What is a cookie?
A cookie is a text file that stores data collected from a web browser while you are browsing a website. Inherently, cookies are useful for storing user data and remembering user preference based on each individual cookie session. However, sometimes cookies become illegal if commercial sites don’t offer users to consent cookie tracking. This is largely illegal in Europe, because the regulators, citizens and habitual residents in Europe are all very big on GDPR data collection compliance. This why no matter which jurisdiction you are is based in, GDPR compliance is critical to your business operations. And now we’ll talk about different types of cookies and how they work.
Types of Cookies
There are four different types of cookies.
- Session cookies are temporary and expires once you close your browser or the session ends.
- Persistent cookies includes all cookies that remain in the hard drive until you erase them from the browser or the browser itself does automatically. All persistent cookies have expiration dates embedded inside the code. Dates can be customized.
- First-party cookies – this is put on your device directly for the website you are visiting
- Third-party cookies – they are cookies placed on your device, not by the website you are visiting, but by an advertiser or analytics
Why cookies are necessary?
Strictly Necessary Cookies
Cookies are essential records for your web browsing activities. It provides convenience for your browser session and website to remember your preferences such as accessing secure areas of your site. Cookies allow an online store to hold your items in cart while you are shopping online. They are one kind of first-party cookies that are not required to ask for user consent. Because they are strictly necessary; inherently they do what they do to provide important features to users.
Preference cookies are known as functionality cookies that allows a website to remember choices made in the past. For example, language preference, region for your McDonald discount offers, autofill your name and email address in a webform, or remember your login credentials for automatic login.
Statistic cookies are known as performance cookies that collects information about how you use a website, for instance, pages you have browsed and links you have clicked on. This statistics collected is anonymous. They are aggregated for analytics use, so the site owners can use this site analytics to further improve their site functionalities.
These cookies can track your activity to help advertisers deliver more relevant ads or to limit the number of times you see an ad. Marketing cookies can share to organizations and advertisers. They are persistent cookies and are of third party provenance.
When people talk about privacy risks related to cookies, they are talking about third-party marketing cookies. These cookies contain significant information about your location, online browsing activities, and preferences. This is why we don’t want our data to be leaked to third parties without explicit consent. In Europe, data protection and sovereignty is taken seriously. Any organization that markets their products and services to the European Union must be responsible to explain to users how their information is collected and where they are disclosed.
Cookies in GDPR
According to the GDPR law, cookies are used as identifier for users.
Natural persons may be associated with online identifiers provided by their devices, applications, tools and protocols, such as internet protocol addresses, cookie identifiers or other identifiers such as radio frequency identification tags. This may leave traces which, in particular when combined with unique identifiers and other information received by the servers, may be used to create profiles of the natural persons and identify them.
Companies have the right to process users’ data as long as user have given explicit consent; or companies have legitimate interests. For example, the procession of the data takes place for direct marketing purposes, to prevent fraud, or to ensure network and information security of your IT system.
How to make your site GDPR compliant?
There are many plugin options to ensure your website is GDPR complaint. One example is Cookiebot. It’s a plugin that automatically detects all cookies and similar trackers on your sites and blocks them until your users have provided consent. Cookiebot also allows you to create a cookie banner to ask for user’s consent.
Other than installing a plugin, a company site should also include a GDPR data protection compliance page stating how they are compliant with the regulation standards, and the purpose of data collection. Similar to a legal disclosure, but it can be written informally to address concerns that users may have in regards to data collection, and data usage.