Does Your Website Need a Cookie Consent Banner? UK and US Rules Explained

Those popup banners asking you to “Accept cookies” are not optional decoration. In the UK they are a legal requirement. In the US the rules vary by state but are increasingly strict.

UK: PECR makes it mandatory

The Privacy and Electronic Communications Regulations (PECR) require you to get consent before setting any non-essential cookies. Essential cookies (like those that keep you logged in) are exempt, but analytics cookies, advertising cookies, and social media cookies all require permission. The ICO can fine up to £17.5 million.

US: State by state

There is no single federal cookie law, but California (CCPA), Colorado (CPA), Connecticut (CTDPA), and Virginia (VCDPA) all require businesses to let visitors opt out of tracking. If you serve customers in any of these states, you need a consent mechanism.

How to add one

For WordPress, install CookieYes or Complianz — both free and take about 10 minutes to set up. For Shopify, use the built-in cookie banner or the free Pandectes app. The plugin automatically detects cookies on your site and generates the appropriate consent banner.

Scan your website free now — get your health score in 30 seconds →