What About First Party Cookies

This has not been clearly defined in the legislation, however the ICO have offered some guidance that it should be interpreted in a very narrow sense.

The example given is that cookies used to enable someone to buy something from an online store are ‘strictly necessary’  and  therefore  don’t  require  consent  –  it  is  implied  by  the  request  from  the  user  to  process  their order.

What does “strictly necessary” mean?
However  cookies  that  help  to  give  a  personalised  experience,  or  enable  you  to  gather  visitor  data  about  site visits, are not ‘strictly necessary’, even if they are very useful.

The guidance provided by the ICO is a useful source of additional information.

What about cookies we can’t remove?
Cookies  called  ‘super  cookies’,  ‘ever  cookies’  and  ‘zombie  cookies’  are  cookies  that  is  very  hard  to detect for the user and to remove. If a website is using these types of cookies it is a breach with the ICO guidelines and EU Directive.