What are cookies?
Cookies are small text files that a website creates and stores on people’s computers or devices when they visit it. Cookies can store information about people’s interactions with the website. This may include their preferences, settings, login information (including personal information), and browsing activity. This guide aims to provide a basic understanding of what cookies are, which GDPR cookie rules apply to you and how you should use cookies on your website to stay compliant.
Are cookies safe?
Generally speaking, cookies are harmless. Further, most cookies are easy to delete any time someone wants to clear them from their devices. However, cookies can collect personal information. For this reason, they have the potential for abuse and could affect people’s privacy and rights if exploited. That’s why you should be transparent with your website visitors about the types of cookies you use on your website and the choice of which to allow.
What are cookies used for?
Cookies can be used on websites to:
- Manage user sessions. They let the website remember people’s actions and keep them logged-in as they navigate between pages.
- Personalise the experience. Cookies enable websites to remember people’s preferences and customise their browsing experience. For example, a website can use cookies to remember someone’s language preference or display content relevant to their location.
- Track how people use the site. Website owners and third-party services can set up cookies to gather information about how visitors use their sites. Then, they can use the data for analytics, to track user behavior, to measure advertising effectiveness, and improve website performance.
- Customise the ads people see. Cookies play a crucial role in online advertising by tracking your browsing history and interests. This allows advertisers to deliver targeted advertisements based on people’s preferences and behavior.
Start your GDPR cleanup where it is needed the most
Sensitive data can tends to accumulate in the employees' e-mails. With a GDPR Risk Scan from DataMapper, you get a report that shows any potential GDPR risks in the company's e-mails.
Types of cookies
We can classify cookies in a variety of ways. For example, by how long they stay on a device, who sets them up, or by the purpose they serve. Here are some different types of cookies:
Session cookies
Session cookies help your website recognise visitors and the information they provide while navigating through it. Therefore, session cookies only keep the visitor’s information while they are on the website. As soon as they close their browser, session cookies are deleted.
Permanent cookies
Permanent cookies keep working after the visitor’s web browser has closed. They can remember login details and passwords so web users don’t need to re-enter them the next time they use a site.
First-party cookies
First-party cookies are installed directly by you/your website. These cookies let you collect analytics data, remember language settings and more to provide a good user experience.
Third-party cookies
Third-party cookies are installed by third parties. They collect information about people’s behaviour, demographics or spending habits online. Advertisers use third-party cookies to market products and services to the right target audience.
Flash cookies
Flash cookies are independent of the web browser. They are designed to be permanently stored on a user’s computer. Flash cookies remain on a user’s device even if they delete all cookies from their web browser.
Zombie cookies
Zombie cookies are flash cookies that are automatically re-created after a user has deleted them. They are difficult to detect or manage. They are often used in online games to prevent users from cheating but can also be used to install malicious software on people’s devices.
GDPR cookie rules
The General Data Protection Regulation (GDPR) has rules and guidelines for the use of cookies and other similar tracking technologies. Here are some key points from GDPR cookie rules:
- Get peoples’ consent before you use any cookies except strictly necessary cookies.
- Explain clearly what data each cookie tracks and before you get consent.
- Give people options about which cookies to allow and which not to.
- Document and store all consents.
- Do not deny people access to your services even if they refuse some cookies.
- Make it easy for users to withdraw their consent for cookies whenever they want to.
It’s important to note that different EU member states have their own local regulations and guidelines. Therefore, it’s a good idea to consult with legal professionals or privacy experts to check what your local rules are. However, there are some best practices for setting up cookies that will apply in most countries.
Get our Newsletter!
In our newsletter you get tips and tricks for dealing with privacy management from our founder Sebastian Allerelli.
When you sign up for our newsletter you get a license for one user to ShareSimple, which will give you a secure email in Outlook. This special offer is for new customers only, with a limit of one freebie per company.
How to set up cookies on your website
Here’s how to set up cookies on your website. Follow these steps:
- Determine the specific purposes for which you want to use cookies on your website. This could include session management, personalisation, analytics, advertising, etc.
- Assess the cookies on your website to understand their purpose, type, and the data they collect. Decide which cookies are necessary and which require user consent.
- Develop a clear and comprehensive cookie policy. First, explain the types of cookies you use on your website, their purpose, and what data they collect. Then, outline how users can manage their cookie preferences and provide links to any third-party services.
- Set up a way to get user consent for non-essential cookies. Typically, this will be a cookie consent banner or pop-up. It should provide clear information about the cookies and ask for user consent. Make it easy for users to accept or reject specific categories of cookies or individual cookies.
- Set up cookie management. Let users manage their cookie preferences. For example, a cookie settings page where users can adjust their preferences, withdraw consent, or delete cookies.
- Depending on your website’s technical infrastructure, you may need to work with web developers to implement the necessary code to set and read cookies. This may involve using JavaScript or server-side scripting languages to interact with the user’s browser and store/retrieve cookie data.
- Test cookie functionality on different browsers and devices to ensure it works as intended. Regularly monitor and review your website’s use of cookies to ensure compliance with privacy regulations and to address any changes in your cookie practices.
My cookie policy is in order, what's next?
Once you get your cookies compliance in order, here are a few other things you can do next to improve your GDPR compliance:
- Draft a privacy policy.
- Set up for safe data sharing.
- Get ready to handle data requests.
- Monitor data you collect and store.
Sebastian Allerelli
Founder & COO at Safe Online
Governance, Risk & Compliance Specialist
Follow me on LinkedIn to get tips on GDPR →