All about cookies

When on the internet you cannot fail to have come across cookie consent forms asking whether you want to accept or decline cookies but what exactly are cookies? In this blog post I write about cookies, why they are important and what you need to know about them to ensure you stay safe and compliant online.

What are cookies

Cookies are files containing pieces of data which enable websites to give you a better experience when you visit them, for example remembering your usernames or passwords. It is believed the word cookie is derived from fortune cookies which Chinese restaurants give to diners as a small treat along with their bill.

Website cookies are designed to enable web browsers to track, personalise and save information. When you visit a website, the website gives your browser a cookie to store in a cookie file that is placed on your computer and the next time you visit that website, the browser returns the cookie to identify you, allowing the website to load a personalised experience.

Cookies typically contain data that includes a unique identifier and a website name. They may also include personally identifiable information such as your name, address, email, or telephone number if you have provided that information to a website. A simple example of cookies at work is when you open up a website and your username and password have already been completed for you. Another example is when you shop online and find items that you added to your basket on a previous visit are still there when you return or when a website remembers a previous order and allows you to re-order simply by clicking a ‘re-order’ link.

Why do websites use cookies

The main purpose of website cookies is to make the internet experience easier for users. Without cookies you would have to login every time you leave a website or refill your shopping basket if you accidentally closed a website window. Other things cookies can do when you visit a website include:

• setting your chosen language preference
• authenticating your identity
• creating targeted advertisements and tracking how you interact with these
• making personalised content recommendations
• tracking items you view in an online store and suggesting other items you might like
• counting the number of people looking at a website, the number of times an individual visited a page and how much time they spent on it.

Are computer cookies safe

First party cookies

In general it is safe to accept what are known as first party cookies from a website you trust — they do not contain any identifiable information and are mostly used to improve your experience when online.

Third party cookies

Third party cookies are generated and placed on a user’s computer by a different website for example if you were to play an embedded YouTube video that appeared on a website, YouTube will set cookies on your computer to track your preferences and suggest similar videos when you next visit YouTube. These cookies cannot discover who you are personally but they will know a lot about your interests and what you do based on web searches and browsing history which is valuable information to advertisers.

Cookies cannot be used to download malicious software but third party cookies can be a gateway to your private information with some being used by cybercriminals to track you without your consent and cookie poisoning (impersonating authentic cookies) could lead to falsifying an authentic user’s identity or to perform malicious actions on a website, while cookie scraping is when a hacker copies code from a cookie and uses it to log in to the relevant website while pretending to be you. However third party cookies have no direct impact on your browsing experience, so you can decline them if you value your privacy — a website will still load properly and remember your preferences without using them.

Does my website use cookies

Does your website use:

• WordPress, or any other blog or content management system
• Google Analytics, or any similar website analytics program
• Google AdSense and/or AdWords
• Facebook, Twitter, Google+ or other social media “like” buttons or plugins
• A shopping basket.

All of the above use cookies.

If you want to check if your website uses cookies, the easiest way is to use one of the free cookie checkers which can be found online.

Do I need a cookie policy on my website

UK data protection law requires websites to have a cookie policy if cookies are used to collect user data. Your cookie policy may be a standalone document but it could also form part of your privacy policy, which details all the ways your business may collect, process and store data from users both online and offline. 

A website cookies policy is important because it advises:

• how your website collects, processes and shares personal data
• how users can change or withdraw cookie consent
• what a users’ rights or options are and how they can exercise them
• your compliance with data protection law, aiding transparency and helping users understand their rights and options.

Cookie banners or pop-ups are not currently a legal requirement but they are a user friendly way to notify users and obtain consent. Cookie consent tools that can be added to your website can be found online.

The right to privacy

Although cookies are a useful tool to create a personalised internet experience, not all people are comfortable with the way cookies track them and raise concerns about how cookie data gets used and sold without the user’s knowledge of it even getting collected. Web developers get a lot out of this setup also, as when cookies are stored on your computer they free up storage space on website servers meaning organisations save money on server maintenance and storage costs.

Recently you may have noticed more and more website pop-ups appearing on websites asking whether you accept cookies. This is due to the EU’s General Data Protection Regulation (GDPR) and the Privacy and Electronic Communications Regulations 2003 (PECR) which require websites to ask for permission and provide you with information on how they use cookies. Organisations now have to provide clear and comprehensive information about the way they use cookies and ensure that if a cookie is not strictly necessary for their website, they give you an appropriate means of consenting to that cookie being set on your device.

Where organisations ignore the law, they can expect to face the consequences. In the UK the Information Commissioner’s Office (ICO) is responsible for enforcing rules about cookies and have started writing to UK organisations, warning that they face enforcement action if they do not make changes to advertising cookies to comply with data protection law. They also ask that people who have concerns about cookies report their complaints, so they can learn how organisations are complying with cookie law.

Controlling cookies

If you are not prompted to accept or decline cookies when you visit a website, you can also use your web browser to keep them under control by:

• allowing all cookies
• deleting all cookies
• blocking all cookies
• blocking third party cookies
• clearing all cookies when you close the browser
• opening a private browsing/incognito session, which allows you to browse the web without recording your browsing history or storing local data such as cookies.

Cookie safety

Computer cookies are a crucial part of the internet and it cannot run efficiently without them but it is best to remain vigilant and clean up your cookies often to keep your online data safe, as not all cookies are necessary or desirable. So, next time you are on a website and a cookie pop-up appears asking if you accept cookies, don’t just click accept, slow down, read it and take a moment to see what you are agreeing to.

Further information and sources

• All About Cookies: What are internet cookies and how are they used?
• Comparitech: The best cookie consent tools for 2024
• Cookiebot: How to create an effective cookie policy for your website
• Cookieyes: Third-party cookies – what are they and how do they work
• Cookie Law Info: Does my website use cookies?
• Eurostat: Are you managing cookies
• History: The surprising origins of the fortune cookie
• ICO: Cookies
• ICO: Guidance on the use of cookies and similar technologies
• ICO: ICO warns organisations to proactively make advertising cookies compliant after positive response to November call to action
• ICO: Report cookie concerns
• ICO: Transparency (cookies and privacy notices)
• InLife: Why are internet cookies called cookies
• Kapersky: What are cookies?
  

Where to find information about controlling cookies

• Chrome
• Firefox
• Microsoft Edge
• Opera
• Internet Explorer
• Safari mobile devices and Safari desktops
  

© Humblebee Secretarial and Administration Support. All Rights Reserved.