What Are Cookies? - Not The Edible Type!
What are the laws concerning Cookies?
Now we are not talking about the biscuit varieties in choc chunk chip or smartie cookies! What we are talking about are pieces of technology which remember information as a user navigates between web pages. A cookie can mean that your web browser can remember you are logged in or notify you that you have visited a site before and even remember personal preferences.
The simplest way to view them is that they are a small text file stored within a user’s browser. It contains no code, just data and so popular to contrary believe cookies cannot contain virus, spyware or other malicious items. Not all are harmless but all they can do is store information about a user on a specific website.
There are a number of different types of cookies:
Session Cookies, this will expire when the user closes their browser or after a certain period of time has elapsed.
Persistent Cookies, this will expire after a fixed date for example after one year. When the user closes their browser they are not cleared like the session cookies. A common use for this is on pages like Facebook where you have the option to “keep me logged in”. Cleverly though they can be used in order to track you, Google use persistent cookies to try and learn what you search for, what websites you visit and thus they can target appropriate advertisements directly at you.
First Party Cookies, these are a little bit more restrictive in that they only apply to the same domain as the website you are viewing. If you visited https://www.brickweb.co.uk then this type of cookie would only be read by pages which were inside https://www.brickweb.co.uk. For instance when you come back to Brickweb it may say something like “Welcome Back Joe Bloggs” but this will not appear on other websites.
Third Party Cookies, these come from another domain and not the one in which the user is viewing. For instance say the user visited Brickweb, a third party cookie is recognised between sites which are all interlinked. However, Brickweb would not be able to see the cookies which were set by the interlinked sites. These are mostly used for tracking users; Facebook again is a prime example. The Facebook “Like” button only works because they allow the tracking between websites.
In general browsers tend to provide a user with security controls for cookies which allow users to either block all cookies, allow specific cookies or to block third party cookies. Official standards for cookies RFC 2109 and RFC 2965 say that by default browsers should block third party cookies.
From May 2011 a new privacy law came into effect across the EU. This meant that websites would have to request permission from a visitor in order to use cookies. The new law is intended to help protect people’s privacy. If you search for web design on Google they could use cookies to remember this; later in the day you could be on Google and they will target Ads at you which were related to web design. This isn’t bad but if you think about how many searches you carry out long term then that is a lot of information collected and thus Google could end up knowing quite a lot about you.
Most EU websites will now need to change or else they are breaking the law. Way over 92% of websites use cookies at the moment so either they need to ask permission in the form of a notification, interrupting visitors stating something like “do we have permission to use cookies or to store cookies on your system” where users will have to opt in or they stop using them.
All cookies which are not strictly necessary must have permission granted by a user. For items such as remembering that an item has been added to a shopping basket this is strictly necessary and these are allowed. They are needed by the user in order to carry out an action which they have explicitly requested to be carried out.