Understanding Cookies

A cookie is a very small text file. While visiting internet sites, each message is stored in a small file called cookie.txt by your browser. This cookie is sent back to the server by your browser when you request another page from the server. These files contain information about your visit to the web page including any information you’ve volunteered, such as your name and interests.

When cookies first started to appear, there was controversy. Some people regarded them as extremely sneaky using your PC to store your personal information without warning you, which can then be used for building your browsing behavior while others recognized it as improving the personalization of your user experience.

There are three primary types of cookies.

Session/Transient?Cookies are temporary cookies. A transient cookie stores information about your current session on your hard drive but is only stored in temporary memory that is erased when the browser is closed.

Transient cookies are used to track the pages visited by a user so that the customized information can be suggested to the user in some way. Some sites use Secure Sockets Layer (SSL) to encrypt the information contained in a cookie. Session cookies are the least likely to raise privacy concerns, and many of them fall into that “strictly necessary” category.

Permanent/Persistent?Cookies, also called stored cookies, are placed on your device’s hard drive and not deleted when your browser is closed.

Persistent Cookies remember preferences, settings, information, or sign-in credentials previously saved by the user. This helps create an efficient and faster website experience.

Permanent cookies generally store information for an indefinite amount of time, so they are very useful in creating a customized user experience or analyzing the behavior of an existing visitor. These cookies raise a heavy privacy concern.

Browser independent?cookies act like permanent cookies that aren’t stored on your browser. Instead, they are stored in their respective program files which makes it a bit trickier to delete.

The browser-independent cookies on your computer are used by third-party applications resident on the different websites to track your movement.

These cookies know what all social networks you use and how often. You are followed by third-party marketing companies on the internet by accessing these cookies.

These cookies are considered a valuable tool since they can be used to back up traditional cookie data. And hence even if a cookie file is deleted by the user, your website can still recognize them and provide the same custom experience by retrieving their information from the Flash cookie. You need to disclose in your privacy notice if you are utilizing browser independent cookies on your site.

Cookie Consent is a term used for the user’s consent received for letting a website activate its cookies.

Consent is a required legal basis under Article 6 of EU GDPR for websites to have in order to be able to collect, process or share the personal data of individuals inside the EU. This requirement is fulfilled through the cookie consent banner. A Cookie consent banner basically is a cookie warning that pops up on websites when a user first visits the site. This website banner is a declaration about the cookies present on a website and gives the users a choice of prior consent before their data is handled.

CCPA requires you to disclose details on how you use cookies and why. Most importantly, you have to give visitors the opportunity to provide, withdraw or refuse consent.

Cookie consent is obtained when the user visits your site for the first time. You don’t need to obtain it upon return visits as once consent is obtained, it is to be assumed that the user consents to those same cookies each time they return.

You don’t even require consent if you change any cookies provided you have already explained the cookies collection purpose on your website unless any significant change has been made to the way cookie information is being used. In that case, you will need to prompt users for consent once again.