This has not been clearly defined in the legislation, however the ICO have offered some guidance that it should be interpreted in a very narrow sense.
The example given is that cookies used to enable someone to buy something from an online store are ‘strictly necessary’ and therefore don’t require consent – it is implied by the request from the user to process their order.
What does “strictly necessary” mean?
However cookies that help to give a personalised experience, or enable you to gather visitor data about site visits, are not ‘strictly necessary’, even if they are very useful.
The guidance provided by the ICO is a useful source of additional information.
What about cookies we can’t remove?
Cookies called ‘super cookies’, ‘ever cookies’ and ‘zombie cookies’ are cookies that is very hard to detect for the user and to remove. If a website is using these types of cookies it is a breach with the ICO guidelines and EU Directive.