That’s the way the cookie crumbles
As online visitors, we all deal with cookies at least once. However, the majority of people struggle to explain what a cookie is and why it is important.
- keep track of your movements within the site
- help you resume where you left off
- remember your registered login, certain preferences, and other customization functions
- show you different content when you visit a certain site
You have to accept cookies before a site can implement them. Thus, a cookie is a record of your behaviour on a given site, which you have to allow. Once you accept a cookie and have allowed tracking, a small text file is downloaded and stored on your PC. You can find your cookies in the browser directory or program subfolder on your computer. The website in question stores a corresponding file to the one they set in your browser. In this file, they can track and keep information on your movements within the site and any information you may have voluntarily given while visiting the website, such as email address or post code/location.
What about ‘third-party cookies’?
There is no intrinsic difference between a first-party and a third-party cookie. If a cookie is associated with (a file requested from) the same domain as the page you are viewing, it’s a first-party cookie. A cookie associated with (a file requested from) a different domain is a third-party cookie. You will not see any difference between these two when you check your directory. They are just cookies! The distinction only exists at runtime, within the context of a particular visit.
Thus, first-party cookies are associated with the site domain you are on directly and third-party cookies are associated with other domains. Funny thing is, the same cookie can be a first-party cookie one moment and a third-party cookie the next. Here is a simple example. When you visit linkedin.com, your browser sets several cookies associated with the *.linkedin.com* domain name. So when you stay on LinkedIn, these are first-party cookies. If you then visit adobe.com, Adobe requests files from linkedin.com and those requests include the same *.linkedin.com* cookies, which are now third-party cookies.
Cookies and privacy
By now you may or may not be concerned about your privacy, but don’t worry. Because a cookie contains little information, it usually cannot be used to reveal your identity or personality identifying information. All the login and profile information you provide the site owners with, you leave voluntarily, often for a mutually beneficial relationship great way to think of a cookie is as if it were a key. A key is of no value on its own, but in combination with a right lock (browser/site), it can be useful.
There are times you see an ad follow you from one site to another. A third-party cookie is responsible here. Remember: not all third-party cookie activity is part of a ‘web stalking’. Once a cookie is set, the receiving site has no say about when the cookies are sent. So just because a cookie is pinned to a request doesn’t mean the receiving server is tracking your activity. In other cases, tracking your activity across different sites is what the third-party cookies are for.
Cookie legislation in the EU
- data subject consent
- data anonymization
- breach notification
- trans-border data transfers
- appointment of data protection officers
The refreshed ePrivacy regulation should take effect on 25 May next year (2018). Read the official full text of the regulation draft.
Clearing or deleting cookies
Finally, you can of course change how cookies are stored on your machine by clicking on the ‘Tools’ menu in your internet browser. You can even go one step further and remove your existing cookies. Clearing your browser’s cache and cookies means that website settings (like usernames and passwords) will be deleted and some sites might appear to be a little slower because all of the images have to be loaded again. When you delete cookies through your browser’s settings, the browser removes this information – either one cookie at a time, all cookies for a particular site or all cookies on your browser.
Note: If you don’t allow sites to save cookies, most sites that require you to sign in won’t work.