Read on to learn about the different types of computer cookies and how they affect your operations as a business owner.
1. What Are Cookies on Websites?
Cookies are tiny trackers that connect users and websites. They function like a combination of an online ID card and a digital Post-it Note, helping the website remember the user’s choices and activities.
Internet Cookies Definition
Internet cookies are small text files that a website downloads to a user’s device in order to track their behavior on the website, and to remember their preferences.
Cookies play a role in almost everything people do on the internet — from remembering user login information and online shopping cart items, to helping companies create targeted ads.
Why Are Cookies Called Cookies?
The name “cookie” has its origins in early computer terms, when “magic cookie” was used to describe a small piece of data passed between programs. The name is still used in today’s computer lingo, but now you’ll most commonly see a cookie referred to as an HTTP cookie, web cookie, browser cookie, and internet cookie.
Are Computer Cookies Bad?
Cookies aren’t harmful — they don’t download computer viruses or read email addresses. However, cookies still pose security threats to users because they collect personal data about browsing habits. Such information is vulnerable to data breaches and theft.
Because tracking cookies are used for targeted advertising, users often have security concerns about them. Despite their privacy concerns, the cookie data that web servers collect is vital to creating the smooth online experience that people expect.
Users can manage cookies (and delete cookie files) by opening their web browser (such as Chrome, Firefox, or Safari) and finding where cookies are stored. For example, cookie storage can be enabled/disabled in Internet Explorer by clicking “tools,” then “internet options” and selecting the privacy tab.
Some cookie files may be difficult to delete, such as “Zombie cookies,” which recreate themselves after deletion by using a separate Flash cookie. These must be disabled in Flash Player’s settings.
2. How Do Cookies Work?
When a user visits a website, a cookie is downloaded in their web browser (such as Google Chrome) and stored as a plain text file. Each browser stores cookies in slightly different places. When the user returns to the site, their web browser reads the file and shares the information with the domain.
There are two different types of internet cookies. Session cookies only collect details from single browsing sessions, while persistent cookies remain on the user’s device and collect login information over time.
What Do Cookies Do?
Cookies serve a wide range of functions for businesses, but most fall under the following five categories:
Essential cookies are a site’s basic form of memory, used to store the settings selected by a user on a given site. As the name implies, they are essential to a website’s functionality and cannot be disabled by users. For example, an essential cookie may be used to prevent visitors from having to log in each time they access a new webpage in the same session.
Performance and Functionality Cookies
These cookies are used to enhance the performance and functionality of a website, but are not essential to its use. However, without these cookies, certain functions (like videos) may become unavailable.
Web Analytics and Customization Cookies
Analytics and customization cookies track user activity in their browsers, so that website owners can better understand how their site is being accessed and used.
Advertising cookies are used to customize a user’s ad experience on a website based on their browsing history. Using the data collected from these cookies, websites and advertising companies can prevent the same ad from appearing again and again, remember user ad preferences, and tailor which ads appear in browsers based on a user’s online activities.
Social Networking Cookies
Social networking tracking cookies allow users to share content on social media platforms, and help link activity between a website and third-party sharing platforms.
The personal information that cookies collect, plus the fact that they do pose a security risk, has created a need for cookie laws and regulations. If your website deploys cookies, there are several legal requirements you need to know if you want to stay out of trouble with the law.
3. Computer Cookie Laws Explained
Laws are cropping up around the world in order to mitigate the risks associated with cookies and data protection.
While cookie regulation is still relatively new territory, the following laws are breaking ground on providing notification and consent rights to users over the cookies they encounter online:
The General Data Protection Regulation (GDPR) and Cookies
The GDPR aims to give users greater rights over their data through stringent notification and consent guidelines. Under this law, users need to be informed of the existence of cookies on a website and then give valid GDPR cookie consent to their deployment. If consent is not given, the site in question cannot lawfully collect information from that user using cookies.
However, there are some exceptions. Essential cookies, performance cookies, and functionality cookies are often used on the basis of GDPR legitimate interest or for the fulfillment of a contract. Therefore, user consent isn’t necessarily mandated for these cookies to be lawfully deployed.
When it comes to the relationship between cookie use and the GDPR, it’s important to remember that data collected through cookies is considered personal information — and is therefore subject to all personal data collection guidelines of the GDPR.
The EU Cookie Law
The EU Cookie Law (or EU Cookie Directive) is an adaptation of the EU ePrivacy Directive — a cornerstone legislation that governs digital privacy throughout the European Economic Area (EEA) in conjunction with the GDPR.
As is the case with the GDPR, the law not only applies to all businesses operating within member states of the EEA, but any business with users in the EEA — regardless of the company’s physical location.
The Cookie Law comes down to one main premise — obtain user consent to cookies.
United States (US) Cookie Laws
In the United States, while there is no one all-encompassing federal cookie law, there are several internet privacy rules that apply to corporate cookie usage, including:
- The Computer Fraud and Abuse Act of 1984
- The Americans with Disabilities Act
- The Children’s Internet Protection Act of 2001 (updated 2013)
- The Children’s Online Privacy Protection Act (COPPA)
Furthermore, the California Consumer Privacy Act (CCPA) also applies to cookie usage, as the act serves to safeguard the personal data of internet users in a similar manner as the GDPR.
4. Managing Cookies on Your Website
As cookie laws and their specific stipulations differ from place to place, it’s important to look into exactly which rules and regulations apply to your business, and navigate them accordingly.
Although the laws governing cookie usage are complex, the aim of almost all cookie legislation is essentially the same. Therefore, implementing a few simple measures can help you comply with the majority of cookie law requirements, and adhere to cookie use best practices.
How to Stay on the Right Side of Cookie Data Laws
1. Audit and Classify Your Cookies
Many websites run more tracking cookies than they realize. If you’re not sure exactly what cookies are on your site, it’s impossible to describe your cookie practices to users. Not only should you make an effort to discover which cookies you use, but you should then classify those cookies by their purpose (for example, the six categories mentioned above).
Organizing your cookies by the purposes they serve is essential to completing the following two steps.
2. Disclose Your Cookie Practices to Users
Make this policy easily available by linking it in your website’s footer and in the next step of your compliance plan — your cookie consent banner.
3. Get Consent Before Deploying Cookies
There are three elements of a legally valid cookie consent:
- The option for users to set their cookie preferences
- The ability to revoke consent at any time
These requirements can be easily accomplished through a cookie consent banner.
Furthermore, your banner should include a link that directs users to learn more about your cookie use and set their preferred cookie settings. If people choose not to consent to the use of all cookies, they should be able to give consent to specific categories of cookies.
4. Check for Cookie Consent Exemptions
According to the overseeing EU advisory body, businesses don’t need to get user consent to the deployment of all cookies under the Cookie Law. In fact, cookies that are used for the following purposes are exempt from the ePrivacy consent requirements:
- Used only for sending data over a network
- Essential for an information society service (e.g., most websites and apps) to deliver a service explicitly requested by the user.
The advisory body further outlines some common cookies that fall under these two exemptions:
- User‑input cookies (session-id): User-input cookies are used to keep track of items that the user, themselves, input into your website. For example, a cookie that remembers the items in a customer’s shopping cart, or the answers to an online form, are user-input cookies.
- Authentication cookies: These tracking cookies work by identifying a user through their login credentials. When a website visitor enters their user ID and password (including when using a password manager), these cookies will confirm that user’s identity and “remember” their account information.
- User‑centric security cookies: They detect authentication errors and abuses, such as incorrect login details. When a visitor enters incorrect login credentials, these cookies detect that and keep track of how many incorrect entries are made.
- Multimedia content player cookies: Content player cookies enable audio or video play. Say a user is scrolling through your site and encounters an auto-play video file. Multimedia player cookies allow that video to play.
- Load‑balancing cookies: These cookies serve perhaps the most basic cookie function, in that they connect information between the user’s web server and your web server.
- User‑interface customization cookies: These cookies store user-experience preferences. For example, if a user has selected a preferred language.
- Third‑party social plugin content‑sharing cookies: These tracking cookies are applicable to users logged into a social media platform at the same time as their visit to your site. If a user clicks a “Share on Facebook” button on one of your blog posts, these cookies connect that post with the user’s logged-in Facebook account.
All of these exempt cookies are only meant to serve their purpose over the course of the user’s session on your website. If they follow your users around the web, collecting information that isn’t necessary for website–user interactions, they are no longer exempt from ePrivacy consent requirements.
5. Key Takeaways
Now that we have explained what an internet cookie is in full, let’s review the main points.
Cookies are one of the most complex yet valuable tools for operating an online business — they’re used for everything from analytics to remembering shopping cart items. Cookies are not harmful, but the information they collect about people’s browsing habits is considered personal data.
The global call for greater user privacy rights and digital transparency has paved the way for emerging data laws that now target cookie use. Complying with legislation like the GDPR and the EU Cookie Law can be difficult business — but not complying can be financially damaging.
If you want a simple solution to cookie law compliance, check out our state-of-the-art cookie consent manager.