What is a cookie?
All websites use cookies.
Cookies are great for improving your website’s functionality. They are great for collecting insights for your analytics.
Or for retargeting so you can spend your marketing budget in a smart way.
But there are rules for your use of cookies.
Here we go through what cookies are and if they pose a risk to your GDPR compliance.
You can always try Cookie Information’s Consent Management Platform and get a cookie banner that complies with all international privacy laws >>>
What are cookies?
Cookies are small text files stored in your visitor’s browser by your website.
These files typically contain information about your visitor’s preferred language settings or location, but can store a wide range of information including personal identifiable information.
The information is passed between the browser and the webserver which makes it possible for the website to recognize your visitor’s settings when they return to your site.
There are several types of cookies. Their classification depends on their expiration, who sets them, and their function. Let’s take a closer look at what a cookie is.
If you are unsure whether your website is GDPR compliant, get a free compliance check here!
We will go through:
What are cookies used for?
Cookies basically perform two actions: they improve your visitor’s experience of your website and they track your user’s behavior on your site.
They are designed to contain specific information about your user’s visit on your site.
For example, if you have a web shop and your user puts items in the shopping cart, a cookie will remember that item as the user continues to browse. Or, your user may prefer another language variation on your site – a cookie will store that information.
When the visitor returns to your site, your website reads the information in the cookies and remembers the preferences.
However, cookies are also designed to track users’ on your website and across the web.
A lot of companies which provide your website with software solutions (analytics, widgets, add-ons, CRM’s) set cookies through your site.
These cookies are most often used not only for your benefit, but also for creating user profiles for marketing purposes.
This tracking may be an intrusion of your visitors’ privacy and is subject to data protection regulations such as the ePrivacy Directive, GDPR, and CCPA.
What types of cookies are there?
There are two main types of cookies: Session cookies and persistent cookies.
Session cookies are stored in temporary memory and are deleted when the user ends the “session” in the browser.
This type of cookie keeps track of your user’s visit on your site and prevents your site from asking for the same information multiple times – like login information.
Persistent cookies are stored on your user’s device (phone, tablet, computer). These cookies remain on the device until they reach their expiration date. Whenever your visitor returns to your site, the browser sends the information stored in the cookies to your site.
These cookies can identify users which you can use for your analytics and CRM systems to track visitors, leads, customers.
For this reason, they are sometimes also called tracking cookies.
What information do cookies track?
Cookies may store any number of information specific to your visitor. Some information provides you with data for your business. Other types of information are categorized as personal data. Here’s an overview:
User specific
- Online identifiers and IDs (user IDs, device IDs, marketing IDs etc.)
- IP addressess
- Login information and passwords
- Operating system, browser, language settings etc.
User activity and behavior
- Page views
- Purchase information (shopping cart items)
- Website referrals (channel, social media, search engine, campaign)
- Time stamps
- Privacy settings such as cookie preferences
Who places cookies on your user's device?
Basically, cookies are placed either by your own website (first-party cookies) or by services implemented on your site (third-party cookies).
First-party cookies are typically used to perform basic functionalities such as keeping your user logged in to your site or remember their shopping cart items.
Third-party cookies are set by other companies through your website. They typically provide you with data for analytics or ads. Most of these are used to collect your users’ personal data to create profiles and audiences for marketing purposes.
Examples of third-party services:
- Google Analytics
- Facebook Pixel/like buttons
- YouTube (video embeddings)
- Widgets from your CMS
- Advertising networks/partners
Do cookies pose a privacy risk?
Cookies contain information about the user’s visit to your website. Some of that information may be categorized as personal information e.g. IP-address, identifiers, geo-location.
But cookies cannot be used to hack information from users’ computers or carry malicious software.
Companies use tracking cookies to create extremely detailed user profiles used for marketing purposes i.e. to target ads to specific user profiles.
To accomplish that, many websites use third-party services like for example the Facebook share button which allows Facebook to track user activity across the internet where other share buttons are implemented.
With this data, Facebook and other ad networks can targeted advertisement to the users based on website visits, preferences, and a lot of other metrics.
Therefore the use of cookies and the data they collect and process is heavily regulated.
Read on: What are the rules on cookies?
