Updated April 1, 2020.
Cookies are regulated by both the European GDPR/ePR and the Californian CCPA, because they can be used to track personal data.
In this article, you can read how to do so, along with a general introduction to the different types of cookies on the internet.
They regulate the collection and processing of personal data of individuals inside the EU.
So does the California Consumer Privacy Act (CCPA) that regulates the collection, processing and selling of personal information of California residents.
Marketing cookies that track data falls under the category of personal data in the GDPR, as well as the definition of personal information in the CCPA.
Personal data in the GDPR is “any information that relates to an identified or identifiable living individual. Different pieces of information, which collected together can lead to the identification of a particular person, also constitute personal data”, states the European Commission.
Personal information is defined in the CCPA as “information that identifies, relates to, describes or is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household”.
Cookies track information such as IP-addresses, geolocation, actions and preferences and browsing history, that can build up impressive user profiles for targeted marketing etc.
Netflix' "The Great Hack" explains website tracking and its consequences in an easy-to-understand way.
Most modern websites set a great deal of cookies on their user’s browsers, and often, even the website owner does not have the full picture of the cookies in use on the site.
As owner of the website, however, you are responsible for all cookies set on your users’ browsers, whether you set them yourself or they are set by embedded content and tools etc. in use on your website.
To protect the privacy of your users, you need to be aware of not only what first party cookies are present on your domain, i.e. the cookies that your website uses, but also what third-party cookies and tracking are operating on your site.
A cookie checker will reveal these and empower you and your users to avoid data harvesting and abuse of personal information.
The free online cookie audit tool scans up to five pages of your website and sends you a compliance report on all of the cookies and online tracking in use on these pages. We need your mail address to send you the report, but we don’t store or use the mail address, unless you check the box that you wish to receive Cookiebot’s newsletter.
A non-compliant cookie consent banner.
A GDPR compliant cookie consent banner by Cookiebot.
You can't empower your users with prior consent, unless you perform cookie checks or website tracking audits that reveal the cookies and tracking present on your domain.
Check out Cookiebot, the most used GDPR and ePR compliant cookie solution for websites on the market. We check cookies and enables prior consent as required by the law.
To be compliant with the California Consumer Privacy Act (CCPA), your website must:
A CCPA compliant cookie declaration by Cookiebot.
Cookiebot enables compliance with both the GDPR/ePR and the CCPA through our highly customizable consent management platform.
Essentially, a cookie is a small file of text that is dropped on a user’s browser by a website, when the user visits the site.
The cookie serves to give the website a “memory”, enabling it to retain information such as...
All in all, cookies are an important and often indispensable means of presenting a smooth and responsive digital experience for the users.
The problem with cookies, however, is that they function out of sight (many don’t even really know what they are and what they do), and that they track personal data and can be used to create dauntingly rich and accurate user profiles.
What cookies does my website use, you might ask?
Well, there exists various types of cookies, and they can be grouped according to their purpose, their duration, and provenance.
Based on purpose, one may speak of the following five categories:
Based on duration, one may speak of session cookies and permanent cookies.
Session cookies disappear once the user closes the browser window. All permanent cookies have an expiration date written in their code. According to the ePrivacy Directive, the cookie should last no longer than 12 months, but in practice, many cookies have a much longer duration. Ordinary cookies can easily be viewed and deleted by the user, as we will explain later on in this article.
Based on provenance, one may distinguish between first party cookies and third-party cookies. Basically, first party cookies are set by the website itself, and third-party cookies are set by others than the website itself.
Third parties present on your website can eg. be analytics, social sharing and advertisers.
A cookie checker can audit your site, perform a scan (also known as a website tracking audit) and reveal all these third parties, whether analytics or marketing.
The GDPR and CCPA means strict rules for all cookies that track personal data.
Find out what cookies are in use on your website, where they come from and what they do.
In doubt about what cookies are in use on your website? Try our free cookie audit.
Implement a compliant cookie consent solution for your website.
Check out Cookiebot, the most popular GDPR and ePR compliant solution for websites. We check cookies and enable prior consent for your users.
On average, a website stores about 20 cookies on your computer.
All cookies have an expiration date. However, this date may be set far off into the future.
For example, Google Ads permits for a cookie lifetime of 540 days.
So if you never block or manually delete cookies, you probably have hundreds of cookies stored on your computer.
This is not necessarily an issue: cookies take up very little space and work in the background.
You may check, edit and delete the cookies on your computer.
However, before checking the “delete all cookies” box, it is worth keeping in mind that you probably will have to re-enter all of your information on your next visit to the various websites.
And also, that new cookies will be installed all over again upon your next visit.
Cookies are stored in the various browsers, so the method for checking your cookies depends on which browser you are using.
Cookies are stored on the computer hard disk, more specifically in your web browser folder, such as Internet Explorer, Firefox, Safari, Chrome, etc.
The browsers on your computer don’t communicate with one another.
This means, at least in theory, that if you browse for tickets for your next holiday in Safari, advertisements for hotels and car rentals won’t show up in Chrome.
However, with the tracking of IP addresses and device data, and the ubiquitousness of the largest trackers such as Google and Facebook, it is likely that targeted advertisement will find you anyways.
To view and manage the cookies on your computer, you have to check separately for every browser in use on your computer.
To see the cookies stored in your chrome browser, type chrome://settings/content/cookies in the address bar.
Then, click “see all cookies and site data”.
In your Firefox browser, write about:preferences#privacy in your address bar.
Click on “manage data” to see the cookies that are stored on your Firefox browser.
The free checker scans up to five pages of your website, and finds all of the cookies and other known tracking technologies in use on these pages.
Sign up to Cookiebot for full scans of all of the pages of your website.
Each cookie has a name and an expiration date.
When a website sends a cookie, it asks your browser to keep that particular cookie until a certain date and time, as written in the text file.
According to the recommendation of the ePrivacy Directive, cookies should be deleted every 12 months at least, but some are stored for a much longer duration. In Google Ads, i.e., a cookie may last up to 540 days.
From a textual point of view, there is no limit to how long a cookie may be intended to last, and examples have been registered of cookies that were made to have a lifespan of +7000 years!
Being basically small files containing text, the content of a cookie is arbitrary.
Each application developer can choose to put any information they wish in a cookie.
That information can e.g. include your username and password, site preferences, or what you might have left in your shopping cart.
Cookies might hold a vast quantity of information on the user such as age group, gender, geographical location, language preferences, search history and the like.
Essentially, each cookie is a small lookup table containing pairs of (key, data) values - for example (firstname, John) (lastname, Smith).
Once the cookie has been read by the code on the server or client computer, data can be retrieved and used to customise the web page appropriately.
You can try and read the content of a cookie yourself by using the Notebook program on your PC.
From a purely technical point of view, cookies do not represent any threat to your data or computer.
They are neither programs nor spyware.
They are small, passive text files, and can as such not of themselves do anything.
However, cookies hold sensible information, and they do enable third parties to keep track of your digital actions.
The GDPR and CCPA has made it easier for the user to understand what information is being released, to whom, and for what purpose.
But for the time being, the transparency on how the information gathered from the cookies is being used and shared with third parties is, mildly put, limited.
Cookies operate in the background, so they're not likely to cause much obvious trouble.
However, there are some instances where you should delete them.
The stored data in cookies can sometimes conflict with the website they refer to, if the page has been updated, resulting in errors when you attempt to load the page again.
Also, since cookies are actually files on your hard drive, they do end up taking up some space on your computer.
Although each file is only a few KB in size, they can conceivably add up if left untouched for long enough.
Lastly, cookies are storing your user data and enabling for servers to track your activity.
To secure your privacy, it is thus a good idea to keep a critical eye on what cookies get stored on your computer.
From a technical point of view, cookies are harmless.
They are simple text files that are stored passively, and cannot be used i.e. to view data on your hard disk or capture other information from your computer.
However, websites and search engines increasingly use them to track users as they browse the web, collecting highly personal information and often surreptitiously transferring that information to other websites without permission or warning.
Tracking data is also being used to give users and site owners more targeted information or to make recommendations on purchases, content, or services to users.
On the one hand, this is a feature many users appreciate.
For example, one of the most popular features of Amazon.com is the You-Might-Also-like section, which presents targeted recommendations for new merchandise based on your past viewing and purchase history.
At the same time, they can and do gather sensitive personal information and put it to use by e.g. displaying intrusive advertisements targeted to a highly segmented range of users.
A cookie is a text file created by a website and stored on your computer for future reference.
Cache on the other hand, is a copy of the files or images that you access on the internet.
Each time you access a file through your web browser (Internet Explorer, Firefox, Chrome, etc.), the browser caches (i.e., stores) it.
That way, it doesn't have to keep retrieving the same files or images from the remote web site each time you click Back or Forward.
In some browsers, the cache of the files is stored in Temporary Internet Files.
Temporary Internet files is a folder which serves as the browsers’ storage place to cache pages and other multimedia content from the websites.
You should periodically clear the cache to allow your browser to function more efficiently.
All in all, cookies are one of several instruments in a general pattern, where the Internet is becoming more and more sophisticated as we speak.
This development holds the potential for constantly better browsing experiences.
At the same time, it becomes more and more difficult to understand what is actually going on behind the scenes.
Therefore, a high degree of critical consciousness amongst consumers is increasingly important, as well as an adequate and up to date legislation regarding personal data, data tracking and sharing of data.
To check the cookies and tracking of any website, scan with Cookiebot's cookie checker for free today.
Website cookies are small text files that among other things help your website remember users and their preferences upon repeated visits. Most cookies on your website will be either preference cookies, statistics cookies or marketing cookies, all with different purposes. Most cookies will also come from third parties, like Google, Facebook or other tech companies, when you implement social media plugins or analytics tools on your website.
Most cookies are set on a user’s browser, when they visit your website. Some cookies – especially third-party cookies – will assign unique identifiers to the individual user so that your website is able to recognize them upon repeated visits, including information about their preferences, settings and behavior.
Yes, most cookies process personal data of some kind from website users. Personal data is defined under the GDPR as anything that can directly or indirectly identify a living individual, like names, addresses, location data, information about health, genetics, biometrics, appearance, political convictions, religious beliefs and so on. Personal data also includes IP addresses, search and browser history.
You can use a consent management platform that can scan and detect all cookies and similar tracking technology in operation on your website. Cookiebot performs deep-scans on your website with our free GDPR compliance test and will find all cookies and trackers present.