The GDPR impacts any business that engages with individuals or other businesses located within those boundaries.
You’ve seen alerts about them pop up around the web, but what exactly are cookies and how do they affect online privacy?
Cookies are small text files that get stored on a user’s device each time they visit a website or app. They collect information such as website activity, browser settings and login credentials to support features like targeted ads, shopping carts, and auto-filling web forms.
Regulators in the European Union acknowledge concerns about unwanted tracking and advertising, as well as the risk that such personal data could be shared or sold to third parties without user consent.
To address these concerns, the EU cookie law was created: ordering all websites that operate in the EU to disclose the usage of cookies and get informed consent from visitors before collecting any information.
Essential cookies, which enable core website features like shopping carts and user accounts.
Performance cookies, which track usage trends and user behaviour.
Functionality cookies, typically used for customising a user’s website experience.
Targeting/advertising cookies, used to determine what promotional content to show the user.
Depending on how these cookies are implemented on a given site, they may collect a range of identifying and non-identifying information about you.
Sometimes they last only as long as the time you spend using the site, and are deleted once you close your browser window (these are known as session cookies or temporary cookies). Sometimes they remain on your device to give you a more consistent experience between visits (these are known as permanent cookies or persistent cookies).
You may have heard the terms “first-party” and “third-party” used in conjunction with cookies. They refer to whether the cookie stored on your device is coming from the website you’re visiting (first-party) or from someone else (third-party).
The idea of having some mysterious company “watching” you may seem insidious, but by and large, third-party cookies aren’t as sinister as they sound. Typically, third-party cookies serve a legitimate purpose, employed by websites using third-party platforms to enable useful functions — eg. Google Analytics for usage tracking, Doubleclick for targeted advertising, and Facebook Like buttons on blog posts and news articles.
Yet, while you might be happy for a website to offer you a customised user experience on their own platform, you might not want that website’s advertising partner to track your experience across other platforms as well. But their third-party cookie could facilitate exactly that.
So, to give people more control over their privacy, regulations exist stating that users must be given the option to opt-out of third-party cookies.
While current cookie laws in the EU and US may not apply to your business’ location, it’s considered good practice to disclose any cookies your website or app may use. As people become more concerned about protecting their privacy, the more transparency you can offer, the better.