What is a cookie?

All websites use cookies. Cookies are great for improving your website’s functionality. They are great for collecting insights for your analytics. Or for retargeting so you can spend your marketing budget in a smart way. But there are different types of cookies, and specific rules for how they can be used. This article walks you through what cookies are and whether they may pose a risk to your compliance.

What are cookies?

Cookies are small text files that your website stores in your visitor’s browser. These files typically contain information about your visitor’s preferred language settings or location, but can store a wide range of information including personally identifiable information. The information is passed between the browser and the webserver which makes it possible for the website to recognize your visitor’s settings when they return to your site.

There are several types of cookies. Their classification depends on their expiration, who sets them, and their function. It is vital for your website to correctly identify the cookies being used and to list them together with their purpose and duration in your cookie policy.

A consent management platform helps you manage cookies and the user consents collected on your domain, ensuring your website is always updated and respects the relevant cookie regulations.

What are cookies used for?

Cookies basically perform two actions: they improve your visitor’s experience of your website and they track your user’s behavior on your site. They are designed to contain specific information about your user’s visit on your site. For example, if you have a web shop and your user puts items in the shopping cart, a cookie will remember that item as the user continues to browse. Or, your user may prefer another language variation on your site – a cookie will store that information. When the visitor returns to your site, your website reads the information in the cookies and remembers the preferences.

However, cookies are also designed to track users’ on your website and across the web. A lot of companies which provide your website with software solutions (analytics, widgets, add-ons, CRM’s) set cookies through your site. These cookies are most often used not only for your benefit, but also for creating user profiles for marketing purposes. This tracking may be an intrusion of your visitors’ privacy and is subject to data protection regulations such as the ePrivacy Directive, GDPR, and CCPA.

What types of cookies are there?

There are two main types of cookies: session cookies and persistent cookies.

Session cookies are stored in temporary memory and are deleted when the user ends the “session” in the browser. This type of cookie keeps track of your user’s visit on your site and prevents your site from asking for the same information multiple times – like login information.

Persistent cookies are stored on your user’s device (phone, tablet, computer). These cookies remain on the device until they reach their expiration date. Whenever your visitor returns to your site, the browser sends the information stored in the cookies to your site. These cookies can identify users which you can use for your analytics and CRM systems to track visitors, leads, customers. For this reason, they are sometimes also called tracking cookies.

What information do cookies track?

Cookies may store any number of information specific to your visitor. Some information provides you with data for your business. Other types of information are categorized as personal data. Here’s an overview:

User specific

User activity and behavior

Who places cookies on your user's device?

Basically, cookies are placed either by your own website (first-party cookies) or by services implemented on your site (third-party cookies).

What are first party cookies?

First-party cookies are typically used to perform basic functionalities such as keeping your user logged in to your site or remember their shopping cart items.

What are third-party cookies?

Third-party cookies are set by other companies through your website. They typically provide you with data for analytics or ads. Most of these are used to collect your users’ personal data to create profiles and audiences for marketing purposes.

Examples of third-party services:

How to check cookies used by your website?

Right click on the website and press Inspect > > Application > Storage > Cookies in order to get a list of the cookies being placed on the specific browser. Doing so in Incognito will give you accurate results, as the picture won’t be influenced by previous consent choices. This is also a good way of checking whether your website places any unnecessary cookies before user consent is given / rejected.

If you want to find out whether your website is cookie compliant or whether you’re setting any cookies before consent, get a free compliance check here.

Do cookies pose a privacy risk?

Cookies contain information about the user’s visit to your website. Some of that information may be categorized as personal information e.g. IP-address, identifiers, geo-location. But cookies cannot be used to hack information from users’ computers or carry malicious software.

Companies use tracking cookies to create extremely detailed user profiles used for marketing purposes i.e. to target ads to specific user profiles. To accomplish that, many websites use third-party services like for example the Facebook share button which allows Facebook to track user activity across the internet where other share buttons are implemented.

With this data, Facebook and other ad networks can targeted advertisement to the users based on website visits, preferences, and a lot of other metrics. Therefore the use of cookies and the data they collect and process is heavily regulated.

You can explore more about global data protection regulations and privacy frameworks here.

Are third-party cookies being phased out?

Yes, third-party cookies are indeed being phased out, with significant steps being taken by major browser vendors – most recently by Google Chrome. Google announced its plan to phase out third-party cookies in Chrome, starting the process in January 2024. Initially, this change will affect 1% of Chrome users globally, approximately 30 million people, before expanding to all users by the end of 2024.

This move is part of a larger trend among browser vendors responding to increasing concerns about user privacy and data protection. Other browsers like Mozilla Firefox and Apple’s Safari have already implemented stronger third-party cookie restrictions.

Despite these developments, the end of third-party cookies does not eliminate the need for user consent in tracking. Other tracking technologies still exist, and data protection laws like the GDPR require explicit consent for any form of user tracking and data collection. Google has also made consent a pivotal aspect of using its services, with the introduction of Google Consent Mode v2 and stricter requirements for consent management platforms in compliance with data privacy laws.

If you’re looking for a consent management platform that collects user consents and is compatible with Consent Mode v2, try Cookie Information’s cookie banner – compatible with your CMS of choice and free to try for 30 days.