Yes. If a responsible party uses cookies for the purpose of direct marketing and the data subject is not a customer of the responsible party, the responsible party must obtain the data subject’s consent. It would be problematic for any website owner to obtain the consent of each and every visitor to its website and thus, for POPI compliance and practicality purposes, this necessitates a cookie notice and policy.

Even if the purpose behind the collection of personal data is not direct marketing, a cookie notice and policy is still important, considering that a cookie collects personal information and therefore, a responsible party must take reasonably practicable steps to ensure that the data subject is aware of the collection.