Mailchimp Landing Pages Set Cookies by Default
Every Mailchimp landing page drops cookies as soon as a visitor loads the page. If you have enabled the Track with Mailchimp feature - which most marketers do, because it powers visitor counts and conversion reporting - additional tracking cookies are set automatically.
That is a problem under European and UK privacy rules. Article 5(3) of the ePrivacy Directive requires prior consent before storing non-essential cookies on a visitor's device. The GDPR reinforces this by demanding that consent be freely given, specific, informed, and unambiguous. Mailchimp's default behaviour satisfies none of those conditions.
For audiences in California, the CCPA gives consumers the right to opt out of the sale or sharing of personal information, which can include data gathered through tracking cookies.
Which Cookies Does Mailchimp Set on Landing Pages?
Mailchimp landing pages typically set several cookies tied to analytics and campaign attribution. The exact cookies vary depending on whether you have enabled Track with Mailchimp and whether you have added third-party integrations such as Meta Pixel or Google Analytics.
| Cookie Name | Purpose | Category | Duration |
|---|---|---|---|
mailchimp_landing_site | Records the first page visited for attribution reporting | Analytics | 30 days |
mc_landing_site | Tracks the landing page source for campaign reports | Analytics | 30 days |
_mcga | Mailchimp analytics identifier for unique visitor counting | Analytics | 2 years |
_MCID | Identifies returning visitors across sessions | Analytics | 2 years |
_ga | Google Analytics visitor ID (if GA is connected) | Analytics | 2 years |
_fbp | Meta Pixel browser ID (if Meta Pixel is connected) | Marketing | 90 days |
All of these are non-essential. None are required for the landing page to function. Under GDPR consent rules, every one of them needs an opt-in before it is set.
Why Mailchimp's Built-in Notification Bar Is Not Enough
Mailchimp offers a notification bar that appears at the bottom of landing pages. It tells visitors that the page uses cookies and includes an optional opt-out link. That sounds reasonable, but it does not meet the legal standard in most jurisdictions.
The notification bar is informational, not interactive. It does not collect granular consent. Visitors cannot choose which cookie categories to accept or reject. Cookies are already set before the bar appears, which directly contradicts the prior-consent requirement under GDPR.
European data protection authorities have been clear on this point. The CNIL fined several organisations in 2024 and 2025 for setting analytics cookies before collecting consent. The ICO's guidance states that cookie consent must be obtained before non-essential cookies are placed. A notice-only bar does not qualify as valid consent under Article 7 of the GDPR.
What a Compliant Cookie Banner Needs to Do
A proper cookie consent mechanism on a Mailchimp landing page must block non-essential cookies until the visitor makes a choice. That means no mailchimp_landing_site, no _mcga, and no third-party pixels firing before consent is granted.
The banner must present clear options to accept or reject cookies. A single "OK" button is not valid consent - the EDPB guidelines on dark patterns confirm that refusing cookies must be as easy as accepting them. The one-click reject requirement is now enforced by multiple EU regulators.
Visitors must be able to withdraw consent at any time. The banner should store the consent record as proof of compliance. For sites with international traffic, the banner should adapt based on the visitor's location - showing a full opt-in banner in the EU while offering an opt-out mechanism in California.
Adding a Cookie Banner to Mailchimp Landing Pages
Mailchimp landing pages support custom HTML through the Code content block. This is how you add a third-party cookie consent solution, since Mailchimp does not provide a built-in compliant banner.
Using the Code Content Block
In the Mailchimp landing page editor, drag a Code block onto your page. Paste the cookie banner script into that block. The script loads alongside the page and can intercept cookies before they are set.
Kukie.io provides a lightweight script that works inside Mailchimp's Code block. The Mailchimp installation guide walks through the process step by step, from generating the script in the dashboard to pasting it into the Code block.
Blocking Cookies Before Consent
The critical part is ensuring cookies are blocked until consent is given. A consent management platform that supports conditional script loading will prevent Mailchimp's tracking and any connected third-party scripts from firing until the visitor opts in. Without this blocking mechanism, adding a banner is cosmetic rather than functional.
If you have connected Google Analytics or Meta Pixel to your Mailchimp landing page, those integrations also need to respect consent. Google Consent Mode v2 can handle the Google side, but Meta Pixel requires script blocking at the CMP level.
Handling Consent Across Email Campaigns and Landing Pages
Cookie consent on a landing page is separate from email marketing consent. A subscriber who opted into your mailing list has not consented to cookie tracking on your landing page. These are two distinct legal bases, and conflating them is a common mistake.
When someone clicks a link in your email campaign and lands on a Mailchimp-hosted page, the cookie banner must still appear. The fact that they voluntarily clicked the link does not constitute consent to be tracked via cookies. Article 5(3) of the ePrivacy Directive applies regardless of how the visitor arrived.
Consider your campaign reporting. If a significant portion of your audience is in the EU, your Mailchimp analytics will only reflect visitors who consent to tracking. This affects your conversion numbers but keeps you on the right side of enforcement.
Common Mailchimp Tracking Cookies and How to Categorise Them
Proper cookie categorisation matters because it determines what your banner blocks and when. Mailchimp's own cookies fall into the analytics category - they measure page visits and conversions but are not required for the page to display or forms to submit.
Third-party cookies you might add to a Mailchimp landing page often fall into the marketing category. Meta Pixel (_fbp), Google Ads remarketing tags, and similar tools all set marketing cookies that require explicit consent.
Session cookies that Mailchimp uses to handle form submissions are functional. These do not require consent because they are strictly necessary for the service the visitor requested. Similar categorisation challenges apply to other email marketing platforms - MailerLite landing pages present comparable issues.
Running a cookie scan on your Mailchimp landing page URL will identify every cookie and script, including ones you may not have added deliberately. Third-party embeds and fonts can introduce cookies you did not expect.
What Happens If You Skip Cookie Consent on Mailchimp Pages
The risk depends on your audience's location. For EU visitors, non-compliant cookie practices can lead to complaints filed with data protection authorities. CNIL, the French regulator, has issued fines ranging from tens of thousands to several hundred thousand euros for cookie consent violations. The enforcement trend in 2025 and 2026 shows increasing scrutiny of marketing tools and landing pages.
Under CCPA, the California Attorney General and the CPPA can impose penalties of up to $7,500 per intentional violation. Landing pages that collect data from California residents without offering an opt-out mechanism are exposed.
Beyond fines, non-compliance erodes brand trust. Visitors who see no cookie banner - or a banner that clearly does nothing - may question whether you handle their email data responsibly either.
Comparing Mailchimp's Options with a Dedicated CMP
| Feature | Mailchimp Notification Bar | Dedicated CMP |
|---|---|---|
| Prior consent (cookies blocked by default) | No | Yes |
| Granular category selection | No | Yes |
| Opt-out link | Optional, single toggle | Full reject/withdraw options |
| Consent record storage | No | Yes |
| Geo-detection for regional rules | No | Yes |
| Google Consent Mode v2 support | No | Yes |
| Third-party script blocking | No | Yes |
Mailchimp's notification bar was designed for transparency, not for legal compliance. A dedicated consent management platform handles blocking, recording, and adapting consent to different jurisdictions.
Frequently Asked Questions
Does Mailchimp set cookies on landing pages without consent?
Yes. When Track with Mailchimp is enabled, cookies such as mailchimp_landing_site and _mcga are set as soon as the page loads, before any consent is collected. This does not meet GDPR requirements for prior consent.
Is the Mailchimp notification bar GDPR-compliant?
No. The notification bar informs visitors about cookies but does not block them before consent. It lacks granular category controls and does not store consent records. European regulators require active, informed consent before non-essential cookies are placed.
How do I add a cookie banner to a Mailchimp landing page?
Use the Code content block in the Mailchimp landing page editor to add a third-party cookie consent script. The Mailchimp installation guide provides step-by-step instructions for adding a compliant banner.
Do email subscribers still need cookie consent on landing pages?
Yes. Email marketing consent and cookie consent are separate legal requirements. A subscriber who opted into your mailing list has not consented to cookie tracking when they visit your landing page. The cookie banner must still appear.
Can I use Google Analytics on a Mailchimp landing page without consent?
No. Google Analytics sets non-essential cookies such as _ga that require consent under GDPR and the ePrivacy Directive. You need to block the GA script until the visitor opts in, which can be handled through Google Consent Mode v2 and a consent management platform.
What cookies does Mailchimp Track with Mailchimp set?
The main cookies are mailchimp_landing_site, mc_landing_site, _mcga, and _MCID. These track page visits, campaign attribution, and unique visitors for Mailchimp's reporting features. All are classified as analytics cookies.
Take Control of Your Cookie Compliance
If you are not sure which cookies your Mailchimp landing pages set, start with a free scan. Kukie.io detects, categorises, and helps you manage every cookie - so your visitors get a clear choice, and you stay on the right side of the law.
