Cookie-free Web Analytics

Correct. sessionStorage is a Web Storage API, fundamentally distinct from cookies in both implementation and regulatory treatment. Cookies are sent with every HTTP request to the server, can be set with expiration dates that persist for years, can be accessed across browser tabs, and are the specific technology that the ePrivacy Directive was designed to regulate. sessionStorage is scoped to a single browser tab, is never sent to any server automatically, cannot be accessed across tabs or domains, and is automatically cleared when the tab closes. The ePrivacy Directive targets "storing or accessing information on a user's terminal equipment" in the context of persistent tracking — sessionStorage is non-persistent by design and does not enable cross-visit tracking. No data protection authority has taken enforcement action against sessionStorage-based analytics.

The cookie-free, sessionStorage-based approach to analytics has been established in the market for years by tools like Plausible, Fathom, and now ActionLab, without regulatory challenge. The French data protection authority CNIL has explicitly recognized that cookie-free analytics tools can operate without consent when they do not track individuals across visits. The broader regulatory direction is toward stricter requirements for tools that do track individuals, which makes cookie-free tools more defensible over time, not less. ActionLab zero personal data approach is aligned with the regulatory trajectory: as requirements tighten around personal data and cross-site tracking, tools that do neither are increasingly clearly in the safe zone.

The primary capability you lose is cross-session user identity. Cookie-based analytics can tell you that a specific anonymous visitor came to your site five times this month because the cookie persists across visits. Cookie-free analytics treats each visit as independent because there is no persistent identifier. This means metrics like "unique monthly visitors" are session-based estimates rather than cookie-based counts. For the vast majority of web analytics use cases — traffic trends, page performance, referrer attribution, conversion funnels, geographic distribution, and device breakdown — the data is identical in quality. If you need individual user journey tracking across multiple visits, you need either cookies with consent or authenticated session tracking in your application.

If analytics cookies were the only reason for your cookie consent banner, yes — switching to ActionLab eliminates the need for a banner related to analytics entirely. However, many websites use other cookies beyond analytics: marketing pixels from Facebook or LinkedIn, chat widgets like Intercom or Drift, A/B testing tools, personalization engines, and embedded third-party content. Review all the cookies on your site before removing your consent banner. If ActionLab analytics was the only tool requiring cookies, you can remove the banner entirely. If other tools still use cookies, you can simplify the banner by removing analytics from the list of cookies requiring consent.

The key points for legal review: ActionLab uses no cookies of any kind, collects no personal data as defined by GDPR/CCPA/PECR, stores no IP addresses, creates no individual user profiles, and does not share data with any third party. The sessionStorage mechanism it uses is scoped to a single tab, non-persistent, and automatically cleared when the tab closes. It does not enable cross-visit tracking or cross-site identification. Because no cookies are used and no personal data is collected, no consent is required under the ePrivacy Directive or GDPR. Legal teams typically complete their review quickly because the analysis is binary: are cookies used (no), and is personal data collected (no). Both answers are negative, so consent requirements are not triggered.