Do you struggle to understand what browser cookies are and what they mean for you, as a user or website owner? Then read further. In a series of blogs devoted to the topic, I attempt to shed light on the changes in the policies surrounding cookie use and techniques for (re)marketing with the use of cookies. In this first blog more about what cookies are.

That’s the way the cookie crumbles

As online visitors, we all deal with cookies at least once. However, the majority of people struggle to explain what a cookie is and why it is important. In fact, cookies, also known as browser cookies, are small text files created when you use your browser to visit a website. Not all websites make use of cookies. Websites that do, use cookies to:
  • keep track of your movements within the site
  • help you resume where you left off
  • remember your registered login, certain preferences, and other customization functions
  • show you different content when you visit a certain site
You have to accept cookies before a site can implement them. Thus, a cookie is a record of your behaviour on a given site, which you have to allow. Once you accept a cookie and have allowed tracking, a small text file is downloaded and stored on your PC. You can find your cookies in the browser directory or program subfolder on your computer. The website in question stores a corresponding file to the one they set in your browser. In this file, they can track and keep information on your movements within the site and any information you may have voluntarily given while visiting the website, such as email address or postcode/location.

What about ‘third-party cookies’?

There is no intrinsic difference between a first-party and a third-party cookie. If a cookie is associated with (a file requested from) the same domain as the page you are viewing, it’s a first-party cookie. A cookie associated with (a file requested from) a different domain is a third-party cookie. You will not see any difference between these two when you check your directory. They are just cookies! The distinction only exists at runtime, within the context of a particular visit. Thus, first-party cookies are associated with the site domain you are on directly and third-party cookies are associated with other domains. Funny thing is, the same cookie can be a first-party cookie one moment and a third-party cookie the next. Here is a simple example. When you visit linkedin.com, your browser sets several cookies associated with the *.linkedin.com* domain name. So when you stay on LinkedIn, these are first-party cookies. If you then visit adobe.com, Adobe requests files from linkedin.com and those requests include the same *.linkedin.com* cookies, which are now third-party cookies.

Cookies and privacy

By now you may or may not be concerned about your privacy, but don’t worry. Because a cookie contains little information, it usually cannot be used to reveal your identity or personality identifying information. All the login and profile information you provide the site owners with, you leave voluntarily, often for a mutually beneficial relationship great way to think of a cookie is as if it were a key. A key is of no value on its own, but in combination with a right lock (browser/site), it can be useful. There are times you see an ad follow you from one site to another. A third-party cookie is responsible here. Remember: not all third-party cookie activity is part of a ‘web stalking’. Once a cookie is set, the receiving site has no say about when the cookies are sent. So just because a cookie is pinned to a request doesn’t mean the receiving server is tracking your activity. In other cases, tracking your activity across different sites is what the third-party cookies are for. Sites will continue to use cookies and the information they store in order to make your online browsing an easier, more enjoyable experience. Cookies are nothing to be scared of, even if the new prompts seeking your consent might seem a little off-putting for the cautious internet user.

Cookie legislation in the EU

All online users are subject to cookie use – either as individuals or as businesses. Legislation in place stresses the importance of data safety, where individuals’ interests and safety are put in the basis. Up until a certain point, it has been up to individual users to block or allow cookies. However, since the end of May 2012, an EU law requires all sites that use cookies to seek users’ express permission to store and retrieve data about their browsing habits. Most sites will now draw your attention to their cookie policy when you first visit the home page. Don’t be put off by this. You were probably sharing details with the site before, without even knowing it. In many cases, you can click to say you understand the cookie policy, but in many instances, you can simply ignore the announcement and continue browsing as normal. (In no way do we, however, suggest to skip the terms and conditions! Please, be careful with sharing your personal info and accepting policies from untrustworthy sites.) The European Commission is working on new legislation surrounding the use of cookies (mainly first party cookies). General Data Protection Regulation (GDPR) – that is what it is called – requires companies handling EU citizens’ data to implement serious changes in the areas of:
  • data subject consent
  • data anonymization
  • breach notification
  • trans-border data transfers
  • appointment of data protection officers
The refreshed ePrivacy regulation should take effect on 25 May next year (2018). Read the official full text of the regulation draft.

Clearing or deleting cookies

Finally, you can, of course, change how cookies are stored on your machine by clicking on the ‘Tools’ menu in your internet browser. You can even go one step further and remove your existing cookies. Clearing your browser’s cache and cookies means that website settings (like usernames and passwords) will be deleted and some sites might appear to be a little slower because all of the images have to be loaded again. When you delete cookies through your browser’s settings, the browser removes this information – either one cookie at a time, all cookies for a particular site or all cookies on your browser. Note: If you don’t allow sites to save cookies, most sites that require you to sign in won’t work.