Start with the small file
A cookie is just a text file. A server drops it in your browser, your browser keeps it, and next visit it goes back the other way. The whole thing takes milliseconds. The name comes from old computing — magic cookies, tokens passed between programs so they could pick up a conversation mid-sentence. On the web, the conversation being picked up is you. What you clicked, what you were shopping for at eleven on a Tuesday, what you started reading and quietly gave up on. Cookies are how websites remember, and without them every page load is a blank slate — the site has no idea if you were here five minutes ago or have never visited in your life. That is the technology. Neutral, by itself. A memory mechanism. What matters is what the memory is used for.
The four reasons
Most websites use cookies for four things, and they are not equally innocent. Logins: a session token in a cookie tells the site this browser already authenticated, so you do not retype your password. Preferences: language, region, display settings — small choices that should not need repeating, and that sometimes qualify as strictly necessary when they serve something the user actually asked for, like a language selection or an accessibility setting. Analytics: tools like Google Analytics record which pages you visit, for how long, arriving from where. That data goes back to the site owner as traffic numbers and performance dashboards.
Then there is the fourth one. Advertising cookies — often placed not by the site you are actually on but by third-party networks running invisibly in the background — track your browser across dozens of sites, assembling a picture of your interests that gets sold to advertisers so they can follow you around the internet with targeted ads. The first two serve you, more or less. The third serves the site owner. The fourth serves someone you have never met, and the site owner takes a cut for letting it happen. This is not a scandal. It is just the business model of most of the web. The banner was supposed to help you know which of these four any given site was actually running. It has never really managed that.
Why the banner exists at all
The cookie consent pop-up is not a design trend. It is the ePrivacy Directive — a European Union directive from 2002, with its consent requirements substantially strengthened by the 2009 amendment. Because it is a directive rather than a regulation, it had to be transposed into national law by each member state separately, which is part of why enforcement varied so much across the EU for so long. The directive's scope is also broader than cookies: it covers any information stored or accessed on a user's terminal equipment, which means local storage, tracking pixels, browser fingerprinting, third-party scripts — cookies are the most visible example, not the whole picture.
The GDPR, in force since 2018, added further weight by treating online identifiers including cookie IDs as personal data, a position reinforced by the Court of Justice of the European Union's Planet49 ruling in 2019. Together they created a situation where almost every website with European visitors must either collect documented, unambiguous, freely given consent for non-essential tracking, or not use it. Enforcement has not stayed theoretical. France's data protection authority, the CNIL, fined Google €100 million in December 2020 for placing cookies without valid consent. Two years later it fined two further companies a combined €210 million — specifically because the mechanism for rejecting cookies had been made significantly harder to use than the mechanism for accepting them. Sweden's regulator has gone after companies for similar designs: a reject option that was technically present but buried so deep that most users gave up and clicked accept instead. Regulators now examine not just what a consent notice says but what the actual experience of using it feels like. The draft ePrivacy Regulation, meant to modernise the whole framework, has been stuck in legislative deadlock in the Council of the European Union for years and remains unresolved as of 2026. The 2002 directive, as amended, is still what governs. The framework is not softening.
What the banner actually is
Here is what nobody says clearly enough. Most cookie banners are not privacy features. They are the legal formality a site must complete before doing something it was already going to do regardless. You arrive, the banner appears, most people click accept because it is blocking whatever they came to read, and the tracking starts. Studies find that large majorities accept without reading — the precise figures vary by study and design, but nobody seriously disputes the direction. The real number is close to everyone who just wants the thing out of the way.
When reject all is offered at equal prominence — which regulators now require, as those CNIL fines made explicit — the site runs without the machinery it would prefer to run. The banner did not produce a more informed internet. It produced a reflex. Click, dismiss, read the article. The law required the notice. The notice did not require anyone to engage with it. That gap — between what the regulation intended and what it actually produced in practice — is what the banner is. Sitting on every homepage, extracting a small tax of attention from every new visitor, and doing approximately nothing for anyone's privacy in return.
A site with nothing to track
It is worth being concrete about what PIWIWines actually is, because the abstraction can obscure a simple point. It is a reference site about wine. PIWI wines, disease-resistant grape varieties, sustainable viticulture. Growers use it to look things up. Wine professionals use it. Enthusiasts use it. Nobody logs in — there are no accounts. There are no user preferences to configure or save, because there is nothing to configure. There are no advertisements: no producer has paid for placement, no advertising network has paid for access to visitor data. There is no analytics platform running in the background.
What would a cookie even do here? There is no session to maintain, no preference to remember for next time, no behaviour pattern worth building, no advertising target to refine. The question answers itself. No cookies are set not as a principled stance requiring a manifesto, but because there is genuinely nothing a cookie would be for on a site like this.
Subtraction as compliance
The obligations that come with cookies — consent banners, privacy policies updated every time a third-party script changes, consent records stored somewhere, opt-out pathways maintained — all of these are triggered by using cookies in the first place. Stop using them and the obligations largely disappear with them. No banner to design or A/B test into compliance. No policy lawyer to consult every six months. This is the logical conclusion of the principle the regulation was built on: collect only what you need, and if you need nothing, collect nothing.
Worth flagging one thing. A site can accidentally introduce third-party tracking through embedded content — a YouTube video, a social sharing widget, a map, a font loaded from an external server — any of which can deposit tracking files without the site owner having written a line of cookie code. PIWIWines does not use embedded content of this kind. The absence of tracking here is not an accident of the site being small or unfinished. It is a consequence of deliberate choices about how it is built.
The older meaning of publicity
The word publicity used to mean something simpler: making something public, placing information in common view. There is a whole tradition of it — public notices, published records, the idea that certain things belong in the open rather than locked away. A website is a public act by definition. You put something on a server and anyone can reach it. PIWIWines publishes information about interspecific hybrid grape varieties — crosses between Vitis vinifera and other Vitis species such as V. amurensis or V. labrusca, bred for fungal resistance — along with growing practices, varietal profiles, and the wines that come from them. That is the interspecific nature that gives PIWI varieties their resistance and what makes them worth a dedicated reference resource. The information is there for whoever wants it. No account required. Nothing assembled about you in exchange for access.
The advertising industry took the word publicity and aimed it at something else entirely: paid placement, targeted reach, the business of identifying specific people based on what their browsing data suggests about their purchasing intentions. That is not what is happening here, and the two things are worth keeping distinct. What appears on PIWIWines reflects choices about what is accurate and useful for people working in sustainable viticulture. Not choices about what generates revenue. A reference site is only worth the trust people put in it, and that trust depends on there being genuinely nothing pulling the editorial decisions in a commercial direction. If there is nothing to be independent from, independence is not even a question that needs answering.
When you arrive
When you open a page on PIWIWines, nothing is stored in your browser by the site. No cookie file created, no client-side identifier assigned. Like any website, server logs record basic request data including IP addresses — that is a standard part of how web hosting works and serves legitimate security and technical purposes — but that data is not matched against a profile of your previous visits, not fed into a targeting system, not used for commercial analytics. Under GDPR, an IP address counts as personal data, so any site that processes it operates within that framework, even with no cookies at all. The honest position is not that PIWIWines collects nothing in any technical sense. It is that it collects nothing about you for commercial purposes, and nothing that requires your consent before you can simply read what you came here to read.
There is no cookie banner because there are no cookies. Not because the banner was forgotten, not because nobody got around to it, but because the person who built this site decided that a website about wine and grape varieties has no business tracking the people who read it. That turns out to be both the right call and the easier one to maintain.