Skip to main content
_
_Anonymous_1
September 16, 2025
Solved

Tracking without cookie consent

  • September 16, 2025
  • 2 replies
  • 431 views

With the new EU rule about cookie consent. I just want to clarify, what can and cannot be tracked? Some further questions in case cookies are denied:

 

1. Can Visits still be tracked?

2. I understand that Unique visitor might not get tracked but can an aggregate number of visitors be ascertained?

3. Would number of visitors be an inflated number?

4. Deeper engagement tracking for example, users that have engaged for over 2 pages in 1 visit, can a metric like so be tracked?

 

Thank you so much! 

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by Jennifer_Dungan

So as far as I understand, cookie consent is different from all out "tracking consent"... though most companies seem to bundle these together (incorrectly as far as I am concerned).

 

When someone opts out of Advertiser Cookies, they still see ads... they just don't have cookies tracking their behaviour between sites, so if you were looking for shoes on Site A, you won't get ads for shoes on Site B, but you will get generic run of site ads....

 

This should mean the same applies to Analytics... if someone opts out, well then you need to make sure the cookies only last the session, then expire (the session should maintain the same user as they travel page to page, but the next visit they will be treated as new).

 

In AppMeasurement, this is easy to do... the ECID extension has opt-in/opt-out logic, that should prevent an ECID from being set (following the user between sessions), and you can set the fallback s_vi cookies in the Analytics extension to expire after session.

 

WebSDK however, seems to be all or nothing... which I think is a massive miss. I don't think you can control the cookies granularly to allow tracking, but not follow the user between sessions (unless something has changed). I am not even sure how much custom effort you can do, since there are server side cookies set to identify people....

 

 

That said, assuming you are on AppMeasurement, and have configured your cookies according to your policies:

 

1. Can Visits still be tracked?

Yes, Visits should still continue to track

 

2. I understand that Unique visitor might not get tracked but can an aggregate number of visitors be ascertained?

Technically yes, but it will be inflated... the same way that any user who clears their cookies manually after each session would be treated as new on each visit

 

3. Would number of visitors be an inflated number?

Yes

 

4. Deeper engagement tracking for example, users that have engaged for over 2 pages in 1 visit, can a metric like so be tracked?

You should still be able to do this, since you would be looking at Pages in a Visit... since these shouldn't be impacted, you should be fine.. it's really UVs that are going to be the gotcha.

 

 

On that note, in our consent model, since we don't required analytics cookies to be opted out, we are going to set our messaging to clearly show that Analytics cookies are part of our required features... that said, if we were allowing opt-out, I would probably set up a dimension to track "opt-in" or "opt-out" on each call, so that I could segment based on the status, and use UVs against the more reliable opted in group... 

2 replies

Jennifer_Dungan
Community Advisor and Adobe Champion
Jennifer_DunganCommunity Advisor and Adobe ChampionAccepted solution
Community Advisor and Adobe Champion
September 16, 2025

So as far as I understand, cookie consent is different from all out "tracking consent"... though most companies seem to bundle these together (incorrectly as far as I am concerned).

 

When someone opts out of Advertiser Cookies, they still see ads... they just don't have cookies tracking their behaviour between sites, so if you were looking for shoes on Site A, you won't get ads for shoes on Site B, but you will get generic run of site ads....

 

This should mean the same applies to Analytics... if someone opts out, well then you need to make sure the cookies only last the session, then expire (the session should maintain the same user as they travel page to page, but the next visit they will be treated as new).

 

In AppMeasurement, this is easy to do... the ECID extension has opt-in/opt-out logic, that should prevent an ECID from being set (following the user between sessions), and you can set the fallback s_vi cookies in the Analytics extension to expire after session.

 

WebSDK however, seems to be all or nothing... which I think is a massive miss. I don't think you can control the cookies granularly to allow tracking, but not follow the user between sessions (unless something has changed). I am not even sure how much custom effort you can do, since there are server side cookies set to identify people....

 

 

That said, assuming you are on AppMeasurement, and have configured your cookies according to your policies:

 

1. Can Visits still be tracked?

Yes, Visits should still continue to track

 

2. I understand that Unique visitor might not get tracked but can an aggregate number of visitors be ascertained?

Technically yes, but it will be inflated... the same way that any user who clears their cookies manually after each session would be treated as new on each visit

 

3. Would number of visitors be an inflated number?

Yes

 

4. Deeper engagement tracking for example, users that have engaged for over 2 pages in 1 visit, can a metric like so be tracked?

You should still be able to do this, since you would be looking at Pages in a Visit... since these shouldn't be impacted, you should be fine.. it's really UVs that are going to be the gotcha.

 

 

On that note, in our consent model, since we don't required analytics cookies to be opted out, we are going to set our messaging to clearly show that Analytics cookies are part of our required features... that said, if we were allowing opt-out, I would probably set up a dimension to track "opt-in" or "opt-out" on each call, so that I could segment based on the status, and use UVs against the more reliable opted in group... 

Vinay_Chauhan
Community Advisor and Adobe Champion
Vinay_ChauhanCommunity Advisor and Adobe Champion
Community Advisor and Adobe Champion
September 16, 2025

In addition to what @jennifer_dungan said -

If consent for analytics cookies is denied, tracking becomes very limited. Without cookies or persistent IDs, each pageview is treated in isolation or at best tied together only within a single session if session-based logic is allowed.

  1. Visits can still be tracked if a temporary session ID is maintained, but those visits won’t connect across sessions.

  2. Unique Visitors cannot be reliably measured, what you’ll see instead is inflated counts, since the same person looks “new” each time they return.

  3. Yes, the aggregate visitor number will be overstated for that reason.

  4. Engagement within a visit (like multiple pageviews in a single session) can still be tracked, since it doesn’t depend on long-term identifiers.

In short, you can still measure visits and session-level engagement, but anything requiring persistent identification (like Unique Visitors across days) becomes unreliable without consent.

_
_Anonymous_1Author
September 17, 2025

Thank you both @jennifer_dungan and @vinay_chauhan !

 

That clears up a lot. 

 

Session based logic is indeed permissible. My question though for the last point , that is, the engagement metric is: Say it is created based on Unique visitors, so essentially, number of unique visitor that have engaged with a few pages on the website. Since, Unique Visitors will be inflated, does that mean this one would be as well? 

Terms & ConditionsAccessibility statement

Loading footer...