No Cookies, No Consent Banners? Not Quite.

A founder recently asked me: "If I’m not using cookies, do I still need a consent banner?"

My answer: "Sometimes no, legally – but ethically, probably yes."

That sparked debate, but it's the wrong question. It’s not just about cookies. It’s about trust.

As developers, we are stepping into a new era. The browser landscape is changing. Users expect control. Regulators are watching. And the bar for ethical consent is rising.

At c15t, I’ve worked with teams navigating this post-cookie reality. The pattern is clear: consent is not a checkbox – it is infrastructure. And getting it right is no longer just about compliance. It is about building with integrity.

Why This Time Is Different (And Why It Matters)

We have entered the post-cookie era – but not the post-consent era.

Consent banners used to be about storing cookies. Now, they are about something much deeper: how we build trust online. This shift is driven by four forces:

1. Regulation: GDPR, ePrivacy, PECR, CCPA – stricter, broader, and increasingly enforced.

2. Expectations: Users are tired of dark patterns. They want real control and transparency.

3. Technology: Third-party cookies are vanishing. New tools like server-side tracking and Topics API are rising.

4. Ethics: Just because tracking is technically possible without consent does not mean it is right. Even where law allows grey areas, ethical design calls for clarity and choice.

Cookieless ≠ Consentless

Some developers assume removing cookies means removing consent requirements. But most cookieless tools still fall under privacy regulations:

  • Fingerprinting: Highly invasive. Requires consent.
  • LocalStorage: Treated like cookies under ePrivacy.
  • Server-side analytics: Needs a lawful basis under GDPR.
  • Privacy Sandbox: Still evolving – requires scrutiny.

Legal Isn’t Enough – Ethics Raise the Bar

The GDPR sets minimum standards. Ethical developers aim higher.

True consent means:

  • Clear language, not legalese.
  • Options with equal weight: "Accept All" and "Reject All".
  • A way to opt out that does not require effort gymnastics.

It also means respecting users even when the law does not require it. Ask yourself:

  • Do users know what is happening with their data?
  • Can they easily say no – or just as easily change their mind later?

If the answer is no, you are not building trust. You are simulating it.

The Developer's Role

This is not just a legal team’s job. It is a product and engineering issue too.

Build for Consent from Day One

  • Defer all tracking until consent is known.
  • Use feature flags to control when scripts load.
  • Store and respect user preferences reliably.

Avoid Performance Penalties

  • Lazy-load tracking scripts.
  • Eliminate blocking third-party CMPs.
  • Keep consent UX lightweight and fast.

Embrace Open Consent Infrastructure

If you are building on modern frameworks, use tools like c15t to integrate consent directly into your app – just like routing, auth or telemetry. Consent is part of your stack now.

Final Thought

The future of consent is not about popups. It is about posture.

How your product handles consent reflects how you treat your users.

So next time someone asks, "Do I need a banner if I do not use cookies?" – the real question is:

Do I want to build something users trust?

I'm @burnedchris on x. If you are working on ethical consent, privacy tooling, or developer-first compliance – I would love to talk.

Check out c15t.com for open, zero-overhead consent tooling.

Lets continue the conversation...

No Cookies, No Consent Banners? Not Quite. - Christopher Burns