Is there a setting on Google Analytics to suppress use of cookies for users who have not yet given consent

Question

EDIT (2019): The below answer predates GDPR and likely requires revision.

Google Analytics has a new set of APIs to assist with compliance with a cookie opt-out. Here's the documentation, and here's their help docs.

There has been some ambiguity as to whether the EU Cookie Regulations (as implemented in member countries) require that passive web analytics tracking requires opt-in mechanisms for compliance. If you're concerned one way or another, consult an attorney. Google is empowering you to make the decision as to how you want to proceed.

They'll leave implementation details to you, but, the idea is, once you've determined whether or not to track the user in Google Analytics, if the answer is to not track, you'd set the following property to true before Google Analytics runs:

window['ga-disable-UA-XXXXXX-Y'] = true;

Where UA-XXXXXX-Y is your account ID in Google Analytics

As the other posters have noted, Google Analytics relies on cookies. So, you're not able to do any kind of tracking without cookies. If you've determined that someone is not to be cookied for tracking, you'll need to implement something like this:

if(doNotCookie()){
   window['ga-disable-UA-XXXXXX-Y'] = true;
}

Opt In

This does require a little bit of jujitsu for when you first load Google Analytics, since this property will need to be set before Google Analytics runs to prevent tracking from ever happening, which means, for an "opt in to tracking" approach, you'd probably need to implement a mechanism where, on first visit, Google Analytics is automatically disabled in the absence of an opt-in cookie (cookies that determine cookie preferences are explicitly allowed), and then, if an opt-in happens, re-runs Google Analytics. On subsequent pageviews, all would run smoothly.

Could look something like (pseudo-code):

if( hasOptedOut() || hasNotExpressedCookiePreferenceYet() ){ //functions you've defined elsewhere
     window['ga-disable-UA-XXXXXX-Y'] = true;
}
  var _gaq = _gaq || [];
  _gaq.push(['_setAccount', 'UA-XXXXXXX-Y']);
  _gaq.push(['_trackPageview']);


  function onOptIn(){ //have this run when/if they opt-in.
      window['ga-disable-UA-XXXXXX-Y'] = false;
      //...snip...
      //set a cookie to express that the user has opted-in to tracking, for future pageviews
      _gaq.push(['_trackPageview']); // now run the pageview that you 'missed'
   }

Opt Out

With this approach, you'd allow the user to opt-out of tracking, which would mean you'd use a cookie to set the ga-disable-UA-XXXXXX-Y' property and a cookie to manage it in the future:

if( hasOptedOut() ){ // function you've defined elsewhere 
     window['ga-disable-UA-XXXXXX-Y'] = true;
}

  var _gaq = _gaq || [];
  _gaq.push(['_setAccount', 'UA-XXXXXX-Y']);
  _gaq.push(['_trackPageview']);

You can disable the use of cookies for Google Analytics by specifying the {'storage' : 'none'} option when creating the tracker instance.

See Google's guide on the subject for more details.

I often never ask users to opt out for google analytics, that is because i never set cookies and i never save their ip (and other personal data).

(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
})(window,document,'script','//www.google-analytics.com/analytics.js','ga');

ga('create', 'UA-98765432-1', 'www.example.com', {
  'anonymizeIp': true
  , 'storage': 'none'
  , 'clientId': window.localStorage.getItem('ga_clientId')
});
ga(function(tracker) {
  window.localStorage.setItem('ga_clientId', tracker.get('clientId'));
});
ga('send', 'pageview');

Also check out this code at Convert Google Analytics cookies to Local/Session Storage

This script will not set any cookies, but still track via google analytics. This will actually have the same effect on privacy as using cookies, because google still records the users IP-address.

That is where the anonymizeIp switch comes in. This tells google to only save an anonymized version of the IP-address. An anonymized IP-address is not considered personal data, so the users privacy will be respected.

AFAIK cookie law is all about privacy and does allow website to track their usage. I am not a lawyer or anything but in my opinion this script complies to the EU cookie law.

Check out this plunk to see it in action: http://plnkr.co/MwH6xwGK00u3CFOTzepK

As a quick note, the BBC (probably the most popular site in the UK) has taken an interesting approach to complying with cookies - they've displayed a banner to users telling them that cookies are set and provide a couple of links.

This one explains what cookies are. This one lets them manage their cookies, but most interestingly of all they supply a link to Google Analytics to allow users to opt-out of GA in its entirety. So, in summary, the BBC have taken the view that they can tell the user what cookies are set and then provide a link to Google to allow the user to opt out of all GA cookies. For me, that's a lot less hassle than you telling GA to opt-out for an address through JS.