If you’ve ever wondered how websites remember your login details, or how items in your online shopping cart stay there while you shop, it’s not magic. It’s actually all down to tiny strands of data called cookies.
There are many types of cookies, including cookies that:
- Save your password(s) so you don’t need to remember them whenever you visit websites
- Remember what sites you’ve visited in the past so you can view your browser history
- Keep track of your shopping cart as you browse an online store
- Show you targeted ads based on your browsing behavior
- Verify user login details
Remember – you have the right to control what data you share with retailers, companies, and other third parties, and what cookies they install in your browser. Some pieces of legislation, like the EU’s ePrivacy Directive, give you very specific rights over personal data sharing through cookies – more on all this below.
Table of contents
- Advantages to Cookies
- Disadvantages of Cookies
- An Introduction to Cookies
- What the Law Says About Cookies
For now, let’s turn to something simple. Where did we get the idea for cookies from, and what’s their main job? It actually hasn’t changed much since they were invented back in 1994. The inventor, Lou Montulli, created cookies to solve two problems:
- The difficulty in tracking whether users visited websites more than once, and
- The lack of technology that made it impossible to launch ecommerce stores
Some cookies are absolutely necessary. For example, if you’re shopping online, you couldn’t purchase anything unless you could save items in your virtual cart. You’d lose the item as soon as you moved to the “checkout” page. So, in some cases, cookies are essential to a website’s functionality.
If the website won’t work without certain cookies, the owner should make this clear. Sports apparel retailer, Gymshark, explains that the shopping cart won’t work unless you accept certain cookies:
Secondly, cookies, for the most part, can’t and don’t transfer malware or other malicious programs onto your device. It’s typically safe to accept cookies, but there are times when you might want to reject them – we’ll look at this later.
With all that in mind, what are the advantages and disadvantages of using cookies, and why should you care about them? Let’s briefly take a look.
Advantages to Cookies
There are a number of advantages to using cookies, but here are a few that stand out:
- They remember your preferences, so you’ll only typically see ads that are relevant to you
- They save your passwords and usernames so there’s no need for you to remember these details when you log onto different websites
- Once you know where to find them, they’re easy to delete and control – more on that below
- Cookies remember your browsing behavior, so you’ll often see search results that are most relevant to you when you’re using Google or other search engines.
What, though, are the disadvantages?
Disadvantages to Cookies
Just like there are advantages to accepting cookies, there are also a few drawbacks. The main ones you should be aware of are:
- It’s sometimes possible for third parties to access information stored by cookies, which raises obvious privacy concerns
- You may feel like someone is watching you as you’re browsing the internet, which understandably makes some feel uncomfortable
- If you don’t know where to look, it can be difficult to find cookies and delete them
- Some viruses may be disguised as cookies, and in other cases, cookies recreate themselves after they’ve been deleted – these are colloquially known as “zombie” cookies
What’s important is that you understand how cookies actually work and how you can take control of your internet privacy. Without getting too technical, let’s be clear on what cookies are, what types of cookies are out there, and how each type of cookie gathers various bits of information about you, your computer, and your browsing history.
An Introduction to Cookies
Let’s get back to basics. Cookies, in their simplest form, are little clusters of data. A web server passes these data clusters through to your computer after you’ve landed on a website. Your computer then stores the data as files inside your browser cache. It’s less complicated than it sounds, so to illustrate, here’s how it works:
- You visit a website
- The web server passes a short message along to your web browser
- The browser saves this message in a file titled something like “cookie.txt”
- You click on another website page (for example, a shop category)
- Your browser sends a short message “back” to the server that reveals a little more about what you’re looking at
If you click off this box and browse the website, it’ll install cookies on your browser, and your browser sends a message back about what you’re on looking at – for example, cold remedies.
If you’re still a little confused, think of this whole process like a text message exchange between two parties – the server, and your browser.
Now we’re clear on how cookies end up in your device, let’s talk about what types of cookies you’ll encounter and what they’re used for.
Types of Cookies
Broadly, there are six major types of internet cookies out there:
- Session cookies
- Persistent cookies
- Third-party cookies
- First-party cookies
- Marketing cookies
- Performance and analytical cookies
Let’s look at each type of cookie in turn and see what they’re used for.
Session cookies are temporary. They literally only last for a “session.” Once you close the browser window, or leave the website, the cookie disappears. Unlike other cookies, session cookies are never stored on your computer. Session cookies allow you to:
- Use your shopping cart on ecommerce websites
- Browse websites without constantly re-entering the same information
Persistent cookies are a little different. These cookies do stay on your computer once you’ve closed the browser. They’re designed to remember your preferences for a specific period of time, whether it’s your login details, your shopping wishlist, or your recently viewed items.
Gymshark describes persistent cookies as temporary but beneficial because they help make the shopping experience easier:
These cookies are slowly going out of fashion, but you should still know about them. They allow third parties to check how well their ads are performing on other websites. Basically, if you click on an ad for a product from Company A while you’re browsing Company B’s website, you’ll get a cookie on your computer from Company A.
Since these cookies raise potential privacy concerns, they’re far less popular than before, and platforms like Google are cracking down on them.
First-party cookies shouldn’t be confused with third-party cookies. These cookies improve the overall functionality of a website and they’re set by the website owner. Unlike session cookies which disappear right after your session, these cookies stay on your device so it’s easier for you to use the website the next time around.
Here’s how a fitness retailer, Fitness Superstore, describes these functionality cookies. You’ll note that these cookies are strictly confined to the one website i.e. they can’t track your browser behavior or which other websites you visit:
Marketing cookies are similar to third-party cookies, but they’re less invasive. They’re primarily used to show you ads that are relevant to you which improves your experience while you’re browsing the internet.
Performance and Analytical Cookies
These cookies help a company assess their website’s overall performance and usability. In other words, they can track:
- How long people spend on the website
- Whether people find the information they’re looking for
- If people are ignoring certain parts of the website, or if there’s unusually high activity in other parts
Arnold Clark sums this up nicely. As the company notes, these cookies are all about improving how the website actually works so it’s easier for future customers to navigate:
So, now we’re clear on what cookies do, you probably have another question: Do you have to accept all these cookies, even if you don’t want to? The answer is no. Here’s why.
What the Law Says About Cookies
The principles here are, thankfully, quite straightforward. Thanks to international privacy laws including the EU’s General Data Protection Regulations (GDPR) and the ePrivacy Directive, websites must do two things before they can install cookies in your browser or device:
- Tell you about the cookies they use
- Get your consent to using these cookies
Why do they need to get your consent? It comes down to the type of information that cookies can gather. Cookies can collect what’s known as “personal data” or “personal information.” Personal data is, broadly speaking, any information that can be used to identify you or your household. Examples include:
- IP address
- Email address
- Financial details
- Login details
Global privacy laws allow consumers to:
- Restrict who has access to personal information
- Revoke consent to a company holding your personal data at any time
- Refuse to accept marketing and other unnecessary cookies that collect personally identifiable information
- Why they’re using cookies
- Specifically what type of information they plan on collecting
- How they use the data, and who they share it with
- How to revoke consent
- How to delete cookies
The only exception to the rule of consent is if the cookie is “strictly necessary” for the website’s functionality – for example, session cookies. If you don’t want to accept strictly necessary cookies, that’s fine, of course, but you won’t be able to use that website.
How Websites Obtain Consent
So, if websites need your consent to using cookies, how do they get it? Most often they use Cookie Notices, or popups.
If you decide to delete cookies stored on your device or browser, here’s what to do.
For websites to work properly, they rely on cookies. Cookies are small files containing computer code that can sometimes identify you, your preferences, and your browsing behavior.
The only exception is when a cookie is strictly necessary i.e. if it’s the only way to keep products in your shopping cart. This type of information isn’t strictly personal because it can’t technically identify you.
You can delete cookies at any time by clicking through the menu options in your browser, and you can always contact retailers or websites individually to ask them to delete your personal information.
Put simply, you’re always in control of what happens to your personal data and who has access to it. Only consent to marketing and analytics cookies if you’re comfortable sharing this type of information, and remember, you’re free to change your mind at any time.