Cookies & Consent - steps businesses need to take in 2025

With the first of April already upon us it’s no joke that cookies, and their role in harvesting the data which feeds online advertising, marketing automation and increasingly algorithms remain one of the top causes of concern for our clients. 

Why is this so? After all, in the UK and Europe we’ve had laws around marketing and electronic communications for over a decade, and as web users we’re all used to seeing, scanning and clicking away banners which are the gateway to our permission (consent). 

Both generative AI and LLMs rely on access to massive amounts of data, which cookies help to generate and puts added pressure on companies to show consent is “freely given, specific, informed and unambiguous”. 

The upside is that AI can be used to analyse user interactions on a website, identify patterns in behavior, and predict what products or services they might be interested in while preserving privacy, and automate some of the requirements of GDPR and other laws. Our own Gilbert Hill was interviewed recently by Google on new developments in this area: https://www.youtube.com/watch?v=O9EiC566H7Y

While this shows the future for cookieless and Privacy-Enhancing Technologies is exciting, the reality is regulators are cracking down now on companies they believe don’t offer users real choice with consent. 

In the UK, the ICO has expressed concern over “dark design patterns’ in cookie consent paths, and extended its review of sites to the top 1,000, writing to those it believes need to do better. 

In the US, The California Privacy Protection Agency recently fined Honda $632,500 for issues with their data subject rights request webform and cookie management tool, including requiring excessive information and making it difficult to opt-out of advertising cookies. 

So how can companies protect themselves from such action in 2025, and equally important build trust with their customers and prospects as the basis for their ongoing relationship and use of new technologies? 

Here are the steps we’ve found most helpful for clients: 

Implementing Consent Management Platforms (CMPs)

CMPs are widely adopted to manage user consent effectively. These platforms allow users to provide explicit, granular consent for specific types of cookies and record their preferences for compliance purposes. CMPs can also adapt to regulatory changes and entry into new markets, reducing the risk of non-compliance. There are a number of new choices when it comes to technology and products in this space and we can help with both the assessment and correct implementation of solutions. 

Designing User-Friendly Cookie Banners

Companies are updating cookie banners to offer clear, prominent options for accepting or rejecting cookies. These banners include detailed explanations of cookie purposes and ensure that consent is freely given. Equal prominence for "Accept" and "Reject" options is emphasized to comply with both the spirit of regulations like GDPR, and new guidelines from enforcers such as the ICO and France’s CNIL.

Conducting regular Cookie Audits

Businesses should perform regular audits of their websites to identify and remove unnecessary or non-compliant cookies. We find clients can be surprised by what cookies their sites drop on people’s devices, especially when using marketing automation tools and the challenge is to explain clearly what benefit there is to them for sharing data. 

Transitioning to First-Party Data

With third-party cookies becoming harder to use, many companies are shifting towards ‘old-school’, first-party data collection methods like surveys, email sign-ups, and direct interactions. This strategy helps ensure compliance while maintaining valuable, proprietary insights for marketing.

Updating Privacy Policies

Companies are revising their privacy policies to reflect updated cookie practices and provide users with transparent information about how their data is collected and used. This ensures alignment with legal requirements.

Monitoring Compliance Regularly

Continuous monitoring of cookie usage and consent mechanisms allows businesses to stay ahead of regulatory changes and address compliance gaps proactively. We also advise companies who are thinking about changing the lawful basis with which they engage with clients when it comes to use of their data. 

Despite predictions of the cookie’s demise, for now it’s here to stay and how you treat gaining consent and trust of people in the use of their data matters when it comes to how they view your brand. We keep up to date with the latest developments in this space and will continue to share them here.