What are cookies?

Web­site cookies, also known as HTTP cookies or tracking cookies, are small data files that web servers save on your device when you visit a web page. The web server sends one or more cookies to the browser, to collect statistics on visitors or customize user experience, among other things. Cookies can identify visitors and save their preferences on the web­site. The saved data may be related to previous searches, products placed in a shopping cart, and other consumer behavior online.

Web­sites are nowadays required to ask for user consent when using cookies. This has resulted in, at times intrusive, cookie consent boxes that appear on the screen upon entering a web­site. These have made people more aware and even suspicious of cookies. But how do cookies actually work and are they always a bad thing?

How do cookies work?

Cookies are sent between the web server and your browser. Upon entering a web­site, your browser sends a cookie saved on your device to a web server. The server reads the cookie’s ID and is able to customize the page based on the cookie. This way a web­site is able to remember, for example, your language, currency and login details.

Without the customization of cookies, you would have to log in to a web page each time you close and reopen a page. You may also have noticed that some pages save your products in the shopping cart even if you leave the page. This function is also made possible by cookies.

Your browser stores cookies in a special file on your device. The cookies are stored for a predetermined period of time that varies depending on the supplier, type of cookies, and the cookie’s purpose. The three main purposes of cookies are:

1. Personal customization. Cookies can be used to customize advertisements and make your experience on a web­site more personalized. Although you and your friend access the same web­site, your advertisements may still look different. If you have just checked out winter jackets online, you might get ads about them, while your friend gets ads about plane tickets to London.
2. Tracking. Some online shops recommend new products to you based on other products you have looked at. This is made possible by cookies. Services often use tracking cookies to anonymously record online activity. However, online tracking is not always harmless and can be used by online criminals to obtain confidential information.
3. Handling and saving information. Thanks to cookies, web­sites can recognize users and their login details. For example, an online newspaper may ask you to fill in what kind of content you are interested in. If you choose politics and domestic news as your points of interest, you will be shown these articles first.

How do I manage cookies?

Although cookies can be difficult to avoid, they are, in most cases, an optional part of the online user experience. And although people are often suspicious of them, cookies are not always a bad thing. In fact, they are often necessary for web­sites to work as we want them to. Still, you can, and in some cases should, limit which cookies are used both on your computer and on your mobile devices.

Allowing cookies can make using the internet more convenient for example with saved login credentials and user preferences. You can usually change how cookies are used in the privacy settings of the web­site, browser or your device. By ticking boxes like Allow cookies or Allow local data you give permission to use cookies.

You can reduce the risk of identity theft and tracking, among other things, by rejecting or deleting cookies. However, web­sites can become more difficult to use because you have to enter data every time you enter the site, instead of the web­site remembering your preferences and information. Preventing cookies is usually done in your browser’s settings under tools, internet options or advanced settings. You can also customize which cookies are allowed or give permission to only necessary cookies. Deleting cookies will not protect you from all of today’s online threats, but it is a good start to take ownership of your data.

Are web­site cookies dangerous?

Cookies them­selves are not dangerous and do not infect your device with viruses or malware. However, cookies may pose a risk to your privacy if online criminals can access your private browsing history. The information can be used for spying, unwanted advertising, harassment, and identity theft.

In addition, there is some malware that is capable of disguising itself as a cookie. These so-called supercookies are hard to delete and can collect all sorts of information about users and their behavior online.

The problem with cookies also lies in the fact that you cannot always control how data about you is collected or who gets access to it. Many users do not want their behavior or preferences to be tracked online.

First-party vs. third-party cookies

We can divide web­site cookies into two categories based on where they are created.

• First-party cookies. These cookies are created immediately on the web page you visit. By using trusted web­sites, these cookies are generally safe and can make using the internet more convenient. More or less all web­sites use first-party cookies.
• Third-party cookies. Also known as tracking cookies, third-party cookies are created by an external web­site, not the one you are browsing. They are used by advertisers and social media platforms to track you even after you have moved to another web­site. Therefore, third-party cookies are more intrusive and pose a bigger threat to your online privacy and personal information.

Cookies and legislation

In recent years, many users have noticed the some­times intrusive boxes that appear on web­sites upon entering. Most often users disregard them and just click Agree to get rid of the box. However, these so-called cookie consent or cookie policy boxes are the result of legislation. For European consumers and all companies that process data of European citizens, there are two important pieces of legislation that have an effect on how cookies are used on web­sites. These are the ePrivacy Directive (ePR) and General Data Protection Regulation (GDPR).

ePrivacy Directive (ePR)

The ePrivacy Directive (some­times referred to as the cookie law) requires that web­sites get the user’s informed consent for using cookies on the site. The user must be informed how the web­site collects cookies and there has to be the opportunity for the user to deny the use of cookies. Cookies that are necessary for using the web­site make an exception and consent for using them is not needed by the user.

General Data Protection Regulation (GDPR)

A regulation that consumers are more likely familiar with is the General Data Protection Regulation or GDPR. Introduced in May of 2018, the GDPR imposes many obligations for web­sites in case they want to collect their users’ personal information and use cookies. The law was passed by the EU but affects every­one collecting information about people in the EU. Organizations that fail to meet the regulations imposed by GDPR will have to pay hefty fines. Thanks to GDPR, individuals within the EU have more rights regarding the safe collection, handling and storage of their personal data. Under the GDPR, cookies are counted as personal data that users should have control over. Therefore, web­sites need to ask for users’ consent in order to collect their information and use cookies.

A VPN protects your privacy online

The biggest problem with cookies is their impact on users’ privacy. The increase in online tracking may pose a risk to consumers’ private information. A VPN that encrypts your data and makes browsing private can help to strengthen your online protection. Although a VPN cannot prevent web­sites from using cookies if you allow them, it is a great way to prevent tracking and protect your online privacy.