Under GDPR, cookie consent must be granular and specific — your website visitors need to know which categories of cookies you use, what purposes they serve, and have the ability to consent to or deny each category independently. This article explains the GDPR cookie categories used in Secure Privacy's Privacy Preference Center and Cookie Declaration, and why essential cookies are exempt from the consent requirement.
Secure Privacy automatically updates your Privacy Preference Center and Cookie Declaration based on scan results. Cookie categorization is handled automatically, but you can change the category for any cookie at any time using the Classification feature.
Who Is This For?
Website owners and administrators managing GDPR cookie consent categories in Secure Privacy
Compliance officers and legal teams understanding which cookies require granular consent
Marketing teams and developers configuring cookie classification and consent banner categories
Why Cookie Consent Must Be Granular Under GDPR
GDPR requires that consent for cookies be specific to the purpose for which each cookie is used. A visitor who consents to Social Media cookies — for example, Twitter sharing buttons — must give a separate, explicit consent for Media Player cookies such as YouTube embeds. Bundling all non-essential cookies into a single consent request does not satisfy GDPR's granularity requirement.
Cookie Categories in Secure Privacy
Essential Cookies
Essential cookies are strictly necessary for the basic functionality of your website and cannot be switched off in Secure Privacy. They are set as a result of actions visitors take — such as logging in, filling in forms, or navigating between pages — and are required to maintain a user session, track the current page, or identify which account a user is accessing from. Blocking essential cookies typically breaks core website functionality.
Under the Cookie Law and GDPR, essential cookies and strictly necessary cookies are treated as the same category — and do not require user consent.
Preferences Cookies
Unlike essential cookies, preferences cookies supplement and extend website functionality but are not strictly necessary for the site to operate. They may be set by first- or third-party providers added to enhance features — for example, enabling video playback or remembering display settings. Blocking cookies in this category may affect the operation of some or all of the associated services.
Analytics and Customer Interaction Cookies
Analytics cookies track and analyze user behavior — counting visits, analyzing traffic sources, measuring average time spent on pages, and identifying which sections of the website are most and least active. The data collected is aggregated and anonymous. Customer interaction cookies support survey and questionnaire functionality and do not contain personally identifiable information unless the visitor actively opts in to have it stored.
Both analytics and customer interaction cookies require explicit consent under GDPR before they can be activated.
Advertising Cookies
Advertising cookies are typically third-party cookies placed by ad networks or vendors. If you display ads on your website, those third-party ad owners may track your visitors and build user profiles through cookies to deliver personalized and relevant advertisements. Under GDPR, liability for third-party advertising cookies placed on your domain rests with you as the website owner — exercise caution when enabling advertising cookies from external vendors.
Social Media Cookies
If your website includes subscribe, like, or share buttons that connect to any social media platform, you are using social media cookies. These cookies can track a user's browser activity across other websites and build profiles of interests — influencing the content and messages they see on other sites. Disabling this category blocks all social sharing button functionality and related embedded tools.
Frequently Asked Questions
Why can't essential cookies be switched off?
Essential cookies are required for your website to function — without them, core features such as login sessions, form submissions, and page navigation break. Under GDPR and the Cookie Law, strictly necessary cookies are exempt from the consent requirement because they are essential to delivering the service the visitor has explicitly requested. Secure Privacy reflects this by making the Essential category non-optional in the preference center.
Do analytics cookies require consent under GDPR?
Yes. Although analytics data is typically aggregated and anonymous, analytics cookies still track user behavior and require explicit prior consent under GDPR before they can be set. Secure Privacy blocks analytics cookies until consent is given and records the consent event in the audit log.
Can I change the category assigned to a specific cookie?
Yes. While Secure Privacy automatically categorizes detected cookies, you can override any category assignment using the Classification tab in your dashboard. After changing a category, trigger a website rescan to apply the update to your live cookie declaration and preference center.