JStatsMATOMO · ANALYTICS · JOOMLA 4 & 5

Privacy & law · Knowledge

When does a Joomla site need a consent banner?

The banner duty is triggered by technology, not by habit: consent is needed when something non-essential is stored on or read from the visitor's device – marketing cookies, tracking pixels, many embeds.

The reverse is the strategy: a Joomla site with cookieless self-hosted analytics and no third-party embeds often needs no banner at all – the smallest good banner is the superfluous one.

What needs consent, what does not – and the clean-up order

No consent is needed for the technically necessary: session cookies, login, language choice, a shopping cart – transparency in the privacy policy suffices. Consent is needed for device access beyond that: advertising and marketing pixels, tracking with persistent cookies (a Matomo with cookies enabled included!), external video or map embeds that set cookies, social widgets. The practical order for a Joomla site is therefore: first inventory (which extensions and embeds load what – the browser's network tab tells), then clean up (replace cookie-setting embeds with click-to-load variants, switch analytics to cookieless self-hosted – the neighbouring questions), and only then install a consent solution for whatever genuinely remains. If a banner is needed, the rules are unforgiving: the affected scripts must stay blocked until agreement, choices must be granular, and declining must be as easy as accepting – pre-ticked boxes, hidden decline links and colour nudging are the classic objections of regulators and competitors alike. Honest summary for the typical Joomla information site: with the setup this knowledge area describes, the banner question usually answers itself with “none needed” – confirmed, as always, by your legal advisor rather than by us.

Key facts

Related questions

All knowledge topics