Cookies – Not the Ones You Eat!
by Abbey Boggs
The all too familiar choices of “Accept All” or “Reject All” “Dismiss” or “OK” or “Cookie Settings” pop up on device screens around the world.
What are cookies? And what exactly are we accepting or rejecting when we visit a website?
Cookies are small data files downloaded onto a device and stored on a user’s hard drive when browsing a website. They transfer information a user has disclosed to a website to the server. Web servers use cookies to save browsing information and preferences, among other things.
For example, many people enjoy the benefits of cookies through auto-fill features (e.g., log-in credentials or completing forms), or remembering purchase history and user preferences. Cookies may also benefit consumers by storing credit card information for easier check-out processes.
There are different types of cookies. The website sets first-party cookies the user is visiting. Essential cookies, such as session cookies and authentication cookies, enable core functionality of a website and streamline the user experience. For example, cookies keep track of shopping carts in online stores, allowing users to find their selections in their cart for a smooth online shopping experience.
Non-essential cookies require user consent. Examples of non-essential cookies include analytics and advertising cookies. Analytics cookies collect information to improve the website based on user activity. Advertising cookies collect data to customize user ad experiences. Third-party cookies are set by parties not directly visited by the user (e.g., the specific website the user is browsing), such as advertisers and ad tech companies. These third parties can use cookies to monitor browsing habits and target users with custom ads-- think ads that pop up on social media accounts relevant to your interests.
PRIVACY PREFERENCES & THE LAW
Data privacy concerns due to the use of personal information are more prevalent as cookies have been more widely used. Privacy information that is collected includes: unique user IDs, browsing history, links users click on, how often a user visits a website, geolocation, shopping, and content preferences. Some privacy laws that have been developed to address cookies and data privacy include the General Data Protection Regulation (GDPR) and the California Consumer Protection Act (CPPA).
The California Consumer Privacy Act (CCPA) is a data privacy law in the United States that applies to for-profit entities doing business in California that collect California consumers’ personal data. Therefore, if a business uses any personal data from CA residents, and meets other applicability criteria, it is subject to CPPA. While the CCPA does not require websites to include conspicuous cookie banners, there must be a way for users to “opt-out” of cookies that sell personal information. Therefore, websites are required to (1) indicate that cookies are being used on the website; (2) disclose what data is being collected/the site or third parties are using cookies; (3) provide information on why cookies are used; and (4) inform users on how they can opt-out. It is important to note that there are some exceptions for cookie consent if a cookie is considered essential for the website’s function and security.
Cookie consent may also be required per the GDPR, if the US-based website provides products and services to EU residents and collects their personal data in the form of cookies.
If you’ve been on a website, you’ve likely encountered a “Cookie Consent” or “Privacy Preferences” pop-up before you can continue onto the site. These pop-ups are meant to provide clear information about how websites use cookies, and they must allow users the opportunity to consent. Essential cookies will be set on your browser, regardless of your privacy preference. Rejecting cookies may disable third-party cookies. Accepting the website’s privacy disclaimer may mean you allow relevant marketing, advertising, and analytical cookies from the owner and third parties. Users should evaluate the advantages and disadvantages of accepting or rejecting cookies on a website and how to protect their data should they choose to do so.