‘Essential cookies’ is not a codified term at all — it’s simply about understanding, and therefore not misidentifying, what ‘essential’ means in this context. It’s fairly simple: anything that sits outside of what is needed to deliver your services to your users is not essential. Once you know what is not essential, it’s then really obvious what the essential stuff is.
Why is it important to know the difference between your essential and non-essential cookies? Because, GDPR. You need to ask for consent for any non-essential cookies that you set. We recently released another article explaining how to tackle cookie consent so give that a read if you are still (understandably) baffled by all that stuff.
Remember, cookies that you do not need in order to deliver your service are non-essential. Everything else is essential. Just look at these handy lists to get an idea of what I mean:
Essential cookies are things like:
Non-essential cookies are things like:
That’s a quick look at what kinds of things fall where, but below I go into a bit more detail on the how and why.
So imagine you’ve set up an online shop that sells customisable t-shirts. People who use this service need to be able to do the following things:
Cookies are exactly what makes those things possible. And those four things are essential to getting your customers their cool t-shirts — if any of those four things somehow didn’t work, you wouldn’t be delivering your service. And that is why we deem those things, and only those things, essential.
Now, a really important part of this is the ‘if it stops your site from breaking, it’s essential’ line. We very much need to put that line to rest. Because, everyone has a different idea of what a ‘broken’ site is, and a site is just a site. Your site is actually a shop.
Anything that sits outside of what is needed to deliver your services to your users is not essential.
For example, your cool t-shirt shop has a Youtube video embedded from your Youtube channel showing some young hip individuals swanning around in your t-shirts. Youtube embeds will most certainly drop one or more third-party cookies from Youtube. Those are not essential. You do not need them for any of the above four steps.
That means, technically, you should block Youtube embeds from loading until the user has consented to the Youtube cookies. That will effectively make your site ‘look broken’. But it will not behave in a broken way — you can still create, buy, and save customised t-shirts.
A lawful online experience realised as a nice time on the beach
It’s time to stop this once and for all: passively collecting site stats and other analytics produced by your users is absolutely not essential to delivering your service. Unless your service is actually solely to gather analytics (but that isn’t a service, now is it?).
Marketers will argue long and hard about this, but if you gather absolutely no data on how your users interact with your site, you will still be able to sell your customisable t-shirts. Essential cookies are essential for the user — not for you. A lack of site statistics does not effect the user’s ability to get their t-shirt.
Imagine real life shops (hard to believe that physical shops still exist, but I guess they do): they have surveillance cameras set up so that they can see how people move around the shop and how they interact with the products. Taking the cameras away does not in any way impede on the customer’s ability to buy things (but it does make it easier to steal things — that’s another conversation).
Gathering analytics is indeed extremely useful to help you improve your service, so naturally you’ll want to do it at some point. All you have to do is ask — users usually don’t mind anyway, but the fair and lawful thing is to ask for consent first.