Updated July 13, 2020.
Cookies are small text files that are dropped on a user’s browser by a website when they visit the site.
Many cookies, marketing cookies especially, notoriously track data about users, such as their IP addresses and their browsing activity.
These along with analytics cookies can be called tracking cookies, because... well, they track you.
In this article, we'll enlighten you on just what is a tracking cookie; what the relationship between the GDPR and tracking cookies is and how to be compliant and stop tracking cookies.
Become compliant with Cookiebot consent management platform (CMP).
Tracking cookies are cookies, i.e. text files dropped on browsers, that are able to record data about the user of that specific browser, such as his or her actions on a site, browsing activity, purchases and preferences, IP address and geographical location, and the like.
Usually, this information is used for targeted marketing, to direct and display advertisements as precisely as possible to relevant segments of the internet users, that is, potential customers.
With the General Data Protection Regulation (GDPR), tracking cookies may only be set once the user has given their consent to it. This means that tracking cookies are not allowed to operate, collect and process user data without the affirmative consent of the user.
Cookies tracking personal information from users is a serious problem in our times. You may think that your website doesn't harbor any tracking cookies, but it's entirely possible that many third party cookies and other tracking hides within and behind your domain, going in and out through analytics schemes or social media functions and bringing your users private information with them.
Unfortunately, "potential customers" are also regarded as "persuadables" by entities like Cambridge Analytica - nudge and herded in illegal mass behavioral modification schemes.
For information on web user tracking without cookies, check out our article on website tracking.
In doubt whether your website is GDPR compliant? Test with the free Cookiebot CMP compliance test.
Try Cookiebot CMP free for 30 days... or forever if you have a small website.
Almost all websites drop cookies of first and third party provenance on users’ browsers. Some are necessary for the website to function properly, some serve statistics purposes, most track users for marketing purposes.
Basically, the cookie serves as a “memory”, enabling the website to recognize users from visit to visit.
When an internet user loads a website, the website checks if it has set cookies on this specific browser before. If this is the case, the browser can read the cookie, which can hold information on the user’s language preferences, location, currency, password entries, previous browsing activity, interests, etc.
Tracking cookies are neither good or bad.
They are simply small text files, that in and of themselves don’t do anything.
Tracking cookies are silently dropped on the user’s computer, but they can’t do any damage there and they hardly take up any space.
It’s what you do with cookies that determine their moral or ethical qualities, not the technology itself.
On the one hand, cookies are a central element for creating seamless, intuitive and user-friendly internet experiences.
On the other, cookies are a key feature for tracking users and getting a deep insight into who they are and what they do, and as the great privacy scandals of 2016/2018 has taught us: with this insight comes tremendous, disruptive powers.
The latter potential has been deemed privacy intrusive by the EU General Data Protection Regulation.
Especially because users have had no true possibility to opt-out of this monitoring and no insight into what has been going on in the background, while they are browsing the internet.
Who is watching them, and why?
As the name indicates, cross site cookie tracking is a way of tracking that detects and follows users on their journey across different websites.
This is possible because of third party cookies.
Whereas first party cookies are set by the website itself, and are therefore isolated to the specific website, third party cookies are set by external parties that have a presence on a website.
As a rule of thumb, it is the third party cookies that are the tracking cookies.
For example, Facebook, LinkedIn and Twitter 'share' and 'like' buttons are present on the vast majority of websites, and they enable these organizations to track users around the web - even users that don’t have accounts on their social media platforms!
Google Analytics is by far the most used analytics tool for websites, and is used on almost 70% of the top 1 million websites in the world, enabling Google to have an incomparable level of insight into the users of the internet.
Read about the Cookiebot CMP scanning technology and how it can reveal all hidden tracking on your website.
This means that all owners of websites that set tracking cookies and have visitors from the EU countries, must have a proper solution in place for managing consents on their websites.
The consent must be obtained prior to the setting of the cookies, must be recorded and safely stored as documentation that the consent has been given, and must be revocable.
Furthermore, the consent must be given on the basis of clear and specific information on the cookies in use on the site and of their purpose.
For a full walk-through of the requirements for the use of tracking cookies on websites check out our article GDPR and cookies.
A study from Princeton University on user tracking on the internet found that tracking cookies in large measure stems from few and ubiquitous trackers.
Google, Facebook, and Twitter are the only third-party entities present on more than 10% of the top 1 million sites of the internet.
Most website owners don’t even themselves have a complete overview of the cookies that are set from their site.
Does your website harbor tracking cookies, and if so, are you taking care not to have them collect data on your users before they have consented to you doing so?
Using Cookiebot CMP can inform you clearly about this, as well as it can make your website 100% compliant with the GDPR.
Our cookie tracking software scans your website and finds all tracking cookies and other tracking present and operating on your website, then it blocks all and only allows them to activate when your users consents to them.
This is done through our highly customizable cookie consent banner, which enables users to choose exactly which tracking cookies they are want activated on their devices.
Actually, tracking cookies are easy to remove!
As they are set on the browser, you will need to delete the cookies on each of the browsers you use, e.g. Safari, Chrome, Firefox, Internet Explorer or whichever browser you use.
Or... you can use a tool such as CCleaner, that clears cookies, tracking and logs from your hard drive and all of your applications in one go.
However, bear in mind that the individual websites will set cookies on your browser all over again upon your next visit to the site.
Clearing tracking cookies, cache and browsing history does unfortunately not guarantee you a fresh start...
In many cases, the tracking cookie is a small and simple text file, that refers to a larger log on the website’s server.
If the website is able to recognize you, for example by means of a supercookie or canvas fingerprinting, the new cookie will then often be assigned to the same log and continue the tracking where the old one stopped.
As mentioned already, cookies take up very little space on your computer.
They are not malware or programs that can actually do anything on your computer.
You can get by just fine without ever deleting the cookies on your computer.
However, if you are concerned about protecting your privacy at all, you should clean out the cookies occasionally.
In the digital realm, the monitoring of users can be as intrusive as it is imperceptible.
Types of infringements that one would never accept in the physical world, have long been commonplace on the internet.
Think of it.
You wouldn’t let complete strangers go through your private letters and drawers without even asking for your permission or even presenting themselves and their motives first.
And you would certainly find it very disturbing, if they started shadowing you down the street and noticing and recording what you looked at or bought on your way.
However, that is, in practice, what has been going on, when users have been moving around on the internet.
User data is extremely valuable, and can be used for many things from owning markets to mobilizing masses.
You should be aware, however, of the fact that when you do clear your browsing history, cookies and cache, it will upset the fluent and smooth user experience of browsing:
Find out what tracking cookies your website is setting by using our scanning technology for free scan.
Our free audit scans up to five subpages of a website and sends a free report on all of the cookies and other tracking technologies in use on these pages.
Yes, there exists different software that you can add on to your preferred browser for disabling tracking cookies.
These are good solutions if they detect all cookies and tracking.
However, adblockers tend to cripple the user experience by "brutally" blocking cookies.
Read this useful comparison of the two made by the web hosting company Webxen.
Also, most browsers allow you to set your preferences as to what cookies you want to accept in the settings section.
When a user visits a website, cookies will be set on their browser and process personal data such as IP addresses, unique IDs, search and browser history. This makes your website able to remember the individual user when they return to your website, but also makes other websites and ad tech companies able to track users across the Internet.
Cookies are neither legal nor illegal, they are just a piece of technology. But using tracking cookies that process personal data from users without first asking for and obtaining their explicit consent is illegal under the GDPR.
If you use social media plugins, analytics tools or marketing software on your website, third-party cookies will be in operation on your website. All cookies that are not strictly necessary for the basic function of your website must be deactivated until users give their consent to their activation.
Using a consent management platform that can deep-scan your website, detect all cookies and trackers and automatically control them so that users can give their proper consent before their activation can make GDPR compliance very easy for you.