Hi Hanna,
it’s not a stupid question, it’s actually a pretty tricky thing to deal with, considering potential legal consequences.
Cookies can be set from the server and through javascript. The server side cookie setting is generally done by a PHP script (or other server side programming), though PHP scripts don’t always have a reason to set a cookie. On an apache server the .htaccess can also be used to set a cookie.
There isn’t a quick rule to decide if a static site sets cookies or not without looking at the code. The quickest way that comes to mind is to remove the website data from your browser, click through the site, and then check if you have any cookies set.
Clearly third party services, particularly free ones, live off of user tracking. Facebook, twitter, google (including maps/youtube/etc) give you embeddable content precisely so that they can track their users on your site. This requires a cookie banner that also blocks the embedded stuff until the user has accepted the cookie policy. If you use a browser plugin like Ghostery you will be notified of any of these tracking things in your sites, though again it’s not a replacement for thoroughly checking the source.
We researched Google Analytics tracking when adding the privacy banner feature to Sparkle, and it turns out that if you set Google Analytics to anonymize visitor IP addresses, something you are required to do in Germany, it is not considered a tracking cookie and while you still need the option to disable cookies entirely you aren’t required to use a banner.
(I am not a lawyer, by the way, if you are concerned about compliance you should talk to one)
Duncan
http://sparke.cx
freewaytalk mailing list
email@hidden
Update your subscriptions at: