Cookies

Cookies are tiny text files placed on a user's device while browsing websites and are sent back to the server upon revisiting the same sites. They're primarily used in online marketing to gain insights into user behavior. With the introduction of the EU General Data Protection Regulation and the e-Privacy Regulation, many cookies now require explicit user consent. Some browsers have started blocking non-essential cookies by default, signaling a potential end to cookies in their traditional form.

What are cookies and why are they used?

Cookies are text files that a server transfers to a user’s device upon website access. These files come with an expiry date and a unique ID, usually a series of numbers for user identification. When the user revisits the website, the cookie is returned to the server. Cookies help in online purchases, store passwords, user preferences, and gather browsing behavior data. They range from session cookies deleted when the site is closed to marketing cookies that last for years.

What types of cookies are there?

The General Data Protection Regulation, in effect since May 2018, classifies cookies into two categories: essential and non-essential. Essential cookies are vital for website functionality, like processing purchases or storing user settings, and do not require user consent. Examples include session cookies and those set by payment services like PayPal or Visa.

• Essential cookies: Necessary for website operation, these cookies manage shopping carts, language settings, or login data and do not need explicit user consent.
• Non-essential cookies: Used for purposes beyond basic website function, these require explicit user consent. They include analytics and marketing cookies for tracking user interests and behavior. Examples are Google Analytics, social media, and video embedding cookies.

Cookies in the General Data Protection Regulation and the e-Privacy Regulation

While cookies help customize websites, they also enable the collection of extensive user data. Before the GDPR, users often didn't know about cookies on their devices, leading to massive data collection for marketing. The GDPR now mandates user consent for non-essential cookies, although the specifics of "legitimate interests" remain vague. The upcoming e-Privacy Regulation will focus on user location rather than website location, affecting how global companies comply with EU rules.

Will cookies soon become a thing of the past?

In the near future, cookies may become obsolete in online marketing due to stringent data protection laws and increased user awareness. Browsers like Safari and Firefox already block third-party cookies by default, making many cookies ineffective. Google plans to block third-party cookies in Chrome by 2022, which will necessitate changes to its advertising strategies, given its reliance on advertising revenue.