support your business’ online growth.

So, here’s what cookies actually do, as well as how our website development team help our clients use them not only responsibly but effectively, and with confidence.

Cookies – more than just tracking

Basic version: A cookie is a file sent from a website to your browser (e.g. Firefox) and is stored on your computer, this file is sent back to the website every time you visit.

Technical version: A cookie is a text file that works as an identifier which is a string of letters and numbers, this file is sent by a web server to a web browser and then stored by the browser. The identifier is then sent back to the server each time the browser requests a web page from the server.

Cookies are used by web servers to identity, and track users as they navigate a website, they also identify returning users. There are two types of cookie, persistent cookies and session cookies.

Persistent cookie; will be stored by the browser and remain valid until its set expiry date (unless deleted by the user before the expiry date).

Session cookie; will expire at the end of the user session, or when the web browser is closed.

Essentially, cookies help websites remember things. Without them, every page you visit would forget who you are and what you were doing.

That means:

No staying logged in.
No language or region preferences.
No shopping basket between visits.
No saved form progress or personalised views.

Without cookies, trying to do anything online would be incredibly time consuming and repetitive.

In themselves therefore they weren’t problematic. Where things became an issue is how they started being used behind the scenes to track people across multiple sites without their knowledge.

EU Cookie Law and GDPR

The Cookie Law is an attempt at protecting privacy, and as a result requires websites to notify visitors that information is being stored and retrieved from their computer or mobile device.

The belief was that by making consumers aware of how information about them is being collected, and then enabling them to choose whether they want to allow that exchange of information they would be better able to protect their privacy online.

Following their introduction and signing into law if your website uses any kind of non-essential cookie (like analytics or marketing tools), you now need clear explanations and proper consent.

Who has to comply?

Any website that uses cookies, and is based in the EU, or targeted towards EU citizens, is expected to comply. Meaning they must get consent from their visitors.

Web development beyond compliance

At Rubber Duckiee, we don’t treat cookie banners as a tick-box exercise. Understanding what cookies do and the value they bring, coupled with a healthy respect for people’s privacy, means they’re a consideration from the start of any web project we take on.

What this means in practice:

In line with our commitment to custom coding our client’s websites tailored to them we begin every project by working with our client to establish their goals and work back from that to plan exactly how to achieve those goals. This forces us to question precisely what’s needed as part of the website build to deliver success. Not every third-party tool needs to be there.

So we start by asking:

Which cookies are really needed to deliver on our agreed goals?
What value do they add?
Are there lighter, more privacy-friendly alternatives?

This helps prevent clutter, which in turn helps maintain speedy load times which in turn keeps your visitors happy.

And when it comes to keeping your visitors happy we always keep in mind their experience.

Cookie consent needs to be informed, it doesn’t need to be irritating.

We design cookie banners and settings that:

Use plain English
Match the tone of your site
Respect the visitor’s journey

Finally, as we all know cookies can help you track and target your audience. But more data on your website’s visitors doesn’t always help you make better decisions. So instead of tracking everything by default, we help our clients by building on those earlier project discussions about their goals. We then advise on how and what needs to be measured to achieve those goals. Tracking for the sake of tracking is of no help to anybody, we aim for as light a touch approach as is possible to see you be successful.

Want a responsible approach to your next website project?

Have a chat with an expert today.