In technical terms, cookies are small computer files and stored in the web browser in order to remember information about the users and facilitate the website operators to track users' browsing activities and preferences. The EU ePrivacy Directive requires website operators to ask for a website user's consent when placing certain kinds of cookie on their devices for the first time. The law states that it should be informed consent and sufficient plain-language information should be provided to users. The e-Privacy regulation also harmonized with GDPR since Data Protection Directive was replaced in 2018. GDPR requires that consent for data processing be freely given, specific, informed and unambiguous, and can be withdrawn. An exception to this requirement is that users' consent is not required for cookies that are essential to delivering the service that users have requested. Prior to the introduction of the GDPR, it was widely accepted that consent could be obtained through using the cookie walls, p re-ticked boxes and other similar mechanisms. But with the announcement of two cookie guidelines enacted by UK and France in July 2019 and the preliminary ruling made by Court of Justice of the European Union in December 2019, the mere continued use of a website, pre-ticked checkbox or other implied consent schemes are no longer sufficient and should not constitute consent. This article will first discuss cookies generally and analysis the main normative challenges imposed by the use of cookies. Then examines the current EU cookie laws, points out the related questions about the application of ePrivacy Directive and GDPR and finally puts forward suggestions toward domestic legislation.