Cookies are subject to the EU legislation on data protection and personal privacy, the GDPR and the ePrivacy Directive, because they can be used to track personal data. Therefore, as a website owner, it is very important to check your cookies and make sure that the use of them is compliant and that you get proper consent for setting them.
In this article, you can read how to do so, along with a general introduction to the different types of cookies on the internet.
Website cookie checker: Try our online free tool
Marketing cookies that track data falls under the category of personal data in the GDPR. Personal data in the GDPR is “any information that relates to an identified or identifiable living individual. Different pieces of information, which collected together can lead to the identification of a particular person, also constitute personal data”, states the European Commission.
Cookies track information such as IP-addresses, geolocation, actions and preferences and browsing history, that can build up impressive user profiles for targeted marketing etc.
See this interesting coverage by The Economist on large scale data brokers, user profiling and targeted advertising. The clip lasts 7,5 minutes and dates from 2014.
Most modern websites set a great deal of cookies on their user’s browsers, and often, even the website owner does not have the full picture of the cookies in use on the site.
As owner of the website, however, you are responsible for all cookies set on your users’ browsers, whether you set them yourself or they are set by embedded content and tools etc. in use on your website.
What cookies does my website use?
The free service scans up to five pages of your website and sends you a compliance report on all of the cookies and online tracking in use on these pages*.
*We need your mail address to send you the report, but we don’t store or use the mail address, unless you check the box that you wish to receive Cookiebot’s newsletter.
Be aware that the ubiquitous consent banners like the one illustrated below no longer suffice.
Here is an example of a compliant cookie consent banner:
- With the GDPR and the ePrivacy Directive, you may not set any cookies but the strictly necessary (and therefore compliant), before you have your users’ consent to it.
This is called prior consent, and means that cookies must be paused until the consent is obtained.
- The consent must be given on the basis of accurate and specific information about what data is being tracked and for what purpose.
- All recieved consents must be stored as documentation that the consent has been given, should the authorities request them.
- It must be as easy for your users to withdraw a consent as it was to give it in the first place.
Check out Cookiebot, the most used GDPR and ePR compliant cookie solution for websites on the market.
Definition: Cookies on the internet
What is a cookie and what does it do?
Essentially, a cookie is a small file of text that is dropped on a user’s browser by a website, when the user visits the site.
The cookie serves to give the website a “memory”, enabling it to retain information such as...
- user settings and preferences eg. language, font size and theme,
- geographic location and currency,
- the goods in their virtual shopping cart on ecommerce sites,
- their browsing activity, eg. frequency of visits to the site and duration of the visit
- their password and invoice details,
- their previous purchases,
- their fields of interest
All in all, cookies are an important and often indispensable means of presenting a smooth and responsive digital experience for the users.
The problem with cookies, however, is that they function out of sight (many don’t even really know what they are and what they do), and that they track personal data and can be used to create dauntingly rich and accurate user profiles.
Types of cookies:
There exists various types of cookies, and they can be grouped according to their purpose, their duration, and provenance.
Based on purpose, one may speak of the following five categories: In this categorization, the cookies to be aware of are especially the marketing cookies, that are the ones most frequently tracking, storing and using personal data.
- Strictly Necessary Cookies
- Preferences Cookies
- Statistics Cookies
- Marketing Cookies
- Other/Unknown Cookies
Based on duration, one may speak of session cookies and permanent cookies. Session cookies disappear once the user closes the browser window. All permanent cookies have an expiration date written in their code. According to the ePrivacy Directive, the cookie should last no longer than 12 months, but in practice, many cookies have a much longer duration. Ordinary cookies can easily be viewed and deleted by the user, as we will explain later on in this article.
- Session Cookies
- Permanent Cookies
Based on provenance, one may distinguish between first party cookies and third party cookies. Basically, first party cookies are set by the website itself, and third party cookies are set by others than the website itself. Third parties present on your website can eg. be analytics, social sharing and advertisers. Google is the most ubiquitous tracker on the internet, with a presence on 70 % of the top 1 million websites.
- First-party Cookies
- Third-party Cookies
The General Data Protection Regulation means strict rules for all cookies that track personal data.
Find out what cookies are in use on your website, where they come from and what they do.
In doubt about what cookies are in use on your website? Try our free cookie checker.
Implement a compliant cookie consent solution for your website. Check out Cookiebot, the most popular GDPR and ePR compliant solution for websites.
What cookies do I have on my computer?
On average, a website stores about 20 cookies on your computer.
All cookies have an expiration date. However, this date may be set far off into the future.
For example, Google AdWords permits for a cookie lifetime of 540 days.
So if you never block or manually delete cookies, you probably have hundreds of cookies stored on your computer.
This is not necessarily an issue: cookies take up very little space and work in the background.
You may check, edit and delete the cookies on your computer.
However, before checking the “delete all cookies” box, it is worth keeping in mind that you probably will have to re-enter all of your information on your next visit to the various websites.
And also, that new cookies will be installed all over again upon your next visit.
Cookies are stored in the various browsers, so the method for checking your cookies depends on which browser you are using.
Where are cookies stored?
Cookies are stored on the computer hard disk, more specifically in your web browser folder, such as Internet Explorer, Firefox, Safari, Chrome, etc.
The browsers on your computer don’t communicate with one another.
This means in practice, that if you browse for tickets for your next holiday in Safari, advertisements for hotels and car rentals won’t show up in Chrome.
To view and manage the cookies on your computer, you have to check separately for every browser in use on your computer.
View cookies in Chrome
To see the cookies stored in your chrome browser, type chrome://settings/content/cookies in the address bar.
Then, click “see all cookies and site data”.
Cookie checker Firefox
In your Firefox browser, write about:preferences#privacy in your address bar.
Click on “manage data” to see the cookies that are stored on your Firefox browser.
Wordpress cookie checker
How long does a cookie last?
Each cookie has a name and an expiration date.
When a website sends a cookie, it asks your browser to keep that particular cookie until a certain date and time, as written in the text file.
According to the recommendation of the ePrivacy Directive, cookies should be deleted every 12 months at least, but some are stored for a much longer duration. In Google Adwords, i.e., a cookie may last up to 540 days.
From a textual point of view, there is no limit to how long a cookie may be intended to last, and examples have been registered of cookies that were made to have a lifespan of +7000 years!
What information does a cookie store?
Being basically small files containing text, the content of a cookie is arbitrary.
Each application developer can choose to put any information they wish in a cookie.
That information can e.g. include your username and password, site preferences, or what you might have left in your shopping cart.
Cookies might hold a vast quantity of information on the user such as age group, gender, geographical location, language preferences, search history and the like.
Essentially, each cookie is a small lookup table containing pairs of (key, data) values - for example (firstname, John) (lastname, Smith).
Once the cookie has been read by the code on the server or client computer, data can be retrieved and used to customise the web page appropriately.
You can try and read the content of a cookie yourself by using the Notebook program on your PC.
How secure are cookies?
From a purely technical point of view, cookies do not represent any threat to your data or computer.
They are neither programs nor spyware.
They are small, passive text files, and can as such not of themselves do anything.
However, cookies hold sensible information, and they do enable third parties to keep track of your digital actions.
With the implementation of the new EU law on personal data, The General Data Protection Regulation (GDPR), it will become easier for the user to understand what information is being released, to whom, and for what purpose.
But for the time being, the transparency on how the information gathered from the cookies is being used and shared with third parties is, mildly put, limited.
Should I delete cookies?
Cookies operate in the background, so they're not likely to cause much obvious trouble.
However, there are some instances where you should delete them.
The stored data in cookies can sometimes conflict with the website they refer to, if the page has been updated, resulting in errors when you attempt to load the page again.
Also, since cookies are actually files on your hard drive, they do end up taking up some space on your computer.
Although each file is only a few KB in size, they can conceivably add up if left untouched for long enough.
Lastly, cookies are storing your user data and enabling for servers to track your activity.
To secure your privacy, it is thus a good idea to keep a critical eye on what cookies get stored on your computer.
Are computer cookies bad?
From a technical point of view, cookies are harmless.
They are simple text files that are stored passively, and cannot be used i.e. to view data on your hard disk or capture other information from your computer.
However, websites and search engines increasingly use them to track users as they browse the web, collecting highly personal information and often surreptitiously transferring that information to other websites without permission or warning.
Tracking data is also being used to give users and site owners more targeted information or to make recommendations on purchases, content, or services to users.
On the one hand, this is a feature many users appreciate.
For example, one of the most popular features of Amazon.com is the You-Might-Also-like section, which presents targeted recommendations for new merchandise based on your past viewing and purchase history.
At the same time, they can and do gather sensitive personal information and put it to use by e.g. displaying intrusive advertisements targeted to a highly segmented range of users.
What are cookies, cache and temporary Internet files?
A cookie is a text file created by a website and stored on your computer for future reference.
Cache on the other hand, is a copy of the files or images that you access on the internet.
Each time you access a file through your web browser (Internet Explorer, Firefox, Chrome, etc.), the browser caches (i.e., stores) it.
That way, it doesn't have to keep retrieving the same files or images from the remote web site each time you click Back or Forward.
In some browsers, the cache of the files is stored in Temporary Internet Files.
Temporary Internet files is a folder which serves as the browsers’ storage place to cache pages and other multimedia content from the websites.
You should periodically clear the cache to allow your browser to function more efficiently.
Summing up on Cookies and the Internet
All in all, cookies are one of several instruments in a general pattern, where the Internet is becoming more and more sophisticated as we speak.
This development holds the potential for constantly better browsing experiences.
At the same time, it becomes more and more difficult to understand what is actually going on behind the scenes.
Therefore, a high degree of critical consciousness amongst consumers is increasingly important, as well as an adequate and up to date legislation regarding personal data, data tracking and sharing of data.
The General Data Protection Regulation
European Commission’s FAQ
Comprehensive introduction to cookies
An article by The Guardian about how DoubleClick and other digital adservices work
An article on Lifewire about how to protect your user privacy on Google
An overview of types of cookies used by Google
A general description of cookies on Lifewire
An introduction to web tracking by The Guardian
A fun introduction to third-party cookies
YouTube video on cookies by The Guardian
Video on YouTube by The Economist about tracking