You see cookie alerts all over the place these days? Do you need one?
If you do business in Europe, you'll need it.
I also typically say you should build your website around the strictest of rules.
This might sound a little idealistic to some people, but I strongly suggest you don't track your users.
For analytics, track your website usage without keeping track of individual users -- use a service like Fathom to do this.
Europe's General Data Protection Regulation GDPR // California's Consumer Privacy Act CCPA // Australian Privacy Principles APP // LGPD
What does this mean for auth?