Cookies and their management are currently causing grey hairs in all directions. Most users are likely to be annoyed by constant cookie requests, and website administrators should keep abreast of how to ask for cookie acceptance without being told

The main source for the text of this article is Traficom’s Cookie guidelines for service providers, which surprisingly is a pretty heavy package to read, although the page count is not mind-blowing. Hopefully, this writing will give you a step-by-step guide to make things a little easier.

Asking the user about cookies

If your website uses cookies or similar technologies, the website user should be informed. In addition, the user should have the power to choose whether to accept cookies, to refuse all but essential cookies, or to customize what cookies are enabled and disabled.

Quite a few people will be the first to think that it is necessary for business to track the user on all the pixels and analytics widgets in the world. Unfortunately, essential cookies are those without which the site simply won’t technically work – so marketing and analytics cookies are not essential. Necessary cookies may include cookies used to identify the user at login.

Correctly structured cookie query and management

Accepting cookies – how to ask correctly

Users should be asked about cookies as soon as they arrive on the site. The response options should include

  1. Accept all, i.e. the user accepts all cookies.
  2. Choice, i.e. the user can easily choose which cookies to accept and which to reject. This is made easier if you break down the cookies, e.g. analytics, marketing, essential, etc.
  3. Deny all, i.e. Only necessary, i.e. the user only accepts the use of cookies that are necessary for the functioning of the site.

These three response options should be offered to the customer on an equal footing. The user should therefore be able to reject cookies as easily as to accept them, and to make his own choice. In practice, there should be three buttons next to each other on the banner from which the desired action is taken.

If the user does not select any, it should be interpreted that all cookies except the essential ones are denied.

On cookie management and editing

The user should be able to see which cookies the site is using and for what purpose.

If necessary, the provider should be able to verify the user’s acceptances, choices or non-acceptances. The user should be able to tell when and what kind of response has been given.

In order not to make things too easy, the user’s mind may change. When a previously given acceptance is to be changed, it should be possible to do so easily, i.e. the cookie banner should magically reappear for those who wish to fill it in again.

The easiest way is to store a cookie (necessary) for the user, which tells the site what the user has responded to and when. The settings can be edited, for example, on a separate cookie description page, which should otherwise be updated whenever there are changes to the cookies

Legitimate interest does not give permission to store cookies

Many websites talk about a legitimate interest in the cookie banner, a term that has become a legal jargon that is enough to make you want to throw up your hands. Despite the nice term, legitimate interest (the legitimate interest of the controller under Article 6(1)(f) of the Data Protection Regulation ) is not a legal basis for using cookies or similar tracking technologies

Therefore, if you do come across a legitimate interest, the cookie queries and management on that site are most likely outdated.


Managing cookies and asking the right questions is guaranteed to be a chore if you do it all yourself. Fortunately, there are plenty of options on the market that make banners, cookie labels and maintenance relatively easy, following the letter of the law.

The cookie management on our site is done by Cookiebot, and we have used it to manage cookies for our customers. If you want, you can grab Cookiebot from that link, and we will automatically get the rights to manage it, and we will be able to set up your cookie circus too. So far, Cookiebot access (including the cookie page) has cost customers 200-400€ (VAT 0%) depending on the site. Our hourly rate for Cookiebot jobs is 85€ (+VAT 24%).

Tapio Kauranen - Hakukoneoptimointi

7th, Sep 2022