According to EU Article 5(3) of the E-Privacy Directive (a.k.a ‘The Cookie Laws’), web sites that target EU users have to gain opt-in consent from users before they set a cookie.
See ICO Guidance
I am trying to square this with Google Analytics on my web site.
I would imagine that Google Analytics (GA) can do a certain level of analytic data gathering without requiring the use of cookies.
However, I cannot find any info on this (on the Google sites/settings panels) about how to relay information about the ‘state of consent’ back to Google during a page request. So, my only option seems to be that I should not embed Google tag code at all if the user has not explicitly given consent. Which seems a bit drastic.
Letting my serverside script set a hasConsentedToCookies=FALSE flag in the JavaScript tags would allow me to instruct Google’s services to run in a gracefully degraded fashion.
Is there a setting on Google Analytics to suppress use of cookies
for users that have not yet given consent?
If so, where can I find info on this?